Im dubious
> 2. How should we fix the referenced problem with TCP spoofing (if we decide
> not to create any storage)?
By making the above/below responses the same
> 3. Should the storage be organized as AVL tree if we accept the creation of
> the storage?
I think #3 is sensible if #1/#2 hold up
> About 1:
> I think we should fix predictable IP IDs. I don't think that TCP spoofing
> attack is the only attack which may take advantages of predictable IP IDs.
> Information about traffic is too sensitive from my personal point of view.
Then encrypt it 8)
> TCP has a well-defined behaviour which we've implemented in the kernel.
> I don't consider the current reply policy as a TCP issue. It conforms the
> whole TCP security ideology: people seeing packets in the flight may do what
> they want, people who doesn't see shouldn't be able to get unauthorized
> access.
The above/below stuff doesnt seem to work on *BSD so its not clear it isnt
actually just a Linux quirk
> About 3:
> AVL trees don't consume much more memory than other structures.
> But we may discuss the issue after #1.
Agreed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/