At Wed, 30 Jan 2008 17:59:51 -0000,
Dave Korn wrote:
> On 30 January 2008 17:03, Eric Rescorla wrote:
> >>> We really do need to reinvent and replace SSL/TCP,
> >>> though doing it right is a hard problem that takes more
> >>> than morning coffee.
> >> 
> >> TCP could need some stronger integrity protection. 8 Bits of checksum isn´t
> >> enough in reality. (1 out of 256 broken packets gets injected into your TCP
> >> stream)  Does IPv6 have a stronger TCP?
> > 
> > Whether this is true or not depends critically on the base rate
> > of errors in packets delivered to TCP by the IP layer, since
> > the rate of errors delivered to SSL is 1/256th of those delivered
> > to the TCP layer. 
>   Out of curiosity, what kind of TCP are you guys using that has 8-bit
> checksums?

You're right. It's 16 bit, isn't it. I plead it being early in 
the morning. I think my point now applies even moreso :)

> > Since link layer checksums are very common,
> > as a practical matter errored packets getting delivered to protocols
> > above TCP is quite rare.
>   Is it not also worth mentioning that TCP has some added degree of protection
> in that if the ACK sequence num isn't right, the packet is likely to be
> dropped (or just break the stream altogether by desynchronising the seqnums)?

Right, so this now depends on the error model...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to