On Tue, Jul 29, 2014, at 07:49 PM, Nico Williams wrote:
> The obvious problem is NAT traversal...  Sure, you can leave the port
> numbers out, but middleboxes might still rewrite the sequence numbers,
> and if you don't protect the sequence numbers...  The obvious thing is
> to repeat the sequence numbers.

tcpcrypt handles sequence number rewriting just fine.  You MAC the
offset from ISN, not the absolute sequence number.

Mark

_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc

Reply via email to