Hi Mohamed, Thanks for your response. That is interesting!
just the last question is that, whether or not similar to TCP FAST OPEN, can we also have it together with this solution so that we can handle any unreliable internet connection by avoiding the break in TCP layer. Thanks, Best, Hosnieh == > > One more important point is that, how NAT will handle TCP connections > when we have non reliable internet connection that breaks frequently > but we cannot establish the TLS every single time where the connection > breaks? What I liked about Socks 6 that was not in socks5 is that > they handled the unreliable connection, either by purpose or > accidentally, very well since they referred to a document such as TCP > FAST OPEN. > > Further, Socks proxy is layer 5 protocol and can handle TLS > communication better than NAT. I am of course not talking about the > case to use socks as a MITM for my TLS connection. That is not the > purpose at all here. But NAT is layer 3 or maximum with some > configuration layer 4 which has no flexibility to session layer. > > [Med] I’m not sure to get your last two points. > > Best, > > Hosnieh > > > > > > > > this is of course what I also need or expect to use from Socks as a > kind of NATing but at the same time the most important thing is its > interaction with firewall > > On 07/06/2017 03:08 PM, [email protected] > <mailto:[email protected]> wrote: > > Hi Hosnieh, > > > > Just out of curiosity, is there any particular reason you want to > use SOCKS? Did you consider other protocols such as: > > · https://tools.ietf.org/html/rfc6887 > > · https://tools.ietf.org/html/rfc7652 > <https://tools.ietf.org/html/rfc7652> > > > > Thank you. > > > > Cheers, > > Med > > > > *De :* Int-area [mailto:[email protected]] *De la part de* > Hosnieh Rafiee > *Envoyé :* mercredi 5 juillet 2017 21:21 > *À :* [email protected] <mailto:[email protected]> > *Objet :* [Int-area] Review> SOCKS 6 Draft > > > > Hello, > > > I quickly reviewed Socks6 document as I was waiting for any > initiation to improve socks 5. I found it a good document, > however, unfortunately the security is still weak and this > document also did not address that but made it worse. I am looking > for new methods of authentication as what is available in socks5 > is just plain text and cannot protect against active attacker and > also passive attacker if and if there is a fixed value used as a > username and password. > > Further, DDoS attack mentioned also in the draft cannot be > addressed as easily as explained, IMHO. since the proxy server > supposed to receive higher size messages and the attacker client > can only overwhelm the socks server easier by less messages from > different IP address that sounds to be a new client. Further, for > constrained devices, there is a limitation in size of the message, > therefore, dissimilar to socks5 that could be used also for such > devices, socks 6 cannot be used otherwise there will be limit in > the information supposed to be sent in one message. > > https://tools.ietf.org/html/draft-intarea-olteanu-socks-6-00.html > > But in general, that is a good effort, keep going on! > > Best, > > Hosnieh > > > > >
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
