On 3/16/2015 8:43 AM, marcelo bagnulo braun wrote:
> We would like to ask the WG to express their support to adopt one (or
> none) of the following documents as WG document that will serve as a
> basis for the protocol specification. Of course, the draft, if adopted,
> will need to updated according to the WG input. In particular, they need
> to be updated to not protect the TCP header.
First, as discussed on the list, this is inaccurate; at best, you'll be
updating them to not protect SOME of the TCP header. Any information
that is processed before the TCP header AND makes interpretation of that
header conditional on success, by definition *protects* at least some of
the header.
Given that provision, I propose that draft-touch-tcp-ao-enc is also a
viable candidate, given the following changes:
- configuration-based use of a connection identifier,
used instead of the address/port pair to associate the
connection messages with the security context
- when that identifier is used, it protects the SYN/FIN/RST
and some other similar fields of the header (TBD)
For the record, *of the selections below*, I would have to see the
changes required to support the changes indicated above before being
able to indicate a preference. At this point, my initial preference is
for the TLS approach because it appears to interact more simply with TCP.
Joe
> The candidate drafts are:
>
> https://datatracker.ietf.org/doc/draft-bittau-tcpinc-tcpcrypt/
> https://datatracker.ietf.org/doc/draft-rescorla-tcpinc-tls-option/
>
> We plan to discuss this on the meeting but it would be useful to start
> the discussion before the meeting, so if you can express your opinions
> before the meeting, it would be helpful.
>
> Regards, marcelo (on behalf of the co chairs)
>
> _______________________________________________
> Tcpinc mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/tcpinc
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
