Hello,
I quickly reviewed Socks6 document as I was waiting for any initiation to improve socks 5. I found it a good document, however, unfortunately the security is still weak and this document also did not address that but made it worse. I am looking for new methods of authentication as what is available in socks5 is just plain text and cannot protect against active attacker and also passive attacker if and if there is a fixed value used as a username and password. Further, DDoS attack mentioned also in the draft cannot be addressed as easily as explained, IMHO. since the proxy server supposed to receive higher size messages and the attacker client can only overwhelm the socks server easier by less messages from different IP address that sounds to be a new client. Further, for constrained devices, there is a limitation in size of the message, therefore, dissimilar to socks5 that could be used also for such devices, socks 6 cannot be used otherwise there will be limit in the information supposed to be sent in one message. https://tools.ietf.org/html/draft-intarea-olteanu-socks-6-00.html But in general, that is a good effort, keep going on! Best, Hosnieh
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
