Hi Robert,

On 04/04/15 19:11, Robert N. M. Watson wrote:
and it's not clear it will offer practical benefit nor allow the implementation 
to be at all efficient -- which is far more important to most FreeBSD users

Then what Putin stated public last year is absolutely true:

http://www.theguardian.com/world/2014/apr/24/vladimir-putin-web-breakup-internet-cia

The IPv4 protocol was intentionally designed to be such, that in any ways trying to make it more secure, will require additional CPU overhead, like keeping track of 2-tuples for generating per-stream IP IDs, that it will not be feasible in practice and then vendors will do insecure implementations instead of secure implementations to get the needed performance. The IP ID field was then intentionally designed to be too small, 16-bit. If Snowden leaks documents on this, would for sure confirm this claim.

OK, Robert, I fully understand and will not touch this issue any more before my head gets cut off :-) I appreciate your openness and willingness to share information on this issue. You know the IPv4 history even before I came to this world.

--HPS
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to