Re: [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On May 30, 2022, at 12:25 PM, Tero Kivinen <kivinen@xxxxxx> wrote:

I think we need to add text explaining how to detect when the TCP
length framing gets messed up by attacks, and how to recover (i.e.,
close down the TCP channel and recreate the TCP channel). 

The impact of RSTs can be limited for this purpose by recommending RFC5961 for these connections.

But if even data injection has the same impact, it’d be much better to see if there’s a way to recover “sync” in the byte stream rather than expecting a new connection.

Joe

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux