[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: node-to-node security breach
Hi Pekka,
Thanks for the elaboration.
I will speak to the other authors about adding a disclaimer, as discussed,
about the mitigation scheme usage (or non-usage) in direct tunnelling solutions.
> > * If the protocol operate with host-to-server communication only,
> > then the mitigation scheme would work, and it wouldn't break
> > anything.
>
> Sure, but if the protocol operates entirely in host-to-server (and
> server-to-host), there is nothing to mitigate in the first place, as
> the protocol implementation would automatically discard the bogus
> proto-41 packets in the first place?
>
>
This is what it should do and thus one of the security aspects that
we are discussing, I beleive.
Thanks,
Karen