Hi, there was a comment in my previous review that remained unanswer. Please, see it below
On 09/03/18 04:23, Steffan Karger wrote: [CUT] > + The metadata is checked *after* the OpenVPN three-way handshake has > + completed, to prevent DoS attacks. (That is, once the client has proved > to > + the server that it possesses Kc, by authenticating a packet that contains > the > + session ID picked by the server.) just a thought here: the metadata is actually created by the server/provider and it is authenticated/encrypted with the server key. Isn't this enough to ensure that its content is not malicious and thus allow the server to parse it right after having received the HARD_RESET_V3 (instead of performing a "three-way handshake" first)? Cheers, -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel