New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document request forgery #3996
Merged
Merged
Document request forgery #3996
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
a66b21e
Document request forgery
martinthomson 951da28
Use a reference with a DOI that I can find
martinthomson e80ca89
Many small corrections
martinthomson d273e12
Control is via DNS
martinthomson aaf51ff
We assume this limitation, though it might not be necessarily true
martinthomson 3e64135
Take suggestions from Lucas and massage a bit
martinthomson 718b774
Wrap suggestion
martinthomson 5e7f92e
SHOULD NOT reuse tokens; to allow for all those exceptions
martinthomson dfc8827
Much JanaIyengar review feedback
martinthomson 4252d1c
Some residual cleanup
martinthomson 1cfbb7f
Make the preferred address change prominent
martinthomson a587bf0
Mention ciphertext malleability
martinthomson 7adbc31
This is not a true defense
martinthomson File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do find it somewhat ironic that address validation might make this worse: the client sending a PATH_CHALLENGE to the server can pretty much guarantee that the server will send a PATH_RESPONSE with client-provided content to the client's spoofed source address. Should we mention that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I considered it, but thought that the generic text was enough. Note also that there is no guarantee that PATH_RESPONSE is sent on the same path.