Re: [IPsec] Question about ipsecme-tcp-encaps

> On 17 May 2017, at 22:12, Scott Fluhrer (sfluhrer) wrote: > > > > > My TCP may be rusty, but I think Alice’s legitimate packet has the sequence > number to indicate it is retransmitting the byte that Bob already has. I > don’t know if that means that the new data

Re: [IPsec] Question about ipsecme-tcp-encaps

From: tpa...@apple.com [mailto:tpa...@apple.com] Sent: Wednesday, May 17, 2017 3:44 PM To: Scott Fluhrer (sfluhrer) Cc: Yoav Nir; IPsecme WG (ipsec@ietf.org) Subject: Re: [IPsec] Question about ipsecme-tcp-encaps On May 17, 2017, at 12:12 PM, Scott Fluhrer (sfluhrer)

Re: [IPsec] Question about ipsecme-tcp-encaps

> On May 17, 2017, at 12:12 PM, Scott Fluhrer (sfluhrer) > wrote: > > > From: Yoav Nir [mailto:ynir.i...@gmail.com ] > Sent: Wednesday, May 17, 2017 2:54 PM > To: Scott Fluhrer (sfluhrer) > Cc: IPsecme WG (ipsec@ietf.org

Re: [IPsec] Question about ipsecme-tcp-encaps

From: Yoav Nir [mailto:ynir.i...@gmail.com] Sent: Wednesday, May 17, 2017 2:54 PM To: Scott Fluhrer (sfluhrer) Cc: IPsecme WG (ipsec@ietf.org) Subject: Re: [IPsec] Question about ipsecme-tcp-encaps On 17 May 2017, at 20:39, Scott Fluhrer (sfluhrer)

Re: [IPsec] Question about ipsecme-tcp-encaps

> On 17 May 2017, at 20:39, Scott Fluhrer (sfluhrer) wrote: > > I’ve been looking over the draft, and I think I see a potential DoS attack > that does not appear to be addressed. I’m writing this to see if there is > something I missed (and if there isn’t, start

[IPsec] Question about ipsecme-tcp-encaps

I've been looking over the draft, and I think I see a potential DoS attack that does not appear to be addressed. I'm writing this to see if there is something I missed (and if there isn't, start discussion on how we might patch things up). This is the scenario I'm looking at: Alice and Bob