[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
On Mon, 21 Feb 2011, Alan DeKok wrote:
radext issue tracker wrote:
#65: Multiple dtls sessions in a tuple?
Section 4.1 does not provide guidance regarding what to do when there is a
new session established against a tuple having an existing session.
Can it maintain multiple sessions and broadcast any subsequent datagrams
or does it automatically trigger discard of the previous session(s)?
Session initiation packets have no security or authentication, and can
this be spoofed. I think that the new packet should be discarded.
Imagine my table has an entry:
SP SA DP DA DTLS
333 10.20.30.40 1812 10.0.0.1 Old-Session-Lives-Here
Now from the same source port and address comes a brand new yet
valid request to start yet another session.
But there is already a valid session in the table... Are you saying the
behavior should be to not accept the establishment of the new session?
I would think the new session would have the same security and spoof
protections as the initial (Old-Session-Lives-Here) session since it is
doing the same thing it did before?
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.