[131209] in cryptography@c2.net mail archive
Re: [p2p-hackers] IETF rejects Obfuscated TCP
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Wed Aug 20 22:31:32 2008
Date: Wed, 20 Aug 2008 12:28:59 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: "Alex Pankratov" <ap@poneyhot.org>
Cc: "'Eric Rescorla'" <ekr@networkresonance.com>,
"'theory and practice of decentralized computer networks'" <p2p-hackers@lists.zooko.com>,
<cryptography@metzdowd.com>
In-Reply-To: <006a01c902f6$ebe5b500$c3b11f00$@org>
At Wed, 20 Aug 2008 11:59:48 -0700,
Alex Pankratov wrote:
> > May I ask what you're trying to accomplish? Recall that TLS doesn't
> > start until a TCP connection has been established, so there's
> > aready a proof of the round trip.
> >
> > That said, a mechanism of this type has already been described
> > for DTLS (RFC 4347), so no new invention would be needed.
>
> My comment was in a context of a thread discussing Obfuscated TCP.
>
> One of the suggestions was to piggyback SSL handshake on TCP
> handshake, to which someone pointed at an issue with SYN-flood
> like DoS attacks. My response was to the latter comment.
Well, as I stated in the original discussion on obfuscated TCP (on
TCPM), I'm not convinced that the latency problem is that severe, and
if it is there are a number of potential performance improvements one
could make to TLS before one started screwing around with TCP.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
