Eggert, Lars <l...@netapp.com>:
> So focus the focus should be on the payload, and interoperability should > trump protection against other attacks. As should have become clear, I completely agree with this. I think that *optional* protection against further attacks is desirable (allowing applications to request further protection, which will potentially be detrimental to interoperability -- but won't hinder widespread deployment of default encryption, because it only applies when applications opt in). That would rule out proposals that can handle the payload only (unless you add really ugly encapsulation to them for the optional-feature case, that is). On the other hand, payload-only protection makes it easier to handle the crypto in a mostly separate layer. While it could be seen as a layering violation and thus as a design bug, I appreciate that it will make implementation and deployment easier. Bodo
_______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc