[e2e] How TCP might look with always there ESP
rgm-ietf at htt-consult.com
Wed Jul 18 05:40:31 PDT 2001
At 01:50 PM 7/17/2001 -0400, Craig Partridge wrote:
>In message <184.108.40.206.2.20010717091427.02495ea0 at localhost>, Robert
> >First we would drop the CRC checksum. All of the ESP auth methods are much
>Addendum to my last note (kudos to Hilarie here). Because all the ESP
>auth methods have far more bits in their sum, they're (but for certain
>presumably rare cases) stronger than the 16 bit TCP checksum.
Plus, Craig, you might remember way back on a list we are on a discussion
of an ATM implementatino (in error of course) that managed to scramble a
TCP packet is such a way that the TCP checksum did not catch the
error. The nature of all current ESP auth modes would have failed to
authenticate with such a packet content reordering.
More information about the end2end-interest