On 20-10-2014 21:52, Ian Grant wrote: > How else can one protect a system from DoS attacks, other than by > concealing it some way? And what is cryptography if it's not > concealing the meaning of a communication in some way? Oh my. DoS can be mitigated. You could never "protect" a system. Even if there isn't any port open, they can flood you uplink, even if you stop sending FIN or ACK. There is UDP. Cryptography is not just concealment. It's integrity. It's authentication (in some cases). So it's the only way to be sure your message wasn't modified because the math behind it is solid. > Sure they can see it, but that's not going to tell them where it went > next. So they can analyse all the traffic and what they learn from > that won't be worth knowing half an hour later. Man, real time traffic analysis. We told you so many times. They'll learn it right away. Because they can see ALL traffic in real time. Simple as that. > I live in Bolivia, and > I want to implement something like this here, so that the Bolivian > government can have secure communications within Bolivia, and across > her borders. I live in Brazil. And I'm aware of the situation of many countries in South America, ours included. If you want that, please tell them to use known and proven cryptography solutions such as Tor, IPSEC, Off the record messaging, etc. Do not reinvent the wheel, because it will only make their traffic stand out even further. > I can make and a maintain any modifications to OpenBSD that I please. Of course you can. But if you go along these lines of reinventing the wheel and security through obscurity you'll never get your contributions into it.
Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
