On 3/2/2026 4:29 PM, Marco Munizaga wrote:
Thank you Christian for the context,
One clarifying question:
- Are there any security concerns about allowing servers to initiate paths?
Yes. Request forgery attacks in particular.
Can you expand on this? The server would only be sending probing packets
to the client's known address from a different server address. It
wouldn't be sending to arbitrary addresses. The client would also not
control when or how a server initiates a path.
The server could send UDP datagrams with a spoofed source address,
causing the client to sent replies to that spoofed address.
-- Christian Huitema
