The TCP-ENO option can be used in the future to negotiate additional security protocols beyond the one(s) we define now.
Thanks, --David From: Tcpinc [mailto:[email protected]] On Behalf Of Yoshifumi Nishida Sent: Tuesday, March 08, 2016 4:58 PM To: Mirja Kühlewind Cc: tcpinc; Smith, Kevin, (R&D) Vodafone Group; Black, David Subject: Re: [tcpinc] tcpcrypt - what's encrypted? Hi, I know it, but, I have a naive question here, although I'm not sure if it's a proper question. Let's say tcpcrypt is defined well and becomes successful, then after for a while, we realize some needs for header protections in TCP level. In this case, do we build new one from scratch or do we have other visions? Thanks, -- Yoshi On Tue, Mar 8, 2016 at 6:54 AM, Mirja Kühlewind <[email protected]<mailto:[email protected]>> wrote: That was discussed early after starting of the working group and the group decided to not encrypt any header fields to increase deployability. Mirja > Am 08.03.2016 um 15:16 schrieb Black, David > <[email protected]<mailto:[email protected]>>: > > That's correct - the TCP headers are not encrypted by any tcpinc security > protocol (the > TLS profile is similar in this regard). To encrypt TCP headers, something > like IPsec is > needed. > > Thanks, --David > > >> -----Original Message----- >> From: Tcpinc >> [mailto:[email protected]<mailto:[email protected]>] On Behalf >> Of Smith, Kevin, (R&D) >> Vodafone Group >> Sent: Tuesday, March 08, 2016 6:05 AM >> To: tcpinc >> Subject: [tcpinc] tcpcrypt - what's encrypted? >> >> Apologies if this is obvious and I've missed it in the docs - but please can >> someone >> confirm if the TCP protocol itself is encrypted as part of tcpcrypt, i.e. >> the ACKs, >> MSS, cwnd etc. etc. will not be visible to any middleboxes? A quick test >> shows >> them still visible to a packet capture... >> >> Cheers >> Kevin >> >> >> >> >> _______________________________________________ >> Tcpinc mailing list >> [email protected]<mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/tcpinc > > _______________________________________________ > Tcpinc mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/tcpinc _______________________________________________ Tcpinc mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tcpinc
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
