Re: RFC2385 (MD5 signature in TCP packets) support

• Next message: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Previous message: Greg KH: "Re: IBM x360 2.2.x boot failure, 2.4.9 works fine"
• In reply to: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Next in thread: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Reply: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Reply: David Schwartz: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> A RST must, in order to function properly, be as simple and non-error
> prone as possible. MD5 signatures are totally against that.

Duh wakey wakey Dave

> Either use IPSEC or fix its' deficiencies.

What do you think Ipsec does with an RST frame with an incorrect IP-AH
MD5 signature ? Exactly the same thing.

I'm not saying the RFC is a good idea (tho its a needed patch to use Linux
for backbone routing sanely with most vendors BGP kit). Your argument about
the RST frame is however pure horseshit

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Previous message: Greg KH: "Re: IBM x360 2.2.x boot failure, 2.4.9 works fine"
• In reply to: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Next in thread: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Reply: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Reply: David Schwartz: "Re: RFC2385 (MD5 signature in TCP packets) support"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Mar 15 2002 - 22:00:22 EST