[OpenAFS] AES Support ?

Christopher D. Clausen cclausen@acm.org
Wed, 26 Sep 2007 19:39:37 -0500

John Hascall <john@iastate.edu> wrote:
>>> The behavior prevents a denial of service attack against the
>>> clients.
>> Sorry, meant to say "prevents a downgrade attack" against the
>> clients.
> Huh?  How exactly would returning a "security index not supported"
> error instead of just ignoring the packet result in a downgrade
> attack?

How would you ever know if the "security index not supported" packet 
came from a legit server?