On 08/19/2014 12:07 PM, Nico Williams wrote:
On Tue, Aug 19, 2014 at 7:53 AM, Brandon Williams
<[email protected]> wrote:
This approach does not meet the security requirements that I'm interested
in: MITM is authorized to reframe the data stream for transport optimization
purposes, but is not authorized to decrypt or inject data. Splitting
transport layer authentication at the TCP termination points could be done
without violating the security policy, but splitting tcpcrypt could not, at
least not as it's currently defined.
If the octet stream has nested framing (basically a length an
authentication tag) then the properties you want can be had and you
can still have CB and the proxy needn't be trusted.
Agreed, provided that the authentication on the nested framing doesn't
extend to the TCP headers themselves, as in some of the proposals.
It costs more overhead, but not because of CB but because what you
want + integrity protection pretty much requires extra overhead
(unless I'm missing something).
Agreed, though the extra overhead for framing shouldn't be too bad. Or
are you thinking of overhead from something more than just the effort of
framing the octet stream?
If you want encryption without integrity protection, then I'm afraid
that's a bad idea.
Agreed. That's definitely not something I would suggest.
--Brandon
--
Brandon Williams; Senior Principal Software Engineer
Emerging Products Engineering; Akamai Technologies Inc.
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
