Phillip Hallam-Baker writes: > Regardless of how fast you make ECC, the server has to do a lot more > effort than a DoS client sending garbage.
If your CPU finishes the ECC computation (and the encryption etc.) in less time than it took your network to transmit the ECC public key (and other crypto overhead such as the nonce), the DoS _with_ crypto is no more effective than the DoS _without_ crypto. Think about what will happen if the attacker turns on crypto: * He won't be able to send you more network packets, or more bytes. * He won't gain amplification, if the protocol is designed carefully. * He'll _reduce_ your CPU load. In the case of DNSCurve, a streamlined query packet is 68 bytes longer than the original packet, and a typical server CPU handles the crypto for 70000 worst-case packets per second. If a 1Gbps load is split across merely 50 servers then adding crypto to 3.5 million packets consumes 1 second of CPU time on each server---but it consumes almost 2 seconds of network capacity. The attacker doesn't gain anything from DNSCurve: if he turns it on then, for whatever amount of traffic he can send, he _reduces_ your CPU load. This is the opposite of what you claimed. By the way, have you measured the CPU time required to generate a typical NSEC3 response? How about an NSEC3 response to a query that's chosen to burn CPU time? ---Dan _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
