[e2e] end2end-interest Digest, Vol 25, Issue 26

Jeremy Harris jgh at wizmail.org
Sun Mar 26 10:04:23 PST 2006


Michael Welzl wrote:
>>(2) Since the server is asked to do a perhaps signficant computation
>>     before the 3WHS has completed, it is an open invitation to
>>     DoS attacks.  (This would be OK if you could assume that all
>>    T/TCP clients were authenticated using IPsec,)
> 
> 
> 
> - exactly my thinking. So skipping the handshake would make sense
> in such an environment, right?
> 
> To me, there's just one open question. When all nodes authenticate
> themselves in a Grid, why don't they just set up and maintain TCP
> connections to each other forever?

Because processes come and go, I'd think.  Plus, perhaps, a dose
of "basic TCP can work to anywhere; it saves on management costs
to use it everywhere".

On the other side of the coin, in such a trusted environment, I
don't see why you shouldn't send

  1) -> SYN, query data, FIN
  2) <- SYN, response data, FIN, ACK(SYN+query+FIN)
  3) -> ACK(SYN+response+FIN)

without going the whole hog on T/TCP.


- Jeremy


More information about the end2end-interest mailing list