[70403] in North American Network Operators' Group
Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
daemon@ATHENA.MIT.EDU (Henning Brauer)
Thu May 13 14:40:58 2004
Date: Thu, 13 May 2004 20:40:36 +0200
From: Henning Brauer <hb-nanog@bsws.de>
To: North American Noise and Off-topic Gripes <nanog@merit.edu>
Mail-Followup-To: North American Noise and Off-topic Gripes <nanog@merit.edu>
In-Reply-To: <9252DCDD-A505-11D8-B6DD-000A95CD987A@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
* Iljitsch van Beijnum <iljitsch@muada.com> [2004-05-13 19:52]:
> I don't think you can fully randomize the source port as it might clash
> with well-known ports.
of course. 1024 - 49151, on OpenBSD.
> Also, it may be somewhat expensive to make ports
> truly random. (But not as expensive as doing MD5 for the whole
> session.)
We have randomized src ports in OpenBSD since 1996 - on all platforms,
including vax and such. No, it is not expensive.
> But why are you assuming the window size is 64k? This is completely
> unnecessary, and not done in practice by "real" routers: those
> typically use a 16k window. It should even be possible to set the
> window to a very small size, such as 64 bytes. That's enough to receive
> the initial BGP header, after which the window can be set to a larger
> size until the session is idle again.
In OpenBSD's bgpd, we only scale the window up of md5sig or ipsec is in
use...
--
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
