On 7/30/09 1:36 AM, "Tero Kivinen" wrote: > Vijay Devarapalli writes: >> 7. Handling Redirect Loops >> >> The client could end up getting redirected multiple times in a >> sequence, either because of wrong configuration or a DoS attack. The >> client could even end up in a loop with two or more gateways >> redirecting the client to each other. This could deny service to the >> client. To prevent this, the client SHOULD be configured not to >> accept more than a certain number of redirects (MAX_REDIRECTS) within >> a short time period (REDIRECT_LOOP_DETECT_PERIOD) for a particular >> IKEv2 SA setup. The default value for MAX_REDIRECTS configuration >> variable is 5. The default value for REDIRECT_LOOP_DETECT_PERIOD >> configuration variable is 300 seconds. These values MUST be >> configurable on the client. > > Is there really any reason to have the last "MUST" I.e. what is the > reason to force those parameters to be changeable? I do not really see > reason to change those in most cases, and if someone really uses some > really wierd setup where 5 is not enough for the max redirects, then > he can use some implementation where those are configurable...
Modified the last sentence to Client implementations may allow these variables to be configured depending on a specific deployment or system configuration. Vijay _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
