On Wed, 12 May 2004 21:51:53 EDT, Todd Vierling <tv@duh.org> said:
Gimme a break. This text is a half-baked concoction at best if the next draft still doesn't mention port randomization as a cheap and effective mitigator for external attack attempts. You can get at least 14 bits of entropy for one lousy arc4random() call. Enter as often as you like. No purchase required.
With this and the patent funny business, I don't know if I can roll my eyes any further into the back of my head.
Well.. you have to remember that we live in an environment where people are *just* noticing that RFC793 says "The RST has to be in the window, not dead on"... and apparently overnight somebody has re-discovered the fact that CSMA/CA networks will fall over if somebody starts jabbering: http://www.auscert.org.au/render.html?it=4091