On Wed, Mar 11, 2015 at 5:33 PM, Joe Touch <[email protected]> wrote: > Tero, > > Although I can't disagree with your assessment of the direct discussion > on protecting TCP headers, the conclusion below seems to ignore the > discussion on "Forcing the restart of a TCPINC connection". > > I wonder how people think their solution will magically protect against > forced restarts if the TCP header isn't included.
I agree. I don't think "don't protect the headers" is an accurate description of Honolulu if it also leaves the system exposed to resets, as there clearly was a fair amount of concern expressed about spurious resets. I'd like to reemphasize that any passive attacker infrastructure also trivially has the capability to inject a few packets-- just by having access to any non RPF filtered network connection anywhere in the world, without being a full scale man-in-the-middle. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
