From owner-freebsd-security  Sun Sep 24 13:47:36 2000
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by hub.freebsd.org (Postfix) with ESMTP id D370237B422
	for <freebsd-security@FreeBSD.ORG>; Sun, 24 Sep 2000 13:47:27 -0700 (PDT)
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.9.3/8.9.3) id OAA21437;
	Sun, 24 Sep 2000 14:46:20 -0600 (MDT)
Message-Id: <200009242046.OAA21437@faith.cs.utah.edu>
Subject: Re: Encryption over IP
To: mipam@ibb.net
Date: Sun, 24 Sep 2000 14:46:20 -0600 (MDT)
Cc: des@ofug.org (Dag-Erling Smorgrav),
	mencl@nenya.ms.mff.cuni.cz (Vladimir Mencl MK susSED),
	961BE653994@stud.alakhawayn.ma (Ali Alaoui El Hassani),
	slash@krsu.edu.kg (CrazZzy Slash), freebsd-security@FreeBSD.ORG,
	roam@orbitel.bg (Peter Pentchev)
In-Reply-To: <20000924223816.F590@ibb0021.ibb.uu.nl> from "Mipam" at Sep 24, 2000 10:38:16 PM
From: "David G. Andersen" <dga@pobox.com>
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Lo and behold, Mipam once said:
> 
> > Your throughput goes down the drain, but it works fine and it's easy
> > to set up. And remember, sweeping generalizations are always wrong.
> > 
> 
> Not really.
> Tcp always assumes an unreliable carrier, which isnt the case in tcp over tcp.
> This can cause problems in some situations.

  And is needed in some situations, such as going through a tcp nat proxy.
... like the one I have to traverse to access the world from my cable
modem connection.  Sure, you could try to tunnel it over some UDP-based
protocol the NAT box thinks it understands, but when said nat box is a
windoze 98 box running "internet connection sharing," the easiest way to
make life work well is over TCP.

  Yes, running TCP over a reliable connection is often bad.  Yes, it's
also often the best solution.

  -Dave

> 
> Mipam.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message