IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Albrecht/Paterson/Watson's attack
>> Vastly different internal architecture. My code sends packets by
>> encrypting them and appending to an output queue.
> If you do it similarly to what I do, you'd need to add a (short)
> queue of unencrypted packets before the output buffer. I think
> that's more sane than a "crypto rollback".
I don't see how that would help. I'd still need to either encrypt the
possibly-desired IGNORE or do the write without it and risk a BPP-level
packet boundary appearing as a TCP segment boundary via being a write
boundary.
> I might add some unnecessary ignores, but the intention is not to
> never add them if output queue already is larger than a tcp segment.
How do you tell how large TCP segments are?
> I think the push flag will be set for most messages, except when you
> know that additional messages will be generated shortly.
Sounds to me as though you'll end up sprinkling IGNOREs all through
most traffic. That's one of the effects I'd like to avoid.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index