Hi, I am thinking about dividing encrypting a TCP segment into the two parts: A) encrypt arbitrary part of a TCP segment and B) determine which parts of a TCP segment should be encrypted. Because I might want to think them separately if possible.
>From my point of view, when we encrypt TCP payload, we just mask the header part of the TCP segment before encryption. I am naively thinking that it's not very difficult to change masking areas. So, I am thinking designing TCPINC to do A) might be possible. OTOH, B) might need some more discussions and may take time as we may want to think and analyze the behavior of middleboxes. So, what I am wondering is if we can design A) while selecting TCP payload as the arbitrary part for the time being and continue discussions for B) for future extensions. -- Yoshi On Tue, Apr 26, 2016 at 11:50 PM, Mirja Kühlewind < [email protected]> wrote: > Hi all, > > I briefly brought this up in the last meeting and would like to start the > discussion on the mailing list now. The working group decided that tcpinc > will not encrypt the TCP header for good reasons. However, it would still > be possible to encrypt TCP options. This could help keeping confidentiality > and would avoid that a middle could alter information in a option or strip > it. Not sure if there is a case where some options should be encrypted and > some not but I guess that would be possible as well. Any thoughts? > > Mirja > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
