OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML 2.0 DOS attacks


> Hi Josh.
>  
> Thanks for quick response. But, I have a quesiton.
>  
> >> "An attacker who spoofs a trusted IP address isn't able to 
> mount the 
> >> more computationally expensive attacks (eg. TLS-based ones".
> 
> Can you elaborate which attacks you refer to here?

Where you connect to a TLS peer purely to provoke it to expend CPU
resources on expensive cryptographic operations.

josh. 

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]