[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ISAKMP: Issues
At 10:26 PM 2/27/98 , Derrell D. Piper wrote:
>>What is the argument for trashing the message? Leave it unless there is a
>>strong such argument.
>
>It seems to me that if an Key Negotiation protocol that purports to be
>providing enhanced security receives a malformed message (i.e. the code on the
>other end "got it wrong"), that the prudent thing to do is to refuse the
>negotiation under the assumption that the other end probably got other things
>wrong too. If you can't figure out the size of the message you're sending,
>how are you ever going to parse the proposals? :-)
I think you need to be more careful than that (my vote is to discard the
message). I assume that malformed packets are being sent by a malicious
entity who doesn't want my key negotiation to succeed. So I drop them and
hope to receive a good one in the future.
--
Matt Thomas Internet: matt.thomas@altavista-software.com
Internet Locksmith WWW URL: <coming eventually>
AltaVista Internet Software Disclaimer: This message reflects my own
Littleton, MA warped views, etc.
References: