Mikael, >> Yes, the symmetric key stuff is now done in hardware >> but the public key part for authentication is still done in software. >> And due to interactions between the software and hardware, >> requesting authentications can slow down other existing timing flows.
> What about just signing it the way it's done in DNSSEC, ie you have a > certificate/key and each packet is signed before being sent out? The problem is that you have to put in a timestamp that reflects the time the packet is placed on the wire. So you have to sign after timestamping, and unless this signature can be computed in zero time (or with completely deterministic latency that can be pre-added) the signing degrades the timing accuracy. >> So in principle I can mount an attack by requesting authentications >> using successively "harder" keys followed by successively "easier" ones, >> thus adding hard-to-remove wander to the other timing flows. > In an multicore multithreaded environment, is this really that huge of a > problem? Also if we count in that people who are really interested in this > might have a device with a separated control plane and "data plane" just > like high capacity routers are done as of 10 years approximately? I think that this should be thoroughly tested. In systems that I have seen in the lab, the degradation rules out sub-microsecond accuracy. Y(J)S _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
