httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <dgaudet-list-new-ht...@arctic.org>
Subject Re: application level accept() filter for 1.3.x
Date Sat, 06 Jan 2001 20:03:30 GMT
well if you used UDP to essentially re-implement TCP, i.e. with a 3-way
handshake to open up a reliable, sequenced stream.  then it'd be as secure
as TCP is to outside attacks.

the issue is when you implement certain protocols which transmit data
without the handshake... i don't know the exact details, but you can
mathematically prove that without enough handshaking you can't implement a
*secure* reliable sequenced stream.

it's the 3rd party issue -- an attacker sourcing packets which look to
come from either end of the communication.  something to do with sequence
number safety.

so yeah T/TCP gets you a reliable sequenced stream, it's just not safe
from attackers.

-dean

On Wed, 3 Jan 2001, Tony Finch wrote:

> dean gaudet <dgaudet-list-new-httpd@arctic.org> wrote:
> >
> >TTCP which lets data go in the first packet is not
> >secure / not useable on an open network.
>
> I've seen this comment a few times recently, but I don't see why it
> should be any worse than UDP from that perspective. Perhaps the issue
> is just that it isn't quite as safe as TCP.
>
> Tony.
> --
> f.a.n.finch    fanf@covalent.net    dot@dotat.at
> " ``Well, let's go down and find out who's grave it is.''
> ``How?''  ``By going down and finding out!'' "
>


Mime
View raw message