Re: [tcpinc] Encryption of TCP Options

2016-04-29 Thread Fred Baker (fred)
oops, missed your observation re SACK. Yes, that firewall would get pretty well screwed by an encrypted SACK option. > On Apr 29, 2016, at 11:29 AM, Scharf, Michael (Nokia - DE) > wrote: > >>> On Apr 28, 2016, at 9:26 AM, to...@isi.edu wrote: >>> >>> I guarantee

Re: [tcpinc] Encryption of TCP Options

2016-04-29 Thread Scharf, Michael (Nokia - DE)
> > On Apr 28, 2016, at 9:26 AM, to...@isi.edu wrote: > > > > I guarantee someone will show us a middlebox that NEEDS to modify > every > > option we currently have and every option we will ever create. > > I'd put it the other way around. The fact that middleware *can* get to > something lets

Re: [tcpinc] Encryption of TCP Options

2016-04-29 Thread Scharf, Michael (Nokia - DE)
> But more to the point, what is your concrete proposal? 1. Get an ExId from IANA. I think filling out http://www.iana.org/form/protocol-assignment can be done in 5min. This can be done by anybody interested in experimenting with TCP options, because it is clear that there is a need to

Re: [tcpinc] Encryption of TCP Options

2016-04-29 Thread Scharf, Michael (Nokia - DE)
> More importantly, I don't want to keep re-litigating this point. If you'd > formed working group consensus around getting an ExID, we would have switched > to RFC6994. At this point, we're on the home > stretch for an RFC and have a bunch of deployed code out there, so our > efforts are