[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unique MIDs
On Thu, 13 Jul 2000 12:14:42 PDT you wrote
> > Replaying an old Initiator-to-Responder message (#1) back to the
> > Responder will result in the Responder sending an unexpected message #2
> > back to the Initiator which will fail the hash check
>
> If the responder allows the initiator to use non-unique message IDs then
> this opens up a DoS avenue especially if PFS was used.
So then don't generate the KEYMAT until you receive message #3.
Where is this security hole?
Dan.
References: