search

tsvwg / draft-ietf-tsvwg-udp-options

1 stars 0 forks source link

Very minor nits in -34 #67

Closed boucadair closed 2 months ago

boucadair commented 2 months ago

Section 4

OLD:

UDP is one of the most popular protocols that lacks space for header options [RFC768]. The UDP header was intended to be a minimal addition to IP, providing only ports and a checksum for error detection.

NEW:

UDP is one of the most popular protocols that lacks space for header options [RFC768]. The UDP header was intended to be a minimal addition to IP, providing only port numbers and a checksum for error detection.

Section 5

OLD:

It adds features that may, in the future, protect transport integrity and validate source identity (authentication), as well as those that may also encrypt the user payload, while still protecting the UDP transport header - unlike DTLS.

NEW:

It adds features that may, in the future, protect transport integrity and validate source identity (authentication), as well as those that may also encrypt the user payload, while still protecting the UDP transport header - unlike Datagram Transport Layer Security (DTLS)[[RFC9147].

Section 11.4

OLD:

UDP reassembly space limits SHOULD NOT be computed as a shared resource across multiple sockets, to avoid cross-socket pair DOS attacks.

NEW:

UDP reassembly space limits SHOULD NOT be computed as a shared resource across multiple sockets, to avoid cross-socket pair DoS attacks.

Section 25

OLD:

Note that TLV formats for options does require serial processing, but any format that allows future options, whether ignored or not, could introduce a similar DOS vulnerability.

NEW:

Note that TLV formats for options do require serial processing, but any format that allows future options, whether ignored or not, could introduce a similar DoS vulnerability.

OLD:

Options providing UDP security, e.g, AUTH and UENC, require endpoint key and security parameter coordination, which UDP options (being stateless) does not facilitate.

NEW:

Options providing UDP security, e.g, AUTH and UENC, require endpoint key and security parameter coordination, which UDP options (being stateless) do not facilitate.

jtouch commented 2 months ago

Fixed in -36. DoS corrected throughout.

boucadair commented 2 months ago

Thank you @jtouch