i just read the manual on nl.linux.org and the data doesnt
seems to be protected against the replay attack.
esp/ah provides a very simple way to handle it (a counter
on the send part and a window in the receiving one).
it would worth to do it.
i wanted to look at the meta protocol but the echanges arent
described (only commands) so i cant to estimate the security.
it would be a good idea to perform a description of the key
exchange part. (or maybe i missed it ?)
ps: cc' me in case of reply.
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
