On Sat, Sep 27, 2003 at 07:58:14PM +0100, M Taylor wrote: > Perhaps a HMAC per "chunk", rather than per the payload of a single UDP > datagram. I suspect per every 5 UDP datagrams, roughly ~7000 bytes of > payload may work. This will increase latency.
That would not work either. It would have the same problems as a packet that has been split into 5 fragments: if one of the fragments gets lost, the whole packet will be discarded. Fragment reassembly is also something that is not completely trivial, in the past there have been some simple DoS attacks for various operating systems that did not implement IP fragment reassembly correctly. Each UDP packet must stand on its own, just like the network packet that has been encapsulated within it. > This should be redone from scratch, I would look at either using > Diffie Hellman Key Exchange combined with digital signatures or the updated > Needham Schroeder Public Key Protocol. Exchange two symmetric keys, > one used for bulk data encryption, the other used for the HMAC > authentication. I think I prefer the Diffie-Hellman key exchange; the Needham Schroeder public key protocol needs more round trips and one more RSA encryption/decryption step. > I expect this is a reference to "Why TCP Over TCP Is A Bad Idea" > <http://sites.inka.de/~bigred/devel/tcp-tcp.html> Yes. > If Guus Sliepen and Ivo Timmermans are willing to seriously rethink their > high tolerance for unncessary weakness, I think tinc 2.0 could end up being > a secure piece of software. I hope Guus and Ivo circulate their version 2.0 > protocol before they do any coding, so that any remaining flaws can be easily > fixed in the paper design without changing a single line of code, saving time > and effort. Those are the first encouraging words I've heard since Peter Gutmann's writeup was posted on Slashdot, thank you! We do plan to get rid of all the weaknesses, and once we know what we want and we have a draft, I'll post it in this mailing list. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]>
Description: Digital signature