Re: The TCP and UDP checksum algorithm may soon need updating

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 6/7/20 3:20 PM, Joseph Touch wrote:
TLS isn’t “transport layer”. It’s app-layer.

TCP-AO is transport layer - and would similarly protect against middlebox modifications.

That's my point: TLS leaves the transport layer unprotected.

Mike


Joe

On Jun 7, 2020, at 2:16 PM, Michael Thomas <mike@xxxxxxxx> wrote:


On 6/7/20 12:39 PM, Christian Huitema wrote:
On Jun 7, 2020, at 12:08 PM, Joseph Touch <touch@xxxxxxxxxxxxxx> wrote:

Overall, I’d feel a lot better about upending transport checksums if we had evidence that the checksum wasn’t catching errors. If the checksum is correct because it’s being constantly recomputed without being checked, a new alg won’t fix the issue.
Or, use a keyed cryptographic checksum and do not give the key to middleboxes.

I've always had an unease about transport layer security vs transport IPsec. At least I now have something to hang my hat on.

Mike






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux