Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 04 Apr 2015 20:24:14 +0200
From:      Hans Petter Selasky <hps@selasky.org>
To:        "Robert N. M. Watson" <rwatson@FreeBSD.org>
Cc:        "emeric.poupon@stormshield.eu >> Emeric POUPON" <emeric.poupon@stormshield.eu>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "Peter N. M. Hansteen" <peter@bsdly.net>
Subject:   Re: Patch to reduce use of global IP ID value(s) to avoid leaking information
Message-ID:  <55202C4E.1010902@selasky.org>
In-Reply-To: <C936160B-4959-42F9-9433-226AA5CC7591@FreeBSD.org>
References:  <551F034A.3040402@selasky.org> <20150403213641.GM64665@glebius.int.ru> <551FA37B.90609@selasky.org> <35F9F267-EDB3-45FC-95E0-4573556BD736@freebsd.org> <551FF191.2090109@selasky.org> <55200A51.3090008@selasky.org> <C936160B-4959-42F9-9433-226AA5CC7591@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Robert,

On 04/04/15 19:11, Robert N. M. Watson wrote:
> and it's not clear it will offer practical benefit nor allow the implementation to be at all efficient -- which is far more important to most FreeBSD users

Then what Putin stated public last year is absolutely true:

http://www.theguardian.com/world/2014/apr/24/vladimir-putin-web-breakup-internet-cia

The IPv4 protocol was intentionally designed to be such, that in any 
ways trying to make it more secure, will require additional CPU 
overhead, like keeping track of 2-tuples for generating per-stream IP 
IDs, that it will not be feasible in practice and then vendors will do 
insecure implementations instead of secure implementations to get the 
needed performance. The IP ID field was then intentionally designed to 
be too small, 16-bit. If Snowden leaks documents on this, would for sure 
confirm this claim.

OK, Robert, I fully understand and will not touch this issue any more 
before my head gets cut off :-) I appreciate your openness and 
willingness to share information on this issue. You know the IPv4 
history even before I came to this world.

--HPS

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55202C4E.1010902>