SECDIR reviewer said: Section 5.3 says "Implementations MUST support the denial of service countermeasures defined by DTLS." That's good but it's not clear whether this means that these countermeasures MUST always be enabled. Since that is not explicitly stated, it seems that a server could have those countermeasures enabled by default and a client could have them disabled by default. That would result in a client and server that would not interoperate until the administrator tracked down the problem and changed their configuration. I suggest that the document be changed to require not only that implementations support these countermeasures but that they be enabled by default.
My response was: "Good catch." ACTION: Comments? Thanks, Chris _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
