Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266075AbUF2V3k (ORCPT ); Tue, 29 Jun 2004 17:29:40 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S266079AbUF2V3Z (ORCPT ); Tue, 29 Jun 2004 17:29:25 -0400 Received: from mail.enyo.de ([212.9.189.167]:17671 "EHLO mail.enyo.de") by vger.kernel.org with ESMTP id S266075AbUF2V2p (ORCPT ); Tue, 29 Jun 2004 17:28:45 -0400 To: linux-kernel@vger.kernel.org Subject: Re: TCP-RST Vulnerability - Doubt References: <40DC9B00@webster.usu.edu> <20040625150532.1a6d6e60.davem@redhat.com> <20040629043411.A5054@homebase.cluenet.de> From: Florian Weimer Date: Tue, 29 Jun 2004 23:28:42 +0200 In-Reply-To: <20040629043411.A5054@homebase.cluenet.de> (Daniel Roesen's message of "Tue, 29 Jun 2004 04:34:11 +0200") Message-ID: <87zn6myrxx.fsf@deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 575 Lines: 14 * Daniel Roesen: > Not if the MD5 option is properly implemented - i.e. MD5 hash checking > is done AFTER the packet is considered valid in terms of "fitting" > sequence number. In this case, you trade robustness against network load for robustness against implementation errors. I'd rather not to have to make this choice. 8-/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/