On 25 mrt 2008, at 16:10, Dan Wing wrote:
...
And yes, the issues I referred to are DoS and TCP spoofing.
These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing protection?
Looks like this is mostly similar to IPsec except that the port
At Wed, 26 Mar 2008 13:25:20 +0100,
Iljitsch van Beijnum wrote:
On 25 mrt 2008, at 16:10, Dan Wing wrote:
...
And yes, the issues I referred to are DoS and TCP spoofing.
These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
- Modern cryptographic implementations are extremely fast. For
comparison the MacBook Air I'm typing this on will do order 10^6
HMAC-MD5s/second on 64-byte packets. So, to consume all my
resources would require order 10^8 bits per second,
At Wed, 26 Mar 2008 15:01:21 +0100,
Iljitsch van Beijnum wrote:
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
- Modern cryptographic implementations are extremely fast. For
comparison the MacBook Air I'm typing this on will do order 10^6
HMAC-MD5s/second on 64-byte packets. So, to
At Wed, 26 Mar 2008 07:32:41 -0700,
Eric Rescorla wrote:
At Wed, 26 Mar 2008 15:01:21 +0100,
Iljitsch van Beijnum wrote:
On 26 mrt 2008, at 14:36, Eric Rescorla wrote:
- Modern cryptographic implementations are extremely fast. For
comparison the MacBook Air I'm typing this on
On 24 mrt 2008, at 18:58, Jari Arkko wrote:
Now, if we had a proposal that turned IPsec into as easily deployable
between random clients and known servers as TLS, I would be interested
in a new experiment! But I did not see a proposal for that yet. Maybe
time for that draft that Phillip
Iljitsch van Beijnum wrote:
...
And yes, the issues I referred to are DoS and TCP spoofing.
These can only be protected against at the network level.
What are your thoughts on DTLS's DoS and spoofing protection?
-d
___
IETF mailing list
On 24 mrt 2008, at 18:58, Jari Arkko wrote:
Now, if we had a proposal that turned IPsec into as easily deployable
between random clients and known servers as TLS, I would be interested
in a new experiment! But I did not see a proposal for that yet. Maybe
time for that draft that Phillip
At Mon, 24 Mar 2008 15:17:56 +0100,
Iljitsch van Beijnum wrote:
On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
SSL is vulnerable to more
On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
SSL is vulnerable to more attacks than IPsec and IPsec is more general
than SSL. As such it would be
On 16 mrt 2008, at 21:42, Henrik Levkowetz wrote:
... Nearly all IETF mailinglists are still hosted on IPv4-only
servers, to name just one issue.
Umm... At this time, most IETF mailing lists are hosted on
mail.ietf.org a.k.a. www.ietf.org, which is IPv6 enabled.
(The numbers I have for
Umm... At this time, most IETF mailing lists are hosted on
mail.ietf.org a.k.a. www.ietf.org, which is IPv6 enabled.
(The numbers I have for active WGs are that 90 out of 120 lists
are hosted on ietf.org). I can't really reconcile that with
your statement above. Could you expand on your
On 24 Mar 2008, at 11:18 , Marc Manthey wrote:
hello ipv6 peoples, sorry for crossposting
how can i use ipv6 from my machine ?
using leopard 10.5.2. mail ?
my endpoint is 2001:6f8:1051:0:20d:93ff:fe79:f1e
thought its automatic :-P
I think you just need to make sure that the servers
10:17 AM
To: Eric Rescorla
Cc: Mark Andrews; Jari Arkko; IETF Discussion; Kurt Erik Lindqvist
Subject: Re: experiments in the ietf week
On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would
Phillip, Iljitsch,
If you beleive that there is an attack that SSL is vulnerable to you
should bring it up in TLS.
I think Iljitsch meant that TLS cannot protect against TCP
vulnerabilities, such as spoofed connection resets. This is obviously
well known.
The upside of TLS has of course been
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does
At Wed, 19 Mar 2008 22:59:52 +1100,
Mark Andrews wrote:
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC
Eric,
I was referring to Iljitsch's suggestion about SSL and IPsec, not
the suggestion about DNSSEC.
Yes. FWIW, I don't think that would be interesting. DNSSEC experiments
by itself might be interesting, particularly if they could be combined
with some movement in getting the root signed.
Hi Jari,
we have already started todo the same with other protocols in GEOPRIV. See
http://www.ietf.org/mail-archive/web/geopriv/current/msg05453.html
http://www.ietf.org/mail-archive/web/geopriv/current/msg05468.html
http://www.ietf.org/mail-archive/web/geopriv/current/msg05472.html
Ciao
Hannes
Yes, that's excellent. In particular, I like your approach of making
things available for the IETF crowd, delivered by the folks who are also
delivering the standards.
Jari
___
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
A more interesting experiment would be to do away
Hi Iljitsch,
On 2008-03-16 19:44 Iljitsch van Beijnum said the following:
... Nearly all IETF mailinglists are still hosted on IPv4-only
servers, to name just one issue.
Umm... At this time, most IETF mailing lists are hosted on
mail.ietf.org a.k.a. www.ietf.org, which is IPv6 enabled.
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
Yes. It is also useful in its own
Jari:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
Six or seven years ago we had a big discussion regarding the
language(s) to be used in the IETF. Harald was IETF Chair when this
discussion took place, and he declared the consensus to be
On 14 mar 2008, at 13.01, Jari Arkko wrote:
We should also implement future IPv6 experiments and network
deployments.
But why I'm really sending this e-mail is to suggest that IPv6 might
not
be the only topic for such future efforts. Here's a challenge for the
RAI folks: What about
On 2008-03-16 02:09, Russ Housley wrote:
Jari:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
Six or seven years ago we had a big discussion regarding the
language(s) to be used in the IETF. Harald was IETF Chair when this
discussion
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
On Mar 14, 2008, at 8:01 AM, Jari Arkko wrote:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
It's doable, no doubt. The next question is whether this is actually
smart.
The Finnish character set is something I can deal with, although my
Fred Baker wrote:
On Mar 14, 2008, at 8:01 AM, Jari Arkko wrote:
Challenge for our IT folks: Internationalized Internet Drafts,
including file names. Doable?
It's doable, no doubt. The next question is whether this is actually
smart.
The Finnish character set is something I can
As some of you might have noticed, some GEOPRIV participants ran a small
experiment, using the IETF network as a base for location-based
services. We had a few folks try it, and learned a lot, but three main
things:
1. Interworking with the IETF NOC was really pleasant (Thanks, guys!)
2.
31 matches
Mail list logo
