--XF85m9dhOBO43t/C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

On Sat, Jan 11, 2003 at 11:24:39AM -0500, Andrew Brown wrote:

> yea, verily.  i have some (mostly rhetorical) questions about the
> testing.

I agree with most of your doubts about the paper, with one exception:
=20
> (3) how do you determine that the padding is being done by the remote
> operating system and not by the remote nic?

not relevant. If the remote nic does padding and does it with life data,
it can expose data that was on the network before, and maybe came from an
unsniffable peer (because of a fixed switch setting or something similar).
The OS or OS driver can work around this, if known.
=20
> i didn't see any evidence in the paper of any attempt to cleanse and
> control the testing in this manner.  it seemed to concentrate mainly
> on issues with some linux drivers and gesture at the idea that other
> operating systems may be vulnerable as well.

That's my feeling, too.

Regards,
	Ignatios

--=20
seal your e-mail: http://www.gnupg.org/

--XF85m9dhOBO43t/C
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE+IE9rPCRcZ/VMtk4RAv2zAJ9J26K67UGXVHGqxEsgqVYMmyR5sgCfWDto
Bj+5vbcDimcwOkqmjjUWiBI=
=dDWN
-----END PGP SIGNATURE-----

--XF85m9dhOBO43t/C--