[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53F46EA3.60408@ahsoftware.de>
Date: Wed, 20 Aug 2014 11:47:15 +0200
From: Alexander Holler <holler@...oftware.de>
To: Hagen Paul Pfeifer <hagen@...u.net>
CC: Eric Dumazet <eric.dumazet@...il.com>,
Christian Grothoff <grothoff@...tum.de>,
Jacob Appelbaum <jacob@...elbaum.net>,
Andi Kleen <andi@...stfloor.org>,
Stephen Hemminger <stephen@...workplumber.org>,
David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org,
knock@...net.org
Subject: Re: [PATCH] TCP: add option for silent port knocking with integrity
protection
Am 20.08.2014 11:28, schrieb Hagen Paul Pfeifer:
> On 20 August 2014 11:07, Alexander Holler <holler@...oftware.de> wrote:
>
>> For sure it could be better, but I'm already happy with the current
>> imperfect solution which I can use now and not some perfect solution which
>> might be available in some years.
>
> Alexander, to make it clear: we cannot include mechanisms which
> probably open other (security) issues. This is not how things work
> out. TCP had so many issues in the past - regarding security,
> implementation f*ups, etc. pp. It is utterly important that there is
> no problem with an extension. Please join the discussion ob tcpm if
> you will drive things forward. That's all what I can say - sorry!
Maybe I first should send a million syn-packets to a box where I've
enabled that feature. ;)
Anyway, I still think there should be some room for experimental
features in the kernel. It makes them more visible to possible
contributors and helps to drive further development.
Not necessarily in my case (as most people, I can't and don't want to
participate in all parties), but ...
Regards,
Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists