❦ 10 mars 2016 17:12 +0100, Andre Keller <[email protected]> :
> in the last few months we had several security audits and all of them
> proposed to disable tcp timestamps. (i.e. on Linux
> net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp
> relies on this and there might be implications for PAWS (tcp sequence
> number wrapping).
>
> What do you guys think about this?
By disabling it, the effective bandwidth of the TCP connections may
decrease quite a bit (much of RFC7323 relies on timestamps) and you
deprive yourself of some interesting workarounds when handling many
connections (RFC 1337 and the likes).
--
Soap and education are not as sudden as a massacre, but they are more
deadly in the long run.
-- Mark Twain
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
