You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PSP specification encourages to set the outer UDP header source to a flow identifier (flow hash).
I think it's important to clarify the security impacts:
if a simple flow hash (not a strong crypto hash) is used as is hinted in the spec and implemented in the reference implementation, then an attacker can easily recover the original flow tuple.
if using some other mechanism (eg. a table with unique id for each flow), then some information is still leaked, as packets can be split between flows.
Depending upon the usecase, this may or may not be an issue, but this should be called out.
The text was updated successfully, but these errors were encountered:
The PSP specification encourages to set the outer UDP header source to a flow identifier (flow hash).
I think it's important to clarify the security impacts:
Depending upon the usecase, this may or may not be an issue, but this should be called out.
The text was updated successfully, but these errors were encountered: