[p2p-hackers] IETF rejects Obfuscated TCP
Eric Rescorla
ekr at networkresonance.com
Wed Aug 20 15:28:59 EDT 2008
At Wed, 20 Aug 2008 11:59:48 -0700,
Alex Pankratov wrote:
> > May I ask what you're trying to accomplish? Recall that TLS doesn't
> > start until a TCP connection has been established, so there's
> > aready a proof of the round trip.
> >
> > That said, a mechanism of this type has already been described
> > for DTLS (RFC 4347), so no new invention would be needed.
>
> My comment was in a context of a thread discussing Obfuscated TCP.
>
> One of the suggestions was to piggyback SSL handshake on TCP
> handshake, to which someone pointed at an issue with SYN-flood
> like DoS attacks. My response was to the latter comment.
Well, as I stated in the original discussion on obfuscated TCP (on
TCPM), I'm not convinced that the latency problem is that severe, and
if it is there are a number of potential performance improvements one
could make to TLS before one started screwing around with TCP.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list