[e2e] How TCP might look with always there ESP
Robert Moskowitz
rgm-ietf at htt-consult.com
Wed Jul 18 05:40:31 PDT 2001
At 01:50 PM 7/17/2001 -0400, Craig Partridge wrote:
>In message <5.1.0.14.2.20010717091427.02495ea0 at localhost>, Robert
>Moskowitz wri
>tes:
>
> >First we would drop the CRC checksum. All of the ESP auth methods are much
> >stronger.
>
>Addendum to my last note (kudos to Hilarie here). Because all the ESP
>auth methods have far more bits in their sum, they're (but for certain
>presumably rare cases) stronger than the 16 bit TCP checksum.
Plus, Craig, you might remember way back on a list we are on a discussion
of an ATM implementatino (in error of course) that managed to scramble a
TCP packet is such a way that the TCP checksum did not catch the
error. The nature of all current ESP auth modes would have failed to
authenticate with such a packet content reordering.
More information about the end2end-interest
mailing list