Earlier Eliot Lear wrote: % Just a historical note on this point. When the NSRG considered % architectural separation of identifier and locator, Steve Deering % made the point that, particularly at layer 4, there are at least % weaksecurity benefits from having the transport use the IP address % as part of the pseudo-checksum.
Eliot's history is sadly incomplete in ways that truly matter... 1) A majority of the NSRG participants present, and everyone with any security background present, clearly disagreed with Steve Deering's claim at the time, speaking as someone who participated in the entire NSRG lifetime (unlike Eliot). 2) It is likely that the *entire* IETF Security Area disagrees with the claim made above; one could confidently say that the vast majority of the IETF Security Area disagrees with that claim. Frankly, the claim is just silly. There are *zero* security benefits from having the transport-layer pseudo-header checksum include the IP address. Zip. None. Zero. Yours, Ran [email protected] _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
