Hi Lingli, A secure system cannot rely on "well-behaved" client. What if this is an attack? A peer does nothing but register and store the new certificate. The enrollment server side limit mentioned by Marc is another possible counter measure, but I think Remedy #1 is better. If you're going to keep the state information for the limit, why not just keep the expiration date of the certificate already issued. The server resource cause will be the same. EKR's suggestion will also work, if there is no security risk with known user_name to Node-ID mapping. This topic needs more discussions. Please add it to the Berlin agendas if none of the principal authors are able to respond before then.
Thanks --Michael --------- Original Message --------- Subject: 答复: [P2PSIP] An overlay resource leak scenario From: "邓灵莉/Lingli Deng" <[email protected]> Date: 7/4/13 3:57 pm To: "'Michael Chen'" <[email protected]>, [email protected] Hi Michael, I don't quite follow the case you described. Shouldn't a well-behaved rejoining peer be using the still valid certificate in the first place? Otherwise, it is easy to exploit this to launch a DoS attack against ES, which must be protected. BR Lingli
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
