[e2e] How TCP might look with always there ESP

Robert Moskowitz rgm-ietf at htt-consult.com
Wed Jul 18 05:40:31 PDT 2001


At 01:50 PM 7/17/2001 -0400, Craig Partridge wrote:

>In message <5.1.0.14.2.20010717091427.02495ea0 at localhost>, Robert 
>Moskowitz wri
>tes:
>
> >First we would drop the CRC checksum.  All of the ESP auth methods are much
> >stronger.
>
>Addendum to my last note (kudos to Hilarie here).  Because all the ESP
>auth methods have far more bits in their sum, they're (but for certain
>presumably rare cases) stronger than the 16 bit TCP checksum.

Plus, Craig, you might remember way back on a list we are on a discussion 
of an ATM implementatino (in error of course) that managed to scramble a 
TCP packet is such a way that the TCP checksum did not catch the 
error.  The nature of all current ESP auth modes would have failed to 
authenticate with such a packet content reordering.





More information about the end2end-interest mailing list