RE: OMB: IPv6 by June 2008

Mailman List Mirror (Read Only)
1

> Compare with SSL (works out-of-the-box in 99.999% cases,
> and allows both, full and hard security with root certificates etc,

or

> simple security based on _ok, I trust you first time, then we can
> work_.

If I'm on the same shared medium as you I can kill your SSL session
with one packet.

Only if shared medium = vanilla CSMA/CD Ethernet or the like.

Just because 'transport' is shared, doesn't mean you as the consumer of
information carried by the network have visibility.

2

Or air.

If the medium isn't shared then if it's a thin pipe, it's subject to DoS (I mean the type where you don't even need a zombie army) and if it's a fat one, an attacker still gets to break the TCP sessions with SSL running over them. (This requires a few million packets.)