On 7/28/2014 9:35 AM, Stephen Farrell wrote:
On 28/07/14 17:29, David Mazieres wrote:
...
The reason it's useful to get this on the table early is that in the
abstract not all protocols are capable of producing a session ID with
the appropriate properties. In particular, the session ID must be
unique over all time with overwhelming probability even if one end of
the connection is malicious. As an example, I believe TLS could not do
this in the pre-RFC5929 days.
Right. So tcpcrypt and TLS based stuff can clearly do that. I'm
very unclear about Joe's proposal in that respect,
The current doc had not presented that information separately.
I'm assuming it would be the tuple of:
- non-changing TCP socket info (e.g., excepting the client-side
source IP and port info, for NAT traversal)
- the ISN pair
- the D-H nonce pair
But please don't take that as chiseled in stone; it's just my first
thoughts on this.
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
