[SR-Users] Stateful vs. stateless replies from script
Jiri Kuthan
jiri at iptel.org
Mon Oct 11 19:01:42 CEST 2010
On 10/7/10 12:16 PM, Andrei Pelinescu-Onciul wrote:
> On Oct 07, 2010 at 10:57, Jiri Kuthan<jiri at iptel.org> wrote:
> There's a bit of a misunderstanding here.
...
> Now consider an authenticated message that is retransmitted: the first
> message will pass authentication, but it's retransmission will fail =>
I admit I haven't thought it through but would it really fail?
in both cases (retransmission and replay attack) it will resend
initial answer (100 if forwarded, challenge if failed to
authenticate) and do nothing downstream --> attacker won't
gain an unfair advantage, won't it?
> the retransmission will be challenged.
why if the original request passed authentication?
I see the point TM can't differentiate between retransmissions and replay
attacks easily (unless we do more of nonce-based protection). But does it
really matter?
-jiri
More information about the sr-users
mailing list