You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In various places (e.g., §4.1.4) we recommend to buffer (or "retain")
data that cannot be processed yet. Perhaps it goes without saying, but
such buffering needs limits in place in order to avoid DoS.
It may be too banal to mention again here that the Initial secret/keys
are not particularly secure, but I'll mention it just in case we want
to.
The text was updated successfully, but these errors were encountered:
Given that we dedicate Section 7 to the issue of "security" for Initial packets, it probably isn't necessary to repeat things here. (We might consider moving Section 7 to this section, I guess. I just don't like the grab-bag that is security considerations.)
I don't think we should do anything in response to this, though I might be convinced to move Section 7. I will say that it's really annoying to move sections, so I'd need a push.
Yes, that looks like it should suffice. (I read -tls before -transport and didn't think to check if -transport said anything on this topic.)
Given that we dedicate Section 7 to the issue of "security" for Initial packets, it probably isn't necessary to repeat things here. (We might consider moving Section 7 to this section, I guess. I just don't like the grab-bag that is security considerations.)
I only mentioned it because sometimes people skip to the named security considerations section and pretend they can ignore the rest of the document. That's ill-advised, of course, and we need not go out of our way to support it -- we do already say that there are many security-relevant details in the rest of the document. So this one is looking like close with no change, and thanks for the pointer to the transport section.
@kaduk said:
The text was updated successfully, but these errors were encountered: