Here's my bid:
Highly desirable: as easily deployable as TCP is, including
kernel-to-kernel TCP.
Craig
On 8/1/14 5:11 PM, "Nico Williams" <[email protected]> wrote:
>On Fri, Aug 1, 2014 at 2:59 PM, Eric Rescorla <[email protected]> wrote:
>> I do think it is helpful to discuss the requirements the proposals are
>> aiming to hit, however. That way people can adjust their proposals
>> to meet the relevant needs.
>
>+1. Above all: integrity protection for the entire pair of data octet
>streams.
>
>Required as an option, if not alway: confidentiality protection
>(encryption).
>
>Obviously required: protection for any TCP options where not
>protecting them implies failure to protect the data streams.
>
>Highly desirable: integrity protection for close/ EOF / RST.
>
>Highly desirable: integrity protection for PSH and URG or deprecate them.
>
>Anywhere from not, to barely, to mildly desirable: integrity
>protection for everything else, including port numbers. (Especially
>if the server can authenticate with a private key which can be
>validated by the client using DANE -- who cares about port numbers
>then?)
>
>Nico
>--
>
>_______________________________________________
>Tcpinc mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/tcpinc
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
