Re: [PATCH] TCP: add option for silent port knocking with integrity protection

From: Alexander Holler
Date: Wed Aug 20 2014 - 05:52:03 EST


Am 20.08.2014 11:28, schrieb Hagen Paul Pfeifer:
On 20 August 2014 11:07, Alexander Holler <holler@xxxxxxxxxxxxx> wrote:

For sure it could be better, but I'm already happy with the current
imperfect solution which I can use now and not some perfect solution which
might be available in some years.

Alexander, to make it clear: we cannot include mechanisms which
probably open other (security) issues. This is not how things work
out. TCP had so many issues in the past - regarding security,
implementation f*ups, etc. pp. It is utterly important that there is
no problem with an extension. Please join the discussion ob tcpm if
you will drive things forward. That's all what I can say - sorry!

Maybe I first should send a million syn-packets to a box where I've enabled that feature. ;)

Anyway, I still think there should be some room for experimental features in the kernel. It makes them more visible to possible contributors and helps to drive further development.

Not necessarily in my case (as most people, I can't and don't want to participate in all parties), but ...

Regards,

Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/