On 2020-06-08, at 01:52, Salz, Rich <rsalz=40akamai.com@xxxxxxxxxxxxxx> wrote: > >> Because the TCP headers aren't part of the hmac digest? Am I missing > something? > > And how does that affect the application data? What corruption of TCP headers would not end up being noticed at the application layer and therefore TLS? Noticed, sure. It is still a performance bug if transfers need to be redone from scratch just because the TCP checksum failed to catch corruption. As the transfers get longer, the probability of some corruption approaches one, so the number of transfer attempts needed before one goes through goes through the roof. (Literally the first thing I did on the IP network of this university, when I came here in 1993, was to find the reason for random file corruption in the network. Of course, it was a Sun NFS server with a failing Ethernet card. At the time, UDP checksums were generally switched off for NFS, but even if they would have been switched on, we’d just seen the corruption ~ 2**-16 as often. Security protocols used right would have protected us from this and would have made the bit errors a performance statistic…) TL;DR: Don’t use the network without security. But if the secure protocols fail to recover, you still have a problem. QUIC completely solves this particular problem; only TLS/TCP has it, DTLS doesn’t. Grüße, Carsten