On Tue, Jul 29, 2014, at 07:49 PM, Nico Williams wrote: > The obvious problem is NAT traversal... Sure, you can leave the port > numbers out, but middleboxes might still rewrite the sequence numbers, > and if you don't protect the sequence numbers... The obvious thing is > to repeat the sequence numbers.
tcpcrypt handles sequence number rewriting just fine. You MAC the offset from ISN, not the absolute sequence number. Mark _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
