Hi Christian, On 07/13/2020 05:12 PM, Christian Amsüss wrote: > > * A malicious attacker intercepts the discovery process, and tells C > that there is an RD at > `<coap://attack.example.com/launch-denial-of-service>;rt=core.rd` > (which is a perfectly legitimate service we're running there for > commercial purposes; its interface is that you submit POST a link > there in link-format, and then it ties up the link target with endless > requests).
I would say that C would need to ascertain that C's owner allowed C to communicate with this RD. Viele Gruesse Steffi _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
