On Tue, 19 Aug 2008 4:19 pm, Lars Eggert wrote: > On 2008-8-19, at 16:05, ext David Barrett wrote: >> I agree it sucks >> to wait until the TCP connection has already finished establishing >> before starting key negotiation, so why not just insert the first SSL >> packet in with the SYN, the first SSL response in with the SYN-ACK, >> and >> so on? This way you get the benefit of a proven stack while also >> cutting down on connection setup time. The ITEF would still probably >> puke on including data in the SYN/SYN-ACK, but at least you'd win over >> the SSL fans. > > Actually, in 1994, the IETF standardized Transactional TCP (T/TCP) in > RFC1644, which allows just that. However, there are serious DDoS > issues with T/TCP which have prevented it seeing significant > deployment.
Hm, I'm sorry I don't know the history there -- why is this more costly or abusive than SSL over standard TCP? Is it due to something specific to SSL, or due to it a simple lack of congestion control on those first payloads? -david _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
