On 6/7/20 3:20 PM, Joseph Touch wrote:
TLS isn’t “transport layer”. It’s app-layer.
TCP-AO is transport layer - and would similarly protect against middlebox modifications.
That's my point: TLS leaves the transport layer unprotected.
Mike
Joe
On Jun 7, 2020, at 2:16 PM, Michael Thomas <mike@xxxxxxxx> wrote:
On 6/7/20 12:39 PM, Christian Huitema wrote:
On Jun 7, 2020, at 12:08 PM, Joseph Touch <touch@xxxxxxxxxxxxxx> wrote:
Overall, I’d feel a lot better about upending transport checksums if we had evidence that the checksum wasn’t catching errors. If the checksum is correct because it’s being constantly recomputed without being checked, a new alg won’t fix the issue.
Or, use a keyed cryptographic checksum and do not give the key to middleboxes.
I've always had an unease about transport layer security vs transport IPsec. At least I now have something to hang my hat on.
Mike
