[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?

To: Peter Deacon <peterd@iea-software.com>
Subject: Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
From: Alan DeKok <aland@deployingradius.com>
Date: Tue, 22 Feb 2011 14:58:36 +0100
Cc: radiusext@ops.ietf.org
In-reply-to: <alpine.WNT.2.00.1102210233070.2280@SMURF>
References: <064.b5fbc75965f33629034d4be3708706fb@tools.ietf.org> <4D62317D.5090103@deployingradius.com> <alpine.WNT.2.00.1102210151240.2280@SMURF> <4D62396A.6070400@deployingradius.com> <alpine.WNT.2.00.1102210208590.2280@SMURF> <4D623F20.6040604@deployingradius.com> <alpine.WNT.2.00.1102210233070.2280@SMURF>
User-agent: Thunderbird 2.0.0.24 (Macintosh/20100228)

Peter Deacon wrote:
> There are no implications.  DTLS does not know or care about the
> underlying transport.  It does not know what "UDP" is.  If the transport
> can't handle app data it does not know about then there are much bigger
> problems because its trivial for anyone to spoof such packets.

  That makes sense.

> I agree with you it is better not to go there if not absolutely
> necessary and in this case it may not be but old ports are now
> potholes... and this scares me.

  Yes.

> These things should be in the RDTLS draft. It would stink if someone
> used a "connected" socket and (IMHO naturally) tried to reconnect the
> TLS channel using the same socket(src port).. and when doing this some
> servers sometimes did not accept the new connection for some period of
> time because of this behavior.

  That is an issue, unfortunately.  The solution is largely to have
graceful shutdowns, and don't re-use ports.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Peter Deacon <peterd@iea-software.com>

References:
- [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: "radext issue tracker" <trac@tools.ietf.org>
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Peter Deacon <peterd@iea-software.com>
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Peter Deacon <peterd@iea-software.com>
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
  - From: Peter Deacon <peterd@iea-software.com>

Prev by Date: Re: [radext] ipv6-access #62 (new): Use of "Address"
Next by Date: Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
Previous by thread: Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
Next by thread: Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
Index(es):
- Date
- Thread