reply attack

jetienne at arobas.net jetienne at arobas.net
Mon Feb 7 21:43:25 CET 2000


i just read the manual on nl.linux.org and the data doesnt 
seems to be protected against the replay attack. 
esp/ah provides a very simple way to handle it (a counter 
on the send part and a window in the receiving one).
it would worth to do it.

i wanted to look at the meta protocol but the echanges arent
described (only commands) so i cant to estimate the security.
it would be a good idea to perform a description of the key
exchange part. (or maybe i missed it ?)

ps: cc' me in case of reply.

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/



More information about the Tinc mailing list