On 13 October 2014 06:20, Brandon Williams <brandon.willi...@akamai.com> wrote: > I prefer option 1 for the reasons that John and Michael state.
My analysis of the header (which I can share) indicates that there is very little value in protecting anything in the header (or pseudoheader, which I note was not considered in the OP). Acknowledgements are difficult, but if you consider the modes of attack and the potential outcomes for an attacker, it isn't that interesting. An on-path attacker can (maybe) cause a sender to alter their sending rate by falsifying or adjusting the acknowledgment values. But that reduces to a DoS attack at either extreme. And most on-path attackers have a greater capacity to do that anyway. _______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc