On Sat, Apr 14, 2007 at 10:58:18AM -0700, Stephen Fisher wrote:
> On Sat, Apr 14, 2007 at 02:35:31PM +0200, Sake Blok wrote:
>
> > Although I'm still interested in a theoretical answer to the problem
> > of keeping state info on a per packet basis (see below), here is a
> > workaround for the bug.
>
> Would this be better fixed using per-packet state information?
Uhmm... well, with this workaround there is still a (very slim)
chance that the first 4 octets of an encrypted handshake message
look like an unencrypted handshake message.
I guess the simpleness of this workaround has it's advantages over
trying to solve it through per-packet state recording. My suggestion
will be to use this patch for now and I will look into solving it
with state information.
I guess it's a trade-off between being practical and being exact :)
Cheers,
Sake