Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 15 Mar 2002 18:03:55 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 15 Mar 2002 18:03:47 -0500 Received: from lightning.swansea.linux.org.uk ([194.168.151.1]:17938 "EHLO the-village.bc.nu") by vger.kernel.org with ESMTP id ; Fri, 15 Mar 2002 18:03:32 -0500 Subject: Re: RFC2385 (MD5 signature in TCP packets) support To: davids@webmaster.com (David Schwartz) Date: Fri, 15 Mar 2002 23:19:23 +0000 (GMT) Cc: linux-kernel@vger.kernel.org In-Reply-To: <20020315223649.AAA27488@shell.webmaster.com@whenever> from "David Schwartz" at Mar 15, 2002 02:36:48 PM X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: From: Alan Cox Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > My interest for this is mostly for Zebra to be able to make secure BGP > connections, so I would also contribute a patch for Zebra to support this > feature on Linux. For minimal versions of secure ? Since this memo was first issued (under a different title), the MD5 algorithm has been found to be vulnerable to collision search attacks [Dobb], and is considered by some to be insufficiently strong for this type of application. You'll also find that with SACK it doesn't fit in the tcp header.. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/