RE: OMB: IPv6 by June 2008

> Compare with SSL (works out-of-the-box in 99.999% cases,
> and allows both, full and hard security with root certificates etc,


> simple security based on _ok, I trust you first time, then we can
> work_.

If I'm on the same shared medium as you I can kill your SSL session
with one packet.

Only if shared medium = vanilla CSMA/CD Ethernet or the like.

Just because 'transport' is shared, doesn't mean you as the consumer of
information carried by the network have visibility.

Or air.

If the medium isn't shared then if it's a thin pipe, it's subject to DoS (I mean the type where you don't even need a zombie army) and if it's a fat one, an attacker still gets to break the TCP sessions with SSL running over them. (This requires a few million packets.)