Re: CVS commit: src

To: itojun%itojun.org@localhost (Jun-ichiro itojun Hagino)
Subject: Re: CVS commit: src
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Mon, 26 Apr 2004 13:11:20 -0400

On Apr 27,  2:06am, itojun%itojun.org@localhost (Jun-ichiro itojun Hagino) 
wrote:
-- Subject: Re: CVS commit: src

| > No, it is still useful because some routers will not accept non-md5 
sessions.
| > So to interoperate properly the minimum we have to do is send m5 packets and
| > accept m5 packets.
| 
|       i agree with perry.  if NetBSD side does not check signature
|       (in fact, it does not check *the existence* of signature either)
|       malicious party can throw bogus packets to NetBSD side, and tear down
|       connection (or whatever).

But without it you cannot talk to the routers that only do MD5 in
the first place. What you say, is that you'd rather have no
interoperability with such routers, as opposed to interoperability
that is subject to a denial of service attack. No matter what, the
code is a step in the right direction.

christos

Follow-Ups:
- Re: CVS commit: src
  - From: Perry E. Metzger

References:
- Re: CVS commit: src
  - From: Jun-ichiro itojun Hagino

Prev by Date: CVS commit: src/sys/fs/smbfs
Next by Date: CVS commit: src/sys/sys
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index