On 28 July 2014 12:04, Bodo Moeller <[email protected]> wrote: >> - Protecting the sequence number. For example, the TCP-Minion group >> is very keen on being able to decrypt and use TCP packets out of >> order. Protecting the sequence number is one way for them to >> achieve that goal. > > > Payload protection already implies that byte position in the plaintext octet > stream will be protected, so protecting the TCP sequence number should not > be necessary. > > However, allowing out-of-order processing is a reasonable (new) > requirements. I think this is a new requirement in that it doesn't follow > from the charter. (Regardless of whether we protect the sequence number as > such, it would be easy to come up with a design that prevents out-of-order > processing.)
I believe that Minion already has good protection for sequence numbers. They have recommended the use of DTLS, which provides adequate protection in this regard. That isn't perfect, because an attacker can move DTLS frames around in the stream, but that requires MitM, for which this sort of DoS isn't particularly interesting. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
