Re: [PATCH] TCP: add option for silent port knocking with integrityprotection

[Eric Dumazet]

On Thu, 2013-12-12 at 16:07 +0100, Christian Grothoff wrote:

> I'm already having fun with IETF and pTLDs right now, one war at a time
> ;-).  I also figured it might be easier to have a reasonable working
> reference implementation first and then standardize.  After all, with my
> recent draft some people at IETF suggested I should get 1,000,000+ users
> first and then ask again.

Honestly, breaking the detection of old packets (PAWS) is not going to
fly. Its not even mentioned in your doc.

If a client uses the same ISN for two consecutive connexions to a
server, how the server can decide the 2nd SYN is not a duplicate ?

You really need more than 3 pages to fully investigate all the pros/cons
of this idea.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/