RE: [Mip4] RFC3012bis: Proposal for Issue2-Change5
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Mip4] RFC3012bis: Proposal for Issue2-Change5
Hi, Ahmad,
Ahmad Muhanna writes:
> Hi, Pete,
>
> The scenario I was concerned about does not use the bad-authenticator in its
> response and therefore it is no issue.
> I agree with your text below:
>
> > Note that an active attacker may try to prevent successful
> > registrations by sending a large number of Agent
> > Solicitations or bogus Registration Requests, each of which
> > could cause the FA to respond with a fresh challenge,
> > invalidating the challenge that the MN is currently trying to
> > use. To prevent such attacks, the FA MUST NOT invalidate
> > previously unused challenges when responding to
> > unauthenticated Registration Requests or Agent Solicitations.
>
> With respect to the following text. I do not think that it is necessary.
> It is probably redandfant information.
> > In addition, the FA MUST NOT allocate new storage when
> > responding to such messages, because this would also create
> > the possibility of denial of service.
Are you saying that if the FA doesn't invalidate previously unused
challenges, then it will not allocate more storage? That doesn't
necessarily follow.
-Pete
_______________________________________________
Mip4 mailing list
Mip4@ietf.org
https://www.ietf.org/mailman/listinfo/mip4
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
