 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Hi, Pete,
Regards,
Ahmad
> -----Original Message-----
> From: Pete McCann [mailto:mccap@lucent.com]
> Sent: Wednesday, September 03, 2003 5:03 PM
> To: Bharatia, Jayshree [RICH1:2H13:EXCH]
> Cc: 'mip4@ietf.org'
> Subject: RE: [Mip4] RFC3012bis: Proposal for Issue2-Change5
>
> > > > >
> > > > > After that, we could add, "To meet the security obligations
> > > > > outlined in Section 12, the FA SHOULD use one of the already
> > > > > stored, previously unused challenges when responding to an
> > > > > unauthenticated Registration Request or Agent Solicitation."
If we are trying to prevent such DOS attack by NOT INVALIDATING the challenge received in RRQ, why not sending that challenge (still valid) back in RRP. Is there a problem with that?
Ahmad
>
> -Pete