Re: [PATCH] TCP: add option for silent port knocking with integrity protection

[Alexander Holler]

Am 20.08.2014 11:47, schrieb Alexander Holler:
> Am 20.08.2014 11:28, schrieb Hagen Paul Pfeifer:
> > On 20 August 2014 11:07, Alexander Holler <holler@xxxxxxxxxxxxx> wrote:
> >
> > > For sure it could be better, but I'm already happy with the current
> > > imperfect solution which I can use now and not some perfect solution
> > > which
> > > might be available in some years.
> >
> > Alexander, to make it clear: we cannot include mechanisms which
> > probably open other (security) issues. This is not how things work
> > out. TCP had so many issues in the past - regarding security,
> > implementation f*ups, etc. pp. It is utterly important that there is
> > no problem with an extension. Please join the discussion ob tcpm if
> > you will drive things forward. That's all what I can say - sorry!
>
> Maybe I first should send a million syn-packets to a box where I've
> enabled that feature. ;)
>
> Anyway, I still think there should be some room for experimental
> features in the kernel. It makes them more visible to possible
> contributors and helps to drive further development.
>
> Not necessarily in my case (as most people, I can't and don't want to
> participate in all parties), but ...

And as I've just read the archives of tcpm, I don't think it would help. 
Jacob Appelbaum already expressed everything I like to use this feature 
for, so most of the time I just had to send a +1 to Jacobs comments, 
which would be somewhat annoying. ;)

Regards,

Alexander Holler


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/