tcpdump mailing list archives

Re: Proposed new pcap format

From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Thu, 22 Apr 2004 11:31:18 -0400

Darren Reed wrote:

In some email I received from Michael Richardson, sie wrote:

 Prooving what? that you aren't being lied to? By whom?
 What is the thread model for this? What does having the kernel digital
sign stuff gain you? Who would lie to you in such a way that they
couldn't also have the kernel lie to you?


It's not about lieing so much as data integrity within the
computer/application and being able to trust that to a very
high level.


Darren,

I'm still trying to understand an attack or failure scenario where having thekernel MD5 the packet is any more reliable than having userland do it. Can youdescribe such a scenario?


--
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

Re: Proposed new pcap format, (continued)
- Re: Proposed new pcap format Loris Degioanni (Apr 11)
  - Re: Proposed new pcap format Ronnie Sahlberg (Apr 11)
    - Re: Proposed new pcap format Loris Degioanni (Apr 13)
    - Re: Proposed new pcap format Fulvio Risso (Apr 13)
    - Re: Proposed new pcap format Michael Richardson (Apr 16)
- Re: Proposed new pcap format Loris Degioanni (Apr 14)
- Re: Proposed new pcap format Michael Richardson (Apr 20)
- Re: Proposed new pcap format Michael Richardson (Apr 20)
  - Re: Proposed new pcap format Guy Harris (Apr 21)
  - Re: Proposed new pcap format Darren Reed (Apr 22)
    - Re: Proposed new pcap format Jefferson Ogata (Apr 22)
    - Re: Proposed new pcap format Darren Reed (Apr 22)
- Re: proposed new pcap format Michael Richardson (Apr 20)