On Tue, Oct 7, 2014 at 2:04 AM, John-Mark Gurney <[email protected]> wrote:
> marcelo bagnulo braun wrote this message on Mon, Oct 06, 2014 at 19:01 > +0200: > > The options we can identify are the following ones: > > - Protect only the payload (don't include any of the TCP header fields > > in the MAC calculation) > > If this does not include the sequence number, then how can we possibly > prevent replay attacks? As you discuss later, preventing replay > attack IMO should be done as it isn't that much more difficult... You can protect replay attacks on the payload by incorporating a sequence number into the integrity check. This is how TLS works ordinarily. -Ekr
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
