Hi Paul On Wed, Sep 30, 2015 at 08:08:16AM -0700, Paul Hoffman wrote: > >To choose an extreme example, it seems likely that choosing to calculate a > >parity bit would be much computationally cheaper than calculating a > >SHA-256 digest. However, a parity bit would not offer much protection > >against off-path attacks. > > Indeed. And this still calls into question whether trying to engineer a > solution like this is a better idea than just using TCP.
Joe is talking about the case when a simple parity bit algorithm is in
use where it is trivial to attack the scheme. I may not have followed
what you are referring to in your reply. Are you saying that when using
a cryptographic hash (such as even SHA-1), the CHECKSUM method is
vulnerable?
The topic of why TCP is not ready yet to be used exclusively has been
addressed in this thread, or another adjacent thread about CHECKSUM. We
aren't exclusively using it and until that switch is flipped which is
still far away, we need to protect UDP.
Mukund
pgpOWFOR45lhL.pgp
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
