On 6/7/20 12:39 PM, Christian Huitema wrote:
On Jun 7, 2020, at 12:08 PM, Joseph Touch <touch@xxxxxxxxxxxxxx> wrote:
Overall, I’d feel a lot better about upending transport checksums if we had evidence that the checksum wasn’t catching errors. If the checksum is correct because it’s being constantly recomputed without being checked, a new alg won’t fix the issue.
Or, use a keyed cryptographic checksum and do not give the key to middleboxes.
I've always had an unease about transport layer security vs transport
IPsec. At least I now have something to hang my hat on.
Mike
