| Re: transition to join state | <– Date –> <– Thread –> |
From: Scott G. Kelly (s.kelly ix.netcom.com)
|
|
| Date: Thu, 26 Oct 2006 10:29:40 -0700 (PDT) | |
Hi Smitha, > >Scott, > >The idea was to isolate details of DTLS handshake from CAPWAP. If we >need to keep track of DTLS Client Hello (with a valid cookie), then the >earlier transitions were OK. > >Why do we need a CAPWAP transition based on DTLS packets (unless a >session is established) and a WaitDTLS timer that CAPWAP needs to >maintain? That would be part of DTLS. You need this because DTLS provides no timeout of its own. It provides an exponential back-off timer, but this never terminates (I know, sounds like a major foobar in the protocol design, but they probably had their reasons...) If we don't add the timer, resource-exhaustion DoS (from a bunch of half-open sessions) is trivial to mount. Scott
- Re: transition to join state, (continued)
- Re: transition to join state Scott G Kelly, October 26 2006
- Re: transition to join state Scott G. Kelly, October 26 2006
- Re: transition to join state Smitha Smitha (ssmitha), October 26 2006
- Re: transition to join state Pat Calhoun (pacalhou), October 26 2006
- Re: transition to join state Scott G. Kelly, October 26 2006
- Re: transition to join state sujay gupta, October 31 2006
- Re: transition to join state Smitha Smitha (ssmitha), October 31 2006
-
Re: transition to join state Scott G. Kelly, October 31 2006
- Re: transition to join state sujay gupta, November 7 2006
Results generated by Tiger Technologies using MHonArc.