Re: [tcpm] tcp-auth-opt issue: support for NATs
Eric Rescorla <ekr@networkresonance.com> Thu, 07 August 2008 19:39 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 80B563A6996; Thu, 7 Aug 2008 12:39:06 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91F7A3A688F for <tcpm@core3.amsl.com>; Thu, 7 Aug 2008 12:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFN1bJEZR9NJ for <tcpm@core3.amsl.com>; Thu, 7 Aug 2008 12:39:05 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 3969B3A6765 for <tcpm@ietf.org>; Thu, 7 Aug 2008 12:37:40 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 9266C50846; Thu, 7 Aug 2008 12:47:09 -0700 (PDT)
Date: Thu, 07 Aug 2008 12:47:09 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Adam Langley <agl@imperialviolet.org>
In-Reply-To: <396556a20808071218t24c4375fma99d4f68f51f4757@mail.gmail.com>
References: <4890F4BE.6060302@isi.edu> <48935FFD.4090805@isi.edu> <396556a20808051826w1a839577q956f379f56db1165@mail.gmail.com> <20080806020257.D1C69525D8F@kilo.rtfm.com> <396556a20808061742y19f8f5fh78fe66bfe4d415be@mail.gmail.com> <20080807011812.DDC8050846@romeo.rtfm.com> <396556a20808071047q5bda8acbje7a8fc9f9bf2e597@mail.gmail.com> <20080807180512.77604529E4D@kilo.rtfm.com> <396556a20808071110o5d45221fq4bea1ed4247f70ff@mail.gmail.com> <20080807182134.88C8552A06A@kilo.rtfm.com> <396556a20808071218t24c4375fma99d4f68f51f4757@mail.gmail.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080807194709.9266C50846@romeo.rtfm.com>
Cc: tcpm@ietf.org, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] tcp-auth-opt issue: support for NATs
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
At Thu, 7 Aug 2008 12:18:40 -0700, Adam Langley wrote: > > On Thu, Aug 7, 2008 at 11:21 AM, Eric Rescorla <ekr@networkresonance.com> wrote: > > Huh? You're worried about being SYN flooded by people with whom > > you share a trust relationship with? That doesn't seem particularly > > likely. > > I was assuming the attacking party would be replaying valid messages > that they captured on the wire. Well, this isn't much of an attack, since the attacker can only create one SYN state for every individual connection initiation that it observes. How useful is that? -Ekr _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch
- Re: [tcpm] tcp-auth-opt issue: support for NATs Adam Langley
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Anantha Ramaiah (ananth)
- Re: [tcpm] tcp-auth-opt issue: support for NATs Dan Wing
- Re: [tcpm] tcp-auth-opt issue: support for NATs Dan Wing
- Re: [tcpm] tcp-auth-opt issue: support for NATs Ron Bonica
- Re: [tcpm] tcp-auth-opt issue: support for NATs Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: support for NATs Dan Wing
- Re: [tcpm] tcp-auth-opt issue: support for NATs Ted Faber
- Re: [tcpm] tcp-auth-opt issue: support for NATs Dan Wing
- Re: [tcpm] tcp-auth-opt issue: support for NATs Joe Touch