Hacker News new | past | comments | ask | show | jobs | submit login

Just use IPsec, and then use UDP normally.



"IPsec" doesn't always protect you against replay attacks for encapsulated UDP packets (unlike TCP which protects itself).


I thought that was the point of the Authentication Header Sequence Number and the sliding window? If you can tolerate occasional lost packets you can require they only increase and achieve complete protection, no?


Yes, you're absolutely right about the existence of Seq. Numbers in IPsec. However, it might not always be enabled, that is if you're using manual keying (and not IKE).

http://www.ietf.org/mail-archive/web/ipsec/current/msg05871....




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: