On 7/28/2014 11:26 AM, Martin Thomson wrote:
On 28 July 2014 09:45, Bodo Moeller <[email protected]> wrote:
I'd like to see a more coherent and more complete story.
pseudoheader_v4 = source_address(32) + destination_address(32) +
zero(8) + protocol(8) + tcp_length(16)
pseudoheader_v6 is essentially identitcal to _v4.
tcp_header = source_port(16) + destination_port(16) +
sequence_number(32) + acknowledgement_number(32) +
data_offset(4) + flags(12) + window(16) +
checksum(16) + urgent_pointer(16) + options(?)
My quick analysis suggests that none (0) of these need protection,
with the possible exception of FIN and RST. I think that having
authentication for these parameters during periods of activity is - or
could be - a good thing. However, I would be against requiring them
to be authenticated, particularly if that meant doing as Joe suggests
and having the connection run a keep-alive. (I didn't realize that is
a feature of TCP-AO, but that makes it very poorly suited for mobile
devices.)
Keep alive or a liveness feature is required to deal with RST. It has
nothing to do with any other fields.
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
