tcpdump mailing list archives

Re: Proposed new pcap format

From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 23 Apr 2004 01:51:49 +1000 (EST)

In some email I received from Jefferson Ogata, sie wrote:

Darren Reed wrote:

In some email I received from Michael Richardson, sie wrote:

 Prooving what? that you aren't being lied to? By whom?
 What is the thread model for this? What does having the kernel digital
sign stuff gain you? Who would lie to you in such a way that they
couldn't also have the kernel lie to you?


It's not about lieing so much as data integrity within the
computer/application and being able to trust that to a very
high level.


Darren,

I'm still trying to understand an attack or failure scenario where
having the kernel MD5 the packet is any more reliable than having
userland do it. Can you describe such a scenario?


I have less faith in a multithreaded program not stamping on data
between it being read from the kernel and md5'ing it.

Darren

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

Re: Proposed new pcap format, (continued)
- - Re: Proposed new pcap format Ronnie Sahlberg (Apr 11)
    - Re: Proposed new pcap format Loris Degioanni (Apr 13)
    - Re: Proposed new pcap format Fulvio Risso (Apr 13)
    - Re: Proposed new pcap format Michael Richardson (Apr 16)
- Re: Proposed new pcap format Loris Degioanni (Apr 14)
- Re: Proposed new pcap format Michael Richardson (Apr 20)
- Re: Proposed new pcap format Michael Richardson (Apr 20)
  - Re: Proposed new pcap format Guy Harris (Apr 21)
  - Re: Proposed new pcap format Darren Reed (Apr 22)
    - Re: Proposed new pcap format Jefferson Ogata (Apr 22)
    - Re: Proposed new pcap format Darren Reed (Apr 22)
- Re: proposed new pcap format Michael Richardson (Apr 20)