Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure

• Previous message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Next message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Iljitsch van Beijnum <iljitsch at muada.com> [2004-05-13 19:52]:
> I don't think you can fully randomize the source port as it might clash 
> with well-known ports.

of course. 1024 - 49151, on OpenBSD.

> Also, it may be somewhat expensive to make ports 
> truly random. (But not as expensive as doing MD5 for the whole 
> session.)

We have randomized src ports in OpenBSD since 1996 - on all platforms, 
including vax and such. No, it is not expensive.

> But why are you assuming the window size is 64k? This is completely 
> unnecessary, and not done in practice by "real" routers: those 
> typically use a 16k window. It should even be possible to set the 
> window to a very small size, such as 64 bytes. That's enough to receive 
> the initial BGP header, after which the window can be set to a larger 
> size until the session is idle again.

In OpenBSD's bgpd, we only scale the window up of md5sig or ipsec is in 
use...

-- 
Henning Brauer, BS Web Services, http://bsws.de
hb at bsws.de - henning at openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

• Previous message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Next message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]