As we discussed in the meeting, everybody who cares about the integrity protection of the services provided by the TCP headers should send email to the list and explain why TCP header bit X should be integrity protected, and what kind of attacks are possible if we do not protect it.
Also explain what the receiving end should do if it detects attack against the protected piece (i.e. either real active attacker attack, or middlebox messing that thing up). Note, that we do assume that the actual data stream is always integrity protected and encrypted, and that integrity protection of the data stream do include protection against replay, reordering and data dropping attacks. That protection is integral part of the data stream protection and how it is technically done is different thing, but you can assume it is there. I.e. sequence number offers two services, one is ordering of the frames and to detect if there is gaps, replays, or reorderings, the second one is the other end sending acks based on the sequence numbers to acknowledge the data. The first service will be protected always, and it can be done either by protecting the data stream offset calculated from the sequence number, or with some other means (for example tls record layer has its own internal sequence number protecting against same things). The second service will not be protected by default, so if that one also needs protection explain what attacks is possible if we do not protect acks. Send your commends to the list before the end of this month, i.e. before 2014-11-30. Also AD suggested that we should have interm meeting to talk about those things before Christmas, but I do not have any proposals for dates for it yet, but just wanted to give you heads up. -- [email protected] _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
