[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec-tools-devel
Subject: Re: [Ipsec-tools-devel] strict DPD cookie check
From: Timo_Teräs <timo.teras () iki ! fi>
Date: 2011-11-12 9:39:08
Message-ID: 4EBE3EBC.20304 () iki ! fi
[Download RAW message or body]
On 11/12/2011 11:32 AM, Roman Hoog Antink wrote:
> My initial patch did check for reverted cookies, but I posted the
> simplified version, because the RFC states that the content is arbitrary.
> However, I can live with your proposal.
It's true that the RFC does not enforce the contents. However, the
contents SHOULD be the cookies.
And also =A76.1 states:
Additionally, both the receiver of the R-U-THERE and the R-U-THERE-
ACK message SHOULD check the validity of the Initiator and Responder
cookies presented in the SPI field of the payload.
So I'd prefer to keep the check.
I'm having today a ipsec-tools day, so I'll try to go through the other
pending patches and comment on them (or commit if they look ok to me).
Thanks,
Timo
---------------------------------------------------------------------------=
---
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic