On Fri, Aug 1, 2014 at 2:59 PM, Eric Rescorla <[email protected]> wrote: > I do think it is helpful to discuss the requirements the proposals are > aiming to hit, however. That way people can adjust their proposals > to meet the relevant needs.
+1. Above all: integrity protection for the entire pair of data octet streams. Required as an option, if not alway: confidentiality protection (encryption). Obviously required: protection for any TCP options where not protecting them implies failure to protect the data streams. Highly desirable: integrity protection for close/ EOF / RST. Highly desirable: integrity protection for PSH and URG or deprecate them. Anywhere from not, to barely, to mildly desirable: integrity protection for everything else, including port numbers. (Especially if the server can authenticate with a private key which can be validated by the client using DANE -- who cares about port numbers then?) Nico -- _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
