Ahh yes, good point... In which case why does the spec need to make any statements about the structure of the blob? if it is opaque to every party except itself what interop requirement can exist? Wouldn't it be best to leave that part of the spec blank allowing implementations to add whatever measures were most useful to them in their particular DoS strategy? Another advantage of this approach is that the less clever stuff we mandate the less risk there is of a patent troll. Don't start with the 'prior art' business, even with prior art it can cost $2 million to fight off a suit. The only case in which prior art is useful is if the patent troll makes a parallel European application and someone notices in time to dump the prior art on them. I think that we should consider patent troll attacks at least as seriously as DoS attacks. Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com] > Sent: Wednesday, March 13, 2002 12:49 PM > To: Hallam-Baker, Phillip > Cc: 'EKR'; Dan Harkins; ipsec@lists.tislabs.com > Subject: Re: Choosing between IKEv2 and JFK > > > > If the packet goes through a NAT the initiator does not know the IP > > address that the packets it sends will have when they arrive. > > but the initiator doesn't compute that hash, the responder does -- and > it would use the address as seen at the responder, post-NAT. >
Phillip Hallam-Baker (E-mail).vcf