Re: [TLS] implementation of cookies in DTLS
Nikos Mavrogiannopoulos <nmav@gnutls.org> Sun, 13 March 2011 17:54 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA4F33A68C3 for <tls@core3.amsl.com>; Sun, 13 Mar 2011 10:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.67
X-Spam-Level:
X-Spam-Status: No, score=-3.67 tagged_above=-999 required=5 tests=[AWL=-0.071, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLV+ipOuN-gG for <tls@core3.amsl.com>; Sun, 13 Mar 2011 10:54:26 -0700 (PDT)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by core3.amsl.com (Postfix) with ESMTP id AE71F3A6A00 for <tls@ietf.org>; Sun, 13 Mar 2011 10:54:25 -0700 (PDT)
Received: by ewy19 with SMTP id 19so1690624ewy.31 for <tls@ietf.org>; Sun, 13 Mar 2011 10:55:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:subject:references:in-reply-to:x-enigmail-version :openpgp:content-type:content-transfer-encoding; bh=//j0EvQyF96GGYShSIpwuczRyRgl06TnHqTZRafPFv0=; b=cCSjVw2tS4Nn8mllrCo81qql8T8T8ube7UoLrBTkJjM9lo3qTTYJt4qqHPYSEFydow XJcA/NAVBsVaaqXMcuM+9wrTt9PlTgAq4WTNL2tWOFt31TdRoxaxfciOciH8NTN8nVRY AU/3XsloXwIRY2RpoKLGXGwS7S6fwLTu9fmyE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=qewRb9HH7lkC4htSlTxWkSs3zgPvZQz+vcjeEqm1tyIKRwha4DnxLYYWEe0VUot9Vi uq9UspaknPdApOHCW/dvPht7eXfOslMClPDUzsTqFg9UNbvNxHFY/a6xf00JirokFSXX 2bRaiLYFqJ5lipGdBBFWdDNaj15z9nKjt6Jt8=
Received: by 10.213.34.209 with SMTP id m17mr2533013ebd.3.1300038947416; Sun, 13 Mar 2011 10:55:47 -0700 (PDT)
Received: from [10.100.2.14] (78-23-65-69.access.telenet.be [78.23.65.69]) by mx.google.com with ESMTPS id x54sm5248391eeh.23.2011.03.13.10.55.45 (version=SSLv3 cipher=OTHER); Sun, 13 Mar 2011 10:55:46 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4D7D0521.9030509@gnutls.org>
Date: Sun, 13 Mar 2011 18:55:45 +0100
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
References: <4D7D0292.7080700@gnutls.org>
In-Reply-To: <4D7D0292.7080700@gnutls.org>
X-Enigmail-Version: 1.1.2
OpenPGP: id=96865171
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] implementation of cookies in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2011 17:54:26 -0000
On 03/13/2011 06:44 PM, Nikos Mavrogiannopoulos wrote: > Hello, I've been reading the section "Denial of Service > Countermeasures" of DTLS and as I understand it the proposed > subsystem (client-hello and client-hello-verify-request) is expected > to operate before allocating state for the session to discard > requests from clients with forged addresses. Moreover I think that the requirement that the version field in Client Hello Verify request message, matches the version field in the Server Hello is pretty awkward. The Client Hello Verify request is being sent by the server without allocating any state. Its quite difficult to mandate that he makes the same decision as if state was allocated. Requiring the version of DTLS 1.0 would be more sensible there... regards, Nikos
- Re: [TLS] implementation of cookies in DTLS Nikos Mavrogiannopoulos
- [TLS] implementation of cookies in DTLS Nikos Mavrogiannopoulos
- Re: [TLS] implementation of cookies in DTLS Robin Seggelmann
- Re: [TLS] implementation of cookies in DTLS Nikos Mavrogiannopoulos
- Re: [TLS] implementation of cookies in DTLS Robin Seggelmann
- Re: [TLS] implementation of cookies in DTLS Robin Seggelmann
- Re: [TLS] implementation of cookies in DTLS Michael Tüxen
- Re: [TLS] implementation of cookies in DTLS Robin Seggelmann
- Re: [TLS] implementation of cookies in DTLS Michael Tüxen
- Re: [TLS] implementation of cookies in DTLS Robin Seggelmann
- Re: [TLS] implementation of cookies in DTLS Michael Tüxen
- Re: [TLS] implementation of cookies in DTLS Eric Rescorla
- Re: [TLS] implementation of cookies in DTLS Michael Tüxen
- Re: [TLS] implementation of cookies in DTLS Eric Rescorla
- Re: [TLS] implementation of cookies in DTLS Nikos Mavrogiannopoulos
- Re: [TLS] implementation of cookies in DTLS Nikos Mavrogiannopoulos
- Re: [TLS] implementation of cookies in DTLS Eric Rescorla
- Re: [TLS] implementation of cookies in DTLS Nikos Mavrogiannopoulos
- Re: [TLS] implementation of cookies in DTLS Michael Tüxen
- Re: [TLS] implementation of cookies in DTLS Eric Rescorla