netdev
[Top] [All Lists]

Re: TCP MD5 signature option (RFC2385)

To: Sandy Harris <sandy@xxxxxxxx>
Subject: Re: TCP MD5 signature option (RFC2385)
From: Frank Solensky <solenskyf@xxxxxxx>
Date: 25 Jan 2002 21:52:10 -0500
Cc: netdev@xxxxxxxxxxx
In-reply-to: <3C5216EF.DE4A4A81@xxxxxxxx>
References: <1012009515.1850.36.camel@xxxxxxxxxxxxxxxxxxxxx> <3C5216EF.DE4A4A81@xxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
On Fri, 2002-01-25 at 21:39, Sandy Harris wrote:
> Frank Solensky wrote:
> > 
> > I noticed that Linux stack doesn't currently support for RFC2385 (MD5
> > signatures for TCP packets).
> 
> Can you use IPsec authentication? 
> See www.freeswan.org for the Linux implementation.

This is a bit different -- the RFC describes an option that would be
added to the tcp options procesing while freeswan provides AH which is
between the IP and TCP headers.

> I don't know how useful these are, but some things to consider:
> 
> The /dev/random driver includes MD5 and some code for generating TCP
> sequence numbers.

Yeah, I noticed that drivers/char/random.c has the necessary routines
(though I'd have to look for what causes USE_SHA to get defined since
this would lose the MD5Transform routine).



<Prev in Thread] Current Thread [Next in Thread>