On 10/6/2014 11:32 PM, John-Mark Gurney wrote: > Yes, I did think of a framing protocol (see comments on MAC in > payload), but any framing protocal does immediately increase the > complexity of the protocol...
It means that TCP no longer becomes a segment-oriented protocol. Right now, TCP receivers need touch user data only once - when it copies/moves it into the socket buffer. Putting option context in-band (vs. in the option space) means that you have interactions between retransmission and reordering and the option protocol. I.e., you end up potentially sending ACKs for segments received that you would have dropped if you had checked their security context. At that point, you open up a deep can of other vulnerabilities and complexities. Joe _______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc