On 7/18/2017 3:43 PM, Tom Herbert wrote: >> TCP must be E2E and fall back to legacy endpoints without a reconnection >> attempt, as required by RFC793. >> >> These aren't generic solutions; they're attacks on a TCP connection, IMO. >> > I agree. This seems be akin to stateful firewalls model that impose > artificial requirements on networking (like every TCP packet for a > connection must got through some middlebox or the connection is > dropped). We need to move things back to E2E semantics for transport > protocols-- nodes that try to maintain transport state in the network > should be considered the problem not the solution! I'm a little less concerned with state in the network (link layers have state too - both hard and soft).
My primary concern is this as an attack on TCP - or its equivalence to an attack. I though the point of true TCP and lower layer security was to prevent such attacks. Perhaps that's why I consider TLS and TCPcrypt to be so badly misnamed. They don't protect *TCP* at all. Joe