Thanks! Yours, Daniel From: Ace <ace-boun...@ietf.org> On Behalf Of Mohit Sahni Sent: March 30, 2023 2:22 PM To: Paul Wouters <paul.wouters=40aiven...@dmarc.ietf.org> Cc: Mohit Sahni <msa...@paloaltonetworks.com>; ace@ietf.org; draft-ietf-ace-cmpv2-coap-transp...@ietf.org Subject: Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07
Thanks Paul, I will upload a new version today. On Wed, Mar 29, 2023 at 9:33 PM Paul Wouters <paul.wouters=40aiven...@dmarc.ietf.org<mailto:40aiven...@dmarc.ietf.org>> wrote: On Fri, Mar 10, 2023 at 4:12 AM Mohit Sahni <msa...@paloaltonetworks.com<mailto:msa...@paloaltonetworks.com>> wrote: [ proposed changes / confirmations in the xml file ] I have read the xml diff and I agree with all changes made. Just noticed an incomplete response for this comment, responding again to it. >The next bullet I just do not understand: > > In order to to reduce the risks imposed by DoS attacks, the > implementations SHOULD optimally use the available datagram size > i.e. avoid small datagrams containing partial CMP PKIMessage data. > >Please explain what is meant here and/or rephrase it. <M.S.>The intent here is to instruct clients to send CMP messages in as few packets as possible. Fragmentation of CMP messages may cause the server to buffer packets which will consume resources on the server. With clients instructed to send CMP messages in as few packets as possible, servers can choose to ignore fragmented CMP messages to mitigate such DOS attacks. So maybe: Implementations SHOULD use the available datagram size and avoid small datagrams containing partial CMP PKIMessage data in order to reduce memory usage for packet buffering. Please submit a new version to the datatracker with these changes, so we can start the IETF Last Call. Paul _______________________________________________ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
