[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shared Locator Address Pool (SLAP) protocol proposal
Pekka,
PN> However, I am also worried about potential DoS and other
PN> security issues. To me, it looks like a bad idea of allowing
PN> all of the upper layer protocols to add or remove addresses
PN> from SLAP. Updating (soft) address state is probably fine,
PN> but both adding and deleting addresses is potentially dangerous.
Please elaborate on your concerns.
My assumption is that the apps each has at least the requisite, basic
"authentication of exchange continuity" that routing-based IP validation
provides.
So all I can guess is that the danger you fear is the general one of
having too many participants (applications and transport add/delete
mechanisms) and that any one of them can do a lot of damage. That's why
I think it would be great to try to standardize a single control
protocol, but permit it to be used over a variety of mechanisms (layer
3.5, transport, and even apps.)
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>