I guess the error command could be encrypted with the server long term private key, yes.
On Thu, Jul 3, 2014 at 8:15 PM, Diego Duclos <[email protected]> wrote: > I've been reading up the Curve spec with more detail, and the way the error > packet currently works caught me by surprise. Couldn't a crafted TCP packet > with an error command be sent to a client ? Tricking it into thinking the > server has denied it's credentials when it has done no such thing ? > This allows someone with the ability to listen in but not block packets to > do denial of service, which wouldn't be the case if the error packet was > authenticated & encrypted. > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
