On 2014-7-28, at 16:00, Erik Nygren <e...@nygren.org> wrote: > I do wonder if protecting RSTs and thus other parts of the header as well is > more tractable with both endpoints using IPv6 (where NAT66 is strongly > discouraged and privacy addressing may help some with the reboot case > depending how how clients handle rotating priv addrs across reboots) ?
Maybe. With privacy addressing, if one side reboots, it can't send a protected RST anymore anyway (because it will generate a different source address, which the other side won't accept an RST from). Lars
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc