On May 30, 2022, at 12:25 PM, Tero Kivinen <kivi...@iki.fi> wrote: > > I think we need to add text explaining how to detect when the TCP > length framing gets messed up by attacks, and how to recover (i.e., > close down the TCP channel and recreate the TCP channel).
The impact of RSTs can be limited for this purpose by recommending RFC5961 for these connections. But if even data injection has the same impact, it’d be much better to see if there’s a way to recover “sync” in the byte stream rather than expecting a new connection. Joe
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
