Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src



> In article <87wu43x7hm.fsf%snark.piermont.com@localhost>,
> Perry E. Metzger <perry%piermont.com@localhost> wrote:
> >
> >Jonathan Stone <jonathan%netbsd.org@localhost> writes:
> >> NOTE: This version has two potential flaws. First, I do see any code
> >> that verifies recieved TCP-MD5 signatures.
> >
> >That's not a "potential flaw" -- that makes it useless. :(
> >
> >Perry
> 
> No, it is still useful because some routers will not accept non-md5 sessions.
> So to interoperate properly the minimum we have to do is send m5 packets and
> accept m5 packets.

        i agree with perry.  if NetBSD side does not check signature
        (in fact, it does not check *the existence* of signature either)
        malicious party can throw bogus packets to NetBSD side, and tear down
        connection (or whatever).

itojun



Home | Main Index | Thread Index | Old Index