Timeouts, the time that the implementation waits (usually for an event such as Messagearrival), play a very significant role in influencing the security of an implementation. Potential consequences include

  • Denial of service: Denial of service conditions may exist when a Clientdoes not reset a Session, if the timeouts are very large.
  • Resource consumption: When a Clientis idle for long periods of time, the Serverkeeps the Client’s buffered Messageor information for that period, leading to resource exhaustion.

The implementer should use reasonable timeouts for each connection stage.