we've put up a new draft of tcpcrypt: http://www.scs.stanford.edu/~dbg/tcpcrypt/
the major change is to eliminate vulnerability to header-manipulation and resegmentation by moving all but the initial protocol negotiation into the TCP datastream. because most of the protocol is now logically built atop a reliable stream instead of unreliable segments, this leads to some simplifications; for example, the previous, boutique authenticated-encryption algorithm has been replaced with standard AE modes. also it seems that extensions to the key-exchange or application subprotocols should be easier. nevertheless, we've made some effort to allow for implementations that prefer to intervene not at the socket level, but rather at the packet level, "underneath" TCP. here, it will be possible to reframe and protect the contents of outgoing segments, and similarly to unframe incoming ones before passing them to the local TCP. in the perhaps-rare case of resegmentation, incomplete frames would have to be buffered until they can be coalesced and decrypted. some small details remain to be specified: the protocol allows arbitrarily-sized messages in several places, and we'll need to limit these to permit finite-sized buffers. we'd be grateful for comments. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
