I believe it is a leftover parameter that should be removed from the draft. It serves no legitimate purpose and opens an exploit where one could flood the overlay with phony leave requests not signed by the identifier's owner if handled improperly.
Julian Cain On Oct 11, 2010, at 12:23 AM, "Michael Chen" <[email protected]> wrote: > Hi, > > What is the purpose of LeaveReq.leaving_peer_id? Are we allowing peer-A > "inform" peer-B that peer-C has left the overlay? If yes, what kind of > access control or security policy govern the sender peer-A? If no, then > we should remove this field and mandates that LeaveReq can only be sent > from the peer that is actually leaving. > > Thanks > > --Michael > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
