Subject: Re: CVS commit: src
To: Jun-ichiro itojun Hagino <itojun@itojun.org>
From: Christos Zoulas <christos@zoulas.com>
List: source-changes
Date: 04/26/2004 13:11:20
On Apr 27,  2:06am, itojun@itojun.org (Jun-ichiro itojun Hagino) wrote:
-- Subject: Re: CVS commit: src

| > No, it is still useful because some routers will not accept non-md5 sessions.
| > So to interoperate properly the minimum we have to do is send m5 packets and
| > accept m5 packets.
| 
| 	i agree with perry.  if NetBSD side does not check signature
| 	(in fact, it does not check *the existence* of signature either)
| 	malicious party can throw bogus packets to NetBSD side, and tear down
| 	connection (or whatever).

But without it you cannot talk to the routers that only do MD5 in
the first place. What you say, is that you'd rather have no
interoperability with such routers, as opposed to interoperability
that is subject to a denial of service attack. No matter what, the
code is a step in the right direction.

christos