| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Sep 2019 18:42:26 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Cyrus Sh <sirus.shahini@...il.com>,
Eric Dumazet <eric.dumazet@...il.com>, davem@...emloft.net
Cc: shiraz.saleem@...el.com, jgg@...pe.ca, arnd@...db.de,
netdev@...r.kernel.org, sirus@...utah.edu
Subject: Re: [PATCH] Clock-independent TCP ISN generation
On 9/3/19 6:27 PM, Cyrus Sh wrote:
>
>
> On 9/3/19 10:17 AM, Eric Dumazet wrote:
>
>> Do you have a real program showing us how this clock skew can be used practically ?
> This is a well studied issue. You can take a look at this presentation as an
> example:
> http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf
2008 ? Really ?
I do not want an example, I want a proof that current systems are
exhibiting all the needed behavior.
I do not have time to spend hours reading old stuff based
on old architectures.
>
>> You will have to convince people at IETF and get a proper RFC
> No I won't. A lot of these standards have been written at a time that anonymity
> networks were not of big importance. Now that they are, we try to lessen the
> negative impacts of some RFC deficiencies by improving the implementation. It's
> up to you whether to want to keep using a problematic code that may endanger
> users or want to do something about it since we won't insist on having a patch
> accepted.
>
Then this is the end. linux wont change something as fundamental without
proper feedback from the community.
Powered by blists - more mailing lists