[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRACK



Dan,
I think there is some wording missing in the security considerations
section.
I am referring to vulnerabilities to denial of service attacks.
The gateway is required to answer with KE and SIG prior to any knowledge
of who the initiator is.  (The SIG cannot be prepared ahead of time.).
An attacker only needs to know the gateway's address  to launch an attack
that requires very little effort on his behalf.

Yael