On 28 July 2014 09:45, Bodo Moeller <[email protected]> wrote:
> I'd like to see a more coherent and more complete story.
pseudoheader_v4 = source_address(32) + destination_address(32) +
zero(8) + protocol(8) + tcp_length(16)
pseudoheader_v6 is essentially identitcal to _v4.
tcp_header = source_port(16) + destination_port(16) +
sequence_number(32) + acknowledgement_number(32) +
data_offset(4) + flags(12) + window(16) +
checksum(16) + urgent_pointer(16) + options(?)
My quick analysis suggests that none (0) of these need protection,
with the possible exception of FIN and RST. I think that having
authentication for these parameters during periods of activity is - or
could be - a good thing. However, I would be against requiring them
to be authenticated, particularly if that meant doing as Joe suggests
and having the connection run a keep-alive. (I didn't realize that is
a feature of TCP-AO, but that makes it very poorly suited for mobile
devices.)
I haven't surveyed
http://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-1
though it seems likely that these could need protection. Maybe we can
say that 29 definitely doesn't to start with.
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
