On 2008-8-19, at 16:05, ext David Barrett wrote: > I agree it sucks > to wait until the TCP connection has already finished establishing > before starting key negotiation, so why not just insert the first SSL > packet in with the SYN, the first SSL response in with the SYN-ACK, > and > so on? This way you get the benefit of a proven stack while also > cutting down on connection setup time. The ITEF would still probably > puke on including data in the SYN/SYN-ACK, but at least you'd win over > the SSL fans.
Actually, in 1994, the IETF standardized Transactional TCP (T/TCP) in RFC1644, which allows just that. However, there are serious DDoS issues with T/TCP which have prevented it seeing significant deployment. Lars _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
