[OpenAFS] AES Support ?

[Christopher D. Clausen]

John Hascall <john@iastate.edu> wrote:
>>> The behavior prevents a denial of service attack against the
>>> clients.
>> Sorry, meant to say "prevents a downgrade attack" against the
>> clients.
>
> Huh?  How exactly would returning a "security index not supported"
> error instead of just ignoring the packet result in a downgrade
> attack?

How would you ever know if the "security index not supported" packet 
came from a legit server?

<<CDC