At Wed, 30 Jan 2008 17:59:51 -0000, Dave Korn wrote: > > On 30 January 2008 17:03, Eric Rescorla wrote: > > > >>> We really do need to reinvent and replace SSL/TCP, > >>> though doing it right is a hard problem that takes more > >>> than morning coffee. > >> > >> TCP could need some stronger integrity protection. 8 Bits of checksum isn´t > >> enough in reality. (1 out of 256 broken packets gets injected into your TCP > >> stream) Does IPv6 have a stronger TCP? > > > > Whether this is true or not depends critically on the base rate > > of errors in packets delivered to TCP by the IP layer, since > > the rate of errors delivered to SSL is 1/256th of those delivered > > to the TCP layer. > > Out of curiosity, what kind of TCP are you guys using that has 8-bit > checksums?
You're right. It's 16 bit, isn't it. I plead it being early in the morning. I think my point now applies even moreso :) > > Since link layer checksums are very common, > > as a practical matter errored packets getting delivered to protocols > > above TCP is quite rare. > > Is it not also worth mentioning that TCP has some added degree of protection > in that if the ACK sequence num isn't right, the packet is likely to be > dropped (or just break the stream altogether by desynchronising the seqnums)? Right, so this now depends on the error model... -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
