The same issue applies with JoinReq. I noticed it in my last read through and was just about to add a check against the signature. If the WG consensus is to remove these parameters I'm happy to do so.
-Ekr On Mon, Oct 11, 2010 at 10:56 AM, jc <[email protected]> wrote: > I believe it is a leftover parameter that should be removed from the draft. > It serves no legitimate purpose and opens an exploit where one could flood > the overlay with phony leave requests not signed by the identifier's owner > if handled improperly. > > Julian Cain > > On Oct 11, 2010, at 12:23 AM, "Michael Chen" <[email protected]> > wrote: > > > Hi, > > > > What is the purpose of LeaveReq.leaving_peer_id? Are we allowing peer-A > > "inform" peer-B that peer-C has left the overlay? If yes, what kind of > > access control or security policy govern the sender peer-A? If no, then > > we should remove this field and mandates that LeaveReq can only be sent > > from the peer that is actually leaving. > > > > Thanks > > > > --Michael > > > > _______________________________________________ > > P2PSIP mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip >
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
