[Cryptography] Cryptographically securing a two-phase commit
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jul 30 01:58:34 EDT 2020
Jon Callas <jon at callas.org> writes:
>I'm not sure this is even possible.
That was my feeling as well, but I wanted to get confirmation before I
declared it unsolvable. In particular making an absolute statement like that
to security people invites vigorous pen-testing of the validity of the
statement.
The current thinking for dealing with it involves adding an SSH or TLS channel
and channel-binding the data being communicated. So set up a TLS channel,
send some sort of bound proof of freshness inside the channel and then follow
it with the blob, with the proof-of-freshness -> blob link provided by the
channel. That moves the issue to a MITM problem, which is much easier to deal
with. The drop-the-nth-block DoS that you point out is still possible, but
most of the hole before that is closed.
Peter.
More information about the cryptography
mailing list