Hacker News new | past | comments | ask | show | jobs | submit login

No results for searching for "secur*" on that page. Are there any risks?

I also miss a discussion of how the protocol avoid denials of service once it's assumed that the UDP comes from any address -- if every packet from any address actually has to be decrypted.

Denial of service concerns seem to be at least briefly discussed in the paper (which I have not finished reading yet):

  2 We do not prevent against a denial-of-service attack where an ac-
  tive attacker intercepts packets and resends them under its own IP ad-
  dress to fool the server’s roaming detection. Such an attack would not
  compromise the confidentiality of the connection but would disrupt it.
(Not the same scenario as you are describing, but still.)

Try searching for "aes" and "ocb".

Ah thanks. Missed that in my cursory glance. I'm still curious as to the ramifications for sysadmins. SSH hardening guides have been around since forever. While this doesn't dramatically change things do you think it still needs some reliable advice on best use (static UDP ports etc)?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact