From owner-freebsd-security Mon Dec 17 10: 3:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 8A47E37B417 for ; Mon, 17 Dec 2001 10:03:57 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id fBHI3kA35513; Mon, 17 Dec 2001 13:03:46 -0500 (EST) (envelope-from wollman) Date: Mon, 17 Dec 2001 13:03:46 -0500 (EST) From: Garrett Wollman Message-Id: <200112171803.fBHI3kA35513@khavrinen.lcs.mit.edu> To: "Tim J. Robbins" Cc: freebsd-security@FreeBSD.ORG Subject: Re: options TCP_DROP_SYNFIN In-Reply-To: <20011217185456.A34365@raven.robbins.dropbear.id.au> References: <20011217073102.GA94480@noname> <20011217185456.A34365@raven.robbins.dropbear.id.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > T/TCP (RFC 1644) speeds up transactions by not using the standard three- > way handshake. I gather that it's more efficient if you have lots of > quick connects and disconnects as you do with HTTP when not using the > keepalive features. However, it's almost entirely irrelevant to this discussion, since the only Web client which ever used T/TCP was FreeBSD 3.0's `fetch' program. Transaction TCP turned out to be a bad idea, for a few fundamental reasons, but might make a comeback some day in a world with stronger security for TCP connections (e.g., host identity payload). DES and I have discussed a more appropriate behavior for this option which does not violate the TCP standard. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message