[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Dec 2013 07:33:41 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Christian Grothoff <grothoff@...tum.de>
Cc: Jacob Appelbaum <jacob@...elbaum.net>,
Andi Kleen <andi@...stfloor.org>,
Stephen Hemminger <stephen@...workplumber.org>,
David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, knock@...net.org
Subject: Re: [PATCH] TCP: add option for silent port knocking with integrity
protection
On Thu, 2013-12-12 at 16:07 +0100, Christian Grothoff wrote:
> I'm already having fun with IETF and pTLDs right now, one war at a time
> ;-). I also figured it might be easier to have a reasonable working
> reference implementation first and then standardize. After all, with my
> recent draft some people at IETF suggested I should get 1,000,000+ users
> first and then ask again.
Honestly, breaking the detection of old packets (PAWS) is not going to
fly. Its not even mentioned in your doc.
If a client uses the same ISN for two consecutive connexions to a
server, how the server can decide the 2nd SYN is not a duplicate ?
You really need more than 3 pages to fully investigate all the pros/cons
of this idea.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists