This is the security documentation for tinc, a Virtual Private Network daemon.
- Copyright 2001-2002 Guus Sliepen <guus@sliepen.warande.net>,
+ Copyright 2001-2002 Guus Sliepen <guus@sliepen.eu.org>,
2001-2002 Wessel Dankers <wsl@nl.linux.org>
Permission is granted to make and distribute verbatim copies of
provided that the entire resulting derived work is distributed
under the terms of a permission notice identical to this one.
- $Id: SECURITY2,v 1.1.2.2 2002/02/10 21:57:51 guus Exp $
+ $Id: SECURITY2,v 1.1.2.4 2002/09/15 22:19:37 guus Exp $
Proposed new authentication scheme
----------------------------------
After the correct challenge replies are recieved, both ends have proved
their identity. Further information is exchanged.
-client ACK 655 12.23.34.45 123 0
- | | | +-> options
- | | +----> estimated weight
- | +------------> IP address of server as seen by client
- +--------------------> UDP port of client
-
-server ACK 655 21.32.43.54 321 0
- | | | +-> options
- | | +----> estimated weight
- | +------------> IP address of client as seen by server
- +--------------------> UDP port of server
+client ACK 655 123 0
+ | | +-> options
+ | +----> estimated weight
+ +--------> listening port of client
+
+server ACK 655 321 0
+ | | +-> options
+ | +----> estimated weight
+ +--------> listening port of server
--------------------------------------------------------------------------
This new scheme has several improvements, both in efficiency and security.