nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure

From: Henning Brauer <hb-nanog () bsws de>
Date: Thu, 13 May 2004 20:40:36 +0200

* Iljitsch van Beijnum <iljitsch () muada com> [2004-05-13 19:52]:

I don't think you can fully randomize the source port as it might clash 
with well-known ports.


of course. 1024 - 49151, on OpenBSD.


Also, it may be somewhat expensive to make ports 
truly random. (But not as expensive as doing MD5 for the whole 
session.)


We have randomized src ports in OpenBSD since 1996 - on all platforms, 
including vax and such. No, it is not expensive.


But why are you assuming the window size is 64k? This is completely 
unnecessary, and not done in practice by "real" routers: those 
typically use a 16k window. It should even be possible to set the 
window to a very small size, such as 64 bytes. That's enough to receive 
the initial BGP header, after which the window can be set to a larger 
size until the session is idle again.


In OpenBSD's bgpd, we only scale the window up of md5sig or ipsec is in 
use...

-- 
Henning Brauer, BS Web Services, http://bsws.de
hb () bsws de - henning () openbsd org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
Previous By Date Next
Previous By Thread Next

Current thread: