tcpdump mailing list archives
Re: Proposed new pcap format
From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 23 Apr 2004 01:51:49 +1000 (EST)
In some email I received from Jefferson Ogata, sie wrote:
Darren Reed wrote:In some email I received from Michael Richardson, sie wrote:Prooving what? that you aren't being lied to? By whom? What is the thread model for this? What does having the kernel digital sign stuff gain you? Who would lie to you in such a way that they couldn't also have the kernel lie to you?It's not about lieing so much as data integrity within the computer/application and being able to trust that to a very high level.Darren, I'm still trying to understand an attack or failure scenario where having the kernel MD5 the packet is any more reliable than having userland do it. Can you describe such a scenario?
I have less faith in a multithreaded program not stamping on data between it being read from the kernel and md5'ing it. Darren - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Proposed new pcap format, (continued)
- Re: Proposed new pcap format Ronnie Sahlberg (Apr 11)
- Re: Proposed new pcap format Loris Degioanni (Apr 13)
- Re: Proposed new pcap format Fulvio Risso (Apr 13)
- Re: Proposed new pcap format Michael Richardson (Apr 16)
- Re: Proposed new pcap format Ronnie Sahlberg (Apr 11)
- Re: Proposed new pcap format Guy Harris (Apr 21)
- Re: Proposed new pcap format Darren Reed (Apr 22)
- Re: Proposed new pcap format Jefferson Ogata (Apr 22)
- Re: Proposed new pcap format Darren Reed (Apr 22)