[e2e] end2end-interest Digest, Vol 25, Issue 26
Jeremy Harris
jgh at wizmail.org
Sun Mar 26 10:04:23 PST 2006
Michael Welzl wrote:
>>(2) Since the server is asked to do a perhaps signficant computation
>> before the 3WHS has completed, it is an open invitation to
>> DoS attacks. (This would be OK if you could assume that all
>> T/TCP clients were authenticated using IPsec,)
>
>
>
> - exactly my thinking. So skipping the handshake would make sense
> in such an environment, right?
>
> To me, there's just one open question. When all nodes authenticate
> themselves in a Grid, why don't they just set up and maintain TCP
> connections to each other forever?
Because processes come and go, I'd think. Plus, perhaps, a dose
of "basic TCP can work to anywhere; it saves on management costs
to use it everywhere".
On the other side of the coin, in such a trusted environment, I
don't see why you shouldn't send
1) -> SYN, query data, FIN
2) <- SYN, response data, FIN, ACK(SYN+query+FIN)
3) -> ACK(SYN+response+FIN)
without going the whole hog on T/TCP.
- Jeremy
More information about the end2end-interest
mailing list