Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 15 Mar 2002 18:14:25 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 15 Mar 2002 18:14:15 -0500 Received: from mail.webmaster.com ([216.152.64.131]:61927 "EHLO shell.webmaster.com") by vger.kernel.org with ESMTP id convert rfc822-to-8bit; Fri, 15 Mar 2002 18:14:02 -0500 From: David Schwartz To: Alan Cox , X-Mailer: PocoMail 2.51 (1003) - Registered Version Date: Fri, 15 Mar 2002 15:13:59 -0800 In-Reply-To: Subject: Re: RFC2385 (MD5 signature in TCP packets) support Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Message-ID: <20020315231400.AAA28257@shell.webmaster.com@whenever> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org >Not only that MD5 shouldn't be the one. The crypto folks prefer SHA and for >good reasons. There is no problem with MD5 that makes it unsuitable for this particular application. A SHA signature would enlarge each packet, further reducing the effective MTU. This would increase the cost of what was intended to be a simple mechanism to solve a specific problem (spoofed SYNs/RSTs). What it comes down to is simply whether you care whether Linux machines can interoperate with Cisco's BGP authentication scheme. This feature would be very useful to me, so I personally do care, even if the scheme is not the best possible scheme. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/