Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sam Hartman wrote:


I notice that this transport provides no authentication of the data
that is retrieved.

The security considerations needs to discuss the potential attacks if
an attacker modifies this public data.  The security considerations
section also needs to point to best practice for avoiding UDP
reflection attacks.  It is not good enough to say "Do what other
people do."


In both cases these may be included by reference.


Sam,
For the second case, you are referring to BCP 38, correct? This was mentioned on the wg list by William Leibzon, and should have been incorporated into the draft. Thanks for noting this. 

For the first case, which reference were you thinking about?

-andy


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]