Hi Carsten, Yes, the phrasing is not good on that slide... If you notice, the "proposals" afterward point to a general "DoS protection mechanism". How that is done really depends on the tools available, for example the broker might only send notifications to subscribers that have been added to an OSCORE group, but echo is definitely another way of doing that.
Thanks, Francesca On 21/03/2019, 17:04, "Carsten Bormann" <c...@tzi.org> wrote: I’m certainly interested. Not sure I understand “ • Additionally, the Subscriber must be authorized to subscribe, otherwise an attacker could DoS external nodes that do not want to receive the publications”. Whether the attacker is authorized to subscribe and whether the actual notification receiver is interested is kind of orthogonal. Generally, we’d need a way to prove address ownership for setting up observation interest. The Echo option can be used for that… Grüße, Carsten _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace