Hi Carsten,
Yes, the phrasing is not good on that slide... If you notice, the "proposals"
afterward point to a general "DoS protection mechanism". How that is done
really depends on the tools available, for example the broker might only send
notifications to subscribers that have been added to an OSCORE group, but echo
is definitely another way of doing that.
Thanks,
Francesca
On 21/03/2019, 17:04, "Carsten Bormann" <c...@tzi.org> wrote:
I’m certainly interested.
Not sure I understand “ • Additionally, the Subscriber must be
authorized to subscribe, otherwise an attacker could DoS external nodes that do
not want to receive the publications”. Whether the attacker is authorized to
subscribe and whether the actual notification receiver is interested is kind of
orthogonal.
Generally, we’d need a way to prove address ownership for setting up
observation interest. The Echo option can be used for that…
Grüße, Carsten
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
