From owner-freebsd-security@FreeBSD.ORG Thu Jan 29 17:24:16 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8CDAD462 for ; Thu, 29 Jan 2015 17:24:16 +0000 (UTC) Received: from luigi.brtsvcs.net (luigi.brtsvcs.net [IPv6:2607:fc50:1000:1f00::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 673DFB0F for ; Thu, 29 Jan 2015 17:24:16 +0000 (UTC) Received: from chombo.houseloki.net (c-71-59-211-166.hsd1.or.comcast.net [71.59.211.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by luigi.brtsvcs.net (Postfix) with ESMTPSA id 4F9432D4F93; Thu, 29 Jan 2015 17:24:14 +0000 (UTC) Received: from [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29] (unknown [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by chombo.houseloki.net (Postfix) with ESMTPSA id 8173A1A2; Thu, 29 Jan 2015 09:24:12 -0800 (PST) Message-ID: <54CA6CBB.4060301@bluerosetech.com> Date: Thu, 29 Jan 2015 09:24:11 -0800 From: Darren Pilgrim Reply-To: freebsd-security@freebsd.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Joe Holden , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:02.kmem References: <20150128194011.2175B19F@hub.freebsd.org> <20150128211910.80082283DA18@rock.dv.isc.org> <54C966BF.9000803@rewt.org.uk> In-Reply-To: <54C966BF.9000803@rewt.org.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2015 17:24:16 -0000 On 1/28/2015 2:46 PM, Joe Holden wrote: > Really, how many SCTP users are there om the wild... maybe one? > > It shouldn't be in GENERIC at the very least! It's used for IP-based telecom backhaul with modern POTS networks and cell networks. It's far better than TCP at handling the vagaries of voice routing. Cell carriers like to use IP backhaul instead of private lines because IP transport is ubiquitous, dirt cheap, and all you need is a VPN to secure it. I use SCTP on video systems because it handles 1:N and M:N distribution systems very well, all I need to do is string UTP or deploy wifi, and, best of all, I don't have to use multicast.