Section 3.2: Authentication of INIT chunks and restart protection #13
Assignees
Labels
question
Further information is requested
Comments
|
As stated, INIT chunks cannot be authenticated, since they cannot be bundled with any other chunk. If you want to protect against restarts, you can request that COOKIE ECHO chunks must be accepted only in an authenticated way. This is described in section 6.3. @gloinul : Therefore I would suggest to close this issue. |
tuexen
changed the title
|
Yes, closing this is fine. Maintaining the solution of authenticating cookie echo when one have a security context is fine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE, and AUTH chunks MUST NOT be listed in the CHUNKS parameter. However, if a CHUNKS parameter is received then the types for INIT, INIT-ACK, SHUTDOWN-COMPLETE, and AUTH chunks MUST be ignored.
What about Init to re-establish an SCTP association after a failover? Is the security context something that is required to be maintained as indicated in Section 10. And is this thus true? Shouldn’t Initi chunks after the association is established be using SCTP-AUTH?
This was reported in Comments on draft-tuexen-tsvwg-rfc4895-bis-04
The text was updated successfully, but these errors were encountered: