Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 17 Mar 2002 05:00:32 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 17 Mar 2002 05:00:22 -0500 Received: from outpost.ds9a.nl ([213.244.168.210]:10732 "HELO outpost.powerdns.com") by vger.kernel.org with SMTP id ; Sun, 17 Mar 2002 05:00:09 -0500 Date: Sun, 17 Mar 2002 11:00:08 +0100 From: bert hubert To: linux-kernel@vger.kernel.org Subject: Re: RFC2385 (MD5 signature in TCP packets) support Message-ID: <20020317110008.A21369@outpost.ds9a.nl> Mail-Followup-To: bert hubert , linux-kernel@vger.kernel.org In-Reply-To: <20020315223649.AAA27488@shell.webmaster.com@whenever> <20020315.145306.15914579.davem@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020315.145306.15914579.davem@redhat.com>; from davem@redhat.com on Fri, Mar 15, 2002 at 10:57:11PM +0000 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 15, 2002 at 10:57:11PM +0000, David S. Miller wrote: > > There is no reason to not be doing this MD5 garbage in > userspace. Whoever thought to do this in the protocol > itself was smoking something. I did a lot of this using an iptables module. Iptables lends itself very well to these kind of things. Toy code at http://ds9a.nl/sps/ > Maybe I'm missing something, but I see no reason this MD5 > stuff belongs in the protocol and not in the APP. Some of the idea is cool. You can give a host a 'key' and tell your packet filter to have it pass packets signed with that key. This way you can grant or disable access on a very low level without depending on IP addresses, which can be spoofed. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/