> -----Original Message----- > From: Eric Rescorla [mailto:[EMAIL PROTECTED] > Sent: August 20, 2008 12:29 PM > To: Alex Pankratov > Cc: 'Eric Rescorla'; 'theory and practice of decentralized computer > networks'; [EMAIL PROTECTED] > Subject: Re: [p2p-hackers] IETF rejects Obfuscated TCP > > At Wed, 20 Aug 2008 11:59:48 -0700, > Alex Pankratov wrote: > > > May I ask what you're trying to accomplish? Recall that TLS doesn't > > > start until a TCP connection has been established, so there's > > > aready a proof of the round trip. > > > > > > That said, a mechanism of this type has already been described > > > for DTLS (RFC 4347), so no new invention would be needed. > > > > My comment was in a context of a thread discussing Obfuscated TCP. > > > > One of the suggestions was to piggyback SSL handshake on TCP > > handshake, to which someone pointed at an issue with SYN-flood > > like DoS attacks. My response was to the latter comment. > > Well, as I stated in the original discussion on obfuscated TCP (on > TCPM), I'm not convinced that the latency problem is that severe, and > if it is there are a number of potential performance improvements one > could make to TLS before one started screwing around with TCP.
Based on this reply alone I'm not sure I follow. I also read quickly through your exchange on TCPM and your comments appear to be specific to Adam's draft. My comment was not related to either a latency or a potential performance problems of TLS. It was in a response to another idea - that of bundling TLS handshake with TCP handshake. The goal of this (and I apologize for stating the obvious, just want to make sure we are on the same page here) is to provide transparent to application layer opportunistic encryption of TCP streams. Whether this goal makes any sense and if it is worth pursuing is a separate issue; it's the DoS aspect of the implementation idea that I was commenting on. Alex _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
