Re: RFC2385 (MD5 signature in TCP packets) support

From: David S. Miller (davem@redhat.com)
Date: Fri Mar 15 2002 - 18:14:46 EST

Next message: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
Previous message: Balbir Singh: "readv() return and errno"
In reply to: David Schwartz: "Re: RFC2385 (MD5 signature in TCP packets) support"
Next in thread: Alan Cox: "Re: RFC2385 (MD5 signature in TCP packets) support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   From: David Schwartz <davids@webmaster.com>
   Date: Fri, 15 Mar 2002 15:11:39 -0800

   On Fri, 15 Mar 2002 14:53:06 -0800 (PST), David S. Miller wrote:
>There is no reason to not be doing this MD5 garbage in
>userspace. Whoever thought to do this in the protocol
>itself was smoking something.

           This same argument would apply to TCP itself, wouldn't it?

Not at all.

>Maybe I'm missing something, but I see no reason this MD5
>stuff belongs in the protocol and not in the APP.

           How can a TCP-using application authenticate a RST?

Ignoring valid RST frames is illegal. If this RFC says to drop valid
RST frames just because the MD5 is bad, this RFC breaks TCP.

Franks a lot,
David S. Miller
davem@redhat.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
Previous message: Balbir Singh: "readv() return and errno"
In reply to: David Schwartz: "Re: RFC2385 (MD5 signature in TCP packets) support"
Next in thread: Alan Cox: "Re: RFC2385 (MD5 signature in TCP packets) support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Mar 15 2002 - 22:00:22 EST