Mirja Kühlewind writes:
> Hi all,
>
> I briefly brought this up in the last meeting and would like to start
> the discussion on the mailing list now. The working group decided that
> tcpinc will not encrypt the TCP header for good reasons. However, it
> would still be possible to encrypt TCP opti
Hi, all,
TCPINC decided not to include any protection for the TCP header.
TCP options are part of the TCP header.
Sorry, but I have absolutely no idea why they would be asking now for a
way to protect part of the TCP header when they've already so clearly
decided otherwise.
If you're not protec
On Wed, Apr 27, 2016 at 07:38:17am +, Scharf, Michael (Nokia - DE) wrote:
> As far as I understand, encrypting MSS, WS, and SACK would be very
> challenging.
Well, for MSS I'd want to be able to alter it in a middle box, despite the
DOS (slow down) attack this yields - simply because of the
I think this could be done for non-SYN options that do not modify the semantics
of the key TCP header fields. But there are not to many of those options and
putting them inside TCPINC gets relatively close to developing a new shim layer
transport inside a "TCPINC tunnel".
As far as I understand