On Sun, Jun 07, 2020 at 11:52:36PM +0000, Salz, Rich wrote: > > Because the TCP headers aren't part of the hmac digest? Am I missing > something? > > And how does that affect the application data? What corruption of TCP headers would not end up being noticed at the application layer and therefore TLS? A sometimes significant issue is that if TLS is the thing that notices the corruption, the stream shuts down and any recovery steps need to be done by the application. Some applications don't do this well, so their application data can be badly affected. But in general a well-designed application protocol should have a way to recover fairly gracefully, as has been noted a few times upthread. -Ben
