At Wed, 26 Mar 2008 07:32:41 -0700,
Eric Rescorla wrote:
>
> At Wed, 26 Mar 2008 15:01:21 +0100,
> Iljitsch van Beijnum wrote:
> >
> > On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
> >
> > > - Modern cryptographic implementations are extremely fast. For
> > > comparison the MacBook Air I'm typ
At Wed, 26 Mar 2008 15:01:21 +0100,
Iljitsch van Beijnum wrote:
>
> On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
>
> > - Modern cryptographic implementations are extremely fast. For
> > comparison the MacBook Air I'm typing this on will do order 10^6
> > HMAC-MD5s/second on 64-byte packets.
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
> - Modern cryptographic implementations are extremely fast. For
> comparison the MacBook Air I'm typing this on will do order 10^6
> HMAC-MD5s/second on 64-byte packets. So, to consume all my
> resources would require order 10^8 bits per second,
At Wed, 26 Mar 2008 13:25:20 +0100,
Iljitsch van Beijnum wrote:
>
> On 25 mrt 2008, at 16:10, Dan Wing wrote:
>
> > ...
> >> And yes, the issues I referred to are DoS and TCP spoofing.
> >> These can only be protected against at the network level.
>
> > What are your thoughts on DTLS's DoS and
On 25 mrt 2008, at 16:10, Dan Wing wrote:
> ...
>> And yes, the issues I referred to are DoS and TCP spoofing.
>> These can only be protected against at the network level.
> What are your thoughts on DTLS's DoS and spoofing protection?
Looks like this is mostly similar to IPsec except that the
> On 24 mrt 2008, at 18:58, Jari Arkko wrote:
> > Now, if we had a proposal that turned IPsec into as easily deployable
> > between random clients and known servers as TLS, I would be interested
> > in a new experiment! But I did not see a proposal for that yet. Maybe
> > time for that draft that
Iljitsch van Beijnum wrote:
...
> And yes, the issues I referred to are DoS and TCP spoofing.
> These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing protection?
-d
___
IETF mailing list
IETF@ie
On 24 mrt 2008, at 18:58, Jari Arkko wrote:
> Now, if we had a proposal that turned IPsec into as easily deployable
> between random clients and known servers as TLS, I would be interested
> in a new experiment! But I did not see a proposal for that yet. Maybe
> time for that draft that Phillip su
Phillip, Iljitsch,
> If you beleive that there is an attack that SSL is vulnerable to you
> should bring it up in TLS.
I think Iljitsch meant that TLS cannot protect against TCP
vulnerabilities, such as spoofed connection resets. This is obviously
well known.
The upside of TLS has of course bee