Swaminathan P wrote:
Hi,
Can someone tell me if there is security issues that can arise if the
sequence number is made explicit?
Is there any specific reason for SSL to use implicit sequence number other
than the overhead?
I sincerely appreciate any help on this issue.
because it is simply not necessary in the protocol. Both receiver and
sender know the sequence numbers. if you stick the numbers inside the
packet frames, there is a conflict of interest: what application is
supposed to do with that number, use it in its computations instead
of the real one? what if they differ? and what if they are all
same (say, 0) because of the bug on the sender's side? the answer
is that the application should not use them if they're different from
its internal sequence counter. and when this requirement is in place,
there is obviously no _need_ to have them in the packet frame.
--
Lev Walkin
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
