On 30 July 2014 11:12, Daniel Kahn Gillmor <[email protected]> wrote: > I note that we won't be able to fold these headers into a standard AEAD > construction with this approach, since stuffing RST and category 2 > headers into the AD spot will mean that any munging of the protected > header info would cause the payload to fail to decrypt, which removes > the ability of the receiver to decide whether it cares about these > protections. (This is an argument against Martin Thomson's TLS-based > proposal, as i understand it)
Trial decryption should work if it comes to that. It's only one bit. However, I don't think that I'd would encourage that. That assumes that you have a packet with RST that contains an attempt at authentication. A legitimate RST from a peer who has lost session keys won't contain any authentication tag at all. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
