I think several people have already put a lot more engineering analysis into RSA's proposed "solution" than it deserves. It clearly seems like it is based more on marketitecture, which was aimed at grabbing some mind share of the uninformed public than on creating any kind of workable solution to DoS or DDoS threats. I think the following from one of my colleagues in Sydney sums it up best: "Nah, RSA's solution is to DOS the web site for you, so you, the discerning hacker, don't have to." Matt Barrie <mattat_private> > >It may prevent spoofing, but I think massive parallel puzzling by large >numbers of zombies with genuine unwanted connections will beat this and >anything else of the kind. > ******************************************************************************* Tommy Ward V.P. Operations, Western Region 650-812-9400 x4120 tommyat_private Kroll-O'Gara Information Security Group ********************************************************************************
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:18 PDT