On Mon, Aug 18, 2014 at 09:21:30pm -0700, Christian Huitema wrote: > >> That means preventing RST injection. > > > > See above for the consequences of this. > > I think that by now, we all understand the tradeoff. If we want to prevent > illegitimate RST attacks, we will also prevent use of unprotected RST by > rebooting hosts. Which is why I believe the protocol should be able to > differentiate between protected RST, which should be processed immediately, > and unprotected RST, which should be treated according to host policy.
Yeah - that does strike me as about the best we can achieve for RST. Maybe some recommendations for the policy, but ultimately down to policy for the unprotectable RST cases. .pdf _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
