Re: TCP MD5 signature option (RFC2385)

To:	Sandy Harris <sandy@xxxxxxxx>
Subject:	Re: TCP MD5 signature option (RFC2385)
From:	Frank Solensky <solenskyf@xxxxxxx>
Date:	25 Jan 2002 21:52:10 -0500
Cc:	netdev@xxxxxxxxxxx
In-reply-to:	<3C5216EF.DE4A4A81@xxxxxxxx>
References:	<1012009515.1850.36.camel@xxxxxxxxxxxxxxxxxxxxx> <3C5216EF.DE4A4A81@xxxxxxxx>
Sender:	owner-netdev@xxxxxxxxxxx

On Fri, 2002-01-25 at 21:39, Sandy Harris wrote:
> Frank Solensky wrote:
> > 
> > I noticed that Linux stack doesn't currently support for RFC2385 (MD5
> > signatures for TCP packets).
> 
> Can you use IPsec authentication? 
> See www.freeswan.org for the Linux implementation.

This is a bit different -- the RFC describes an option that would be
added to the tcp options procesing while freeswan provides AH which is
between the IP and TCP headers.

> I don't know how useful these are, but some things to consider:
> 
> The /dev/random driver includes MD5 and some code for generating TCP
> sequence numbers.

Yeah, I noticed that drivers/char/random.c has the necessary routines
(though I'd have to look for what causes USE_SHA to get defined since
this would lose the MD5Transform routine).

<Prev in Thread]	Current Thread	[Next in Thread>
TCP MD5 signature option (RFC2385), Frank Solensky Re: TCP MD5 signature option (RFC2385), Sandy Harris Re: TCP MD5 signature option (RFC2385), Frank Solensky <= Re: TCP MD5 signature option (RFC2385), Andi Kleen Re: TCP MD5 signature option (RFC2385), Chris Dukes Re: TCP MD5 signature option (RFC2385), jamal Re: TCP MD5 signature option (RFC2385), Frank Solensky

Previous by Date:	Re: TCP MD5 signature option (RFC2385), Sandy Harris
Next by Date:	Re: TCP MD5 signature option (RFC2385), Andi Kleen
Previous by Thread:	Re: TCP MD5 signature option (RFC2385), Sandy Harris
Next by Thread:	Re: TCP MD5 signature option (RFC2385), Andi Kleen
Indexes:	[Date] [Thread] [Top] [All Lists]