[p2p-hackers] IETF rejects Obfuscated TCP

Eric Rescorla ekr at networkresonance.com
Wed Aug 20 15:28:59 EDT 2008

At Wed, 20 Aug 2008 11:59:48 -0700,
Alex Pankratov wrote:
> > May I ask what you're trying to accomplish? Recall that TLS doesn't
> > start until a TCP connection has been established, so there's
> > aready a proof of the round trip.
> > 
> > That said, a mechanism of this type has already been described
> > for DTLS (RFC 4347), so no new invention would be needed.
> My comment was in a context of a thread discussing Obfuscated TCP.
> One of the suggestions was to piggyback SSL handshake on TCP 
> handshake, to which someone pointed at an issue with SYN-flood 
> like DoS attacks. My response was to the latter comment.

Well, as I stated in the original discussion on obfuscated TCP (on
TCPM), I'm not convinced that the latency problem is that severe, and
if it is there are a number of potential performance improvements one
could make to TLS before one started screwing around with TCP.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list