On Fri, Aug 1, 2014 at 8:56 AM, Rene Struik <[email protected]> wrote: > This seems to make lots of sense: specifying the scope of which data is to > be encrypted and which is to be encrypted and authenticated with a specific > key and AEAD scheme should only occupy a few paragraphs and can be specified > almost independently from schemes as to how to arrive at the shared key. So, > time is best spent being creative on the latter now.
Well, obviously the entire ordered octet data stream (wither PSH? URG?) needs protection, as does FIN handshaking and RST. Port numbers, for example, are of relatively little interest to protect (if no peer authentication is afforded). TCP options are of interest, mostly in so far as protecting them may (or may not) be necessary to protect the data stream. Nico -- _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
