| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALx6S37F3_SGRH24CrjT8Raot9oPb-LpJ-fU7HGnHUAPL5KUPg@mail.gmail.com> Date: Fri, 27 May 2016 10:05:57 -0700 From: Tom Herbert <tom@...bertland.com> To: Hannes Frederic Sowa <hannes@...essinduktion.org> Cc: Sowmini Varadhan <sowmini.varadhan@...cle.com>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org> Subject: Re: IPv6 extension header privileges On Fri, May 27, 2016 at 9:46 AM, Hannes Frederic Sowa <hannes@...essinduktion.org> wrote: > On Thu, May 26, 2016, at 20:42, Tom Herbert wrote: >> Thinking about this some more, the per option white list is a better >> approach. If we allow an open ended mechanism for applications to >> signal the network with arbitrary data (like user specified hbp >> options would be), then use of that mechanism will inevitably >> exploited by some authorities to force user to hand over private data >> about their communications. It's better to not build in back doors to >> security... > > Also I don't think that HbH options form some kind of hidden covert > channel. They mostly appear by unused fields which cannot be verified by > the other (receiving) side in any way. It would be pretty easy to make it that. All a network operator would need to do is strip their proprietary options on egress from their network. So a receiver, say our servers at FB, would have no way to determine that our clients are being manipulated. Tom
Powered by blists - more mailing lists