RE: OMB: IPv6 by June 2008
Compare with SSL (works out-of-the-box in 99.999% cases, and allows both, full and hard security with root certificates etc, or simple security based on _ok, I trust you first time, then we can work_.
If I'm on the same shared medium as you I can kill your SSL session with one packet.
Only if shared medium = vanilla CSMA/CD Ethernet or the like. Just because 'transport' is shared, doesn't mean you as the consumer of information carried by the network have visibility. ***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." 118
On 7-jul-2005, at 19:43, Kuhtz, Christian wrote:
If I'm on the same shared medium as you I can kill your SSL session with one packet.
Only if shared medium = vanilla CSMA/CD Ethernet or the like.
Or air. If the medium isn't shared then if it's a thin pipe, it's subject to DoS (I mean the type where you don't even need a zombie army) and if it's a fat one, an attacker still gets to break the TCP sessions with SSL running over them. (This requires a few million packets.)
participants (2)
-
Iljitsch van Beijnum -
Kuhtz, Christian