> > Thus the 16 byte hash is stuck in the data part. > > If a unsuspecting host gets this packet it expects > > data in the portion where the hash now is in place. > > First of all, the hash is in the TCP header (I think you're > confused by > the description of the hash calculation), and second this mechanism > must always be manually configured between two hosts so the > "unsuspection host" scenario doesn't apply.
=> I suspect that it must be configured all the time to avoid something similar to a bidding down attack where MITM sends unauthenticated packets. So the manual config acts like an SPD does for IPsec. Hesham > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [EMAIL PROTECTED] > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > ======================================================== This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. ======================================================== -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
