Vijay Devarapalli writes: > 7. Handling Redirect Loops > > The client could end up getting redirected multiple times in a > sequence, either because of wrong configuration or a DoS attack. The > client could even end up in a loop with two or more gateways > redirecting the client to each other. This could deny service to the > client. To prevent this, the client SHOULD be configured not to > accept more than a certain number of redirects (MAX_REDIRECTS) within > a short time period (REDIRECT_LOOP_DETECT_PERIOD) for a particular > IKEv2 SA setup. The default value for MAX_REDIRECTS configuration > variable is 5. The default value for REDIRECT_LOOP_DETECT_PERIOD > configuration variable is 300 seconds. These values MUST be > configurable on the client.
Is there really any reason to have the last "MUST" I.e. what is the reason to force those parameters to be changeable? I do not really see reason to change those in most cases, and if someone really uses some really wierd setup where 5 is not enough for the max redirects, then he can use some implementation where those are configurable... -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
