On Wed, 2006-07-19 at 01:46 -0300, Ivan Arce wrote: > Choice of transport defines a lot of things, among them how much more > effort you'll need to achieve "real security".
I'd say the choice of transport _as well as_ the threat model govern the effort you need to expend to achieve security. If your threat model is that the app is internal to an enterprise (more lossless and in-order than the Internet), and that there is 802.11x port authentication to prevent spoofing, then the corresponding benefits that TCP provides over UDP is redundant. That said, I agree it is easier to shoot yourself in the foot with UDP. But fundamentally, it is no less secure than TCP when used properly (which requires effort). -- Saikat
signature.asc
Description: This is a digitally signed message part
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
