On Fri, Aug 1, 2014 at 2:11 PM, Nico Williams <[email protected]> wrote:
> On Fri, Aug 1, 2014 at 2:59 PM, Eric Rescorla <[email protected]> wrote: > > I do think it is helpful to discuss the requirements the proposals are > > aiming to hit, however. That way people can adjust their proposals > > to meet the relevant needs. > > +1. Above all: integrity protection for the entire pair of data octet > streams. > > Required as an option, if not alway: confidentiality protection > (encryption). > > Obviously required: protection for any TCP options where not > protecting them implies failure to protect the data streams. > Can you elaborate here? > Highly desirable: integrity protection for close/ EOF / RST. > For reasons that people have already gone onto on the list, I think this minimally needs to be optional. -Ekr Highly desirable: integrity protection for PSH and URG or deprecate them. > > Anywhere from not, to barely, to mildly desirable: integrity > protection for everything else, including port numbers. (Especially > if the server can authenticate with a private key which can be > validated by the client using DANE -- who cares about port numbers > then?) > > Nico > -- >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
