IETF Logo Mail Archive

Re: [tcpm] tcp-auth-opt issue: support for NATs

Eric Rescorla <ekr@networkresonance.com> Thu, 07 August 2008 19:39 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 80B563A6996; Thu, 7 Aug 2008 12:39:06 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91F7A3A688F for <tcpm@core3.amsl.com>; Thu, 7 Aug 2008 12:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFN1bJEZR9NJ for <tcpm@core3.amsl.com>; Thu, 7 Aug 2008 12:39:05 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 3969B3A6765 for <tcpm@ietf.org>; Thu, 7 Aug 2008 12:37:40 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 9266C50846; Thu, 7 Aug 2008 12:47:09 -0700 (PDT)
Date: Thu, 07 Aug 2008 12:47:09 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Adam Langley <agl@imperialviolet.org>
In-Reply-To: <396556a20808071218t24c4375fma99d4f68f51f4757@mail.gmail.com>
References: <4890F4BE.6060302@isi.edu> <48935FFD.4090805@isi.edu> <396556a20808051826w1a839577q956f379f56db1165@mail.gmail.com> <20080806020257.D1C69525D8F@kilo.rtfm.com> <396556a20808061742y19f8f5fh78fe66bfe4d415be@mail.gmail.com> <20080807011812.DDC8050846@romeo.rtfm.com> <396556a20808071047q5bda8acbje7a8fc9f9bf2e597@mail.gmail.com> <20080807180512.77604529E4D@kilo.rtfm.com> <396556a20808071110o5d45221fq4bea1ed4247f70ff@mail.gmail.com> <20080807182134.88C8552A06A@kilo.rtfm.com> <396556a20808071218t24c4375fma99d4f68f51f4757@mail.gmail.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080807194709.9266C50846@romeo.rtfm.com>
Cc: tcpm@ietf.org, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] tcp-auth-opt issue: support for NATs
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Thu, 7 Aug 2008 12:18:40 -0700,
Adam Langley wrote:
> 
> On Thu, Aug 7, 2008 at 11:21 AM, Eric Rescorla <ekr@networkresonance.com> wrote:
> > Huh? You're worried about being SYN flooded by people with whom
> > you share a trust relationship with? That doesn't seem particularly
> > likely.
> 
> I was assuming the attacking party would be replaying valid messages
> that they captured on the wire.

Well, this isn't much of an attack, since the attacker can only
create one SYN state for every individual connection initiation
that it observes. How useful is that?

-Ekr

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email