This seems to make lots of sense: specifying the scope of which data is
to be encrypted and which is to be encrypted and authenticated with a
specific key and AEAD scheme should only occupy a few paragraphs and can
be specified almost independently from schemes as to how to arrive at
the shared key. So, time is best spent being creative on the latter now.
Rene
As we discussed in the meeting, we should try to make some design
decisions for TCPINC.
One of them is whether to protect or not the TCP header.
is clearly, not to decide. The charter should leave the level of TCP
header protection open. May the best proposal win.
On 8/1/2014 8:17 AM, ianG wrote:
(rewriting the subject line back to the header thread)
On 30/07/2014 04:20 am, David Mazieres expires 2014-10-27 PDT wrote:
Look, all of these proposals can obviously run into issues with
particularly aggressive middleboxes. But at least in the case of
tcpcrypt, we've been working on this for years and have actual
deployment experience. So the stuff does actually work with the common
middleboxes like NATs. While there are certainly open issues to
discuss, do give us some credit for overcoming a lot of the most basic
problems like this.
So, that should be the answer to "how much header is protected?" It is
protected to the extent that proposed and tested solutions find it
reasonable to protect. Let the data decide.
Am I the only one who finds the thread surreal? The answer to this:
Marcelo wrote:
As we discussed in the meeting, we should try to make some design
decisions for TCPINC.
One of them is whether to protect or not the TCP header.
is clearly, not to decide. The charter should leave the level of TCP
header protection open. May the best proposal win.
iang
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
--
email: [email protected] | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
