IETF Logo Mail Archive

[tcpinc] tcpcrypt - what's encrypted?

"Smith, Kevin, (R&D) Vodafone Group" <Kevin.Smith@vodafone.com> Tue, 08 March 2016 11:05 UTC

Return-Path: <Kevin.Smith@vodafone.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 554D212D5D2 for <tcpinc@ietfa.amsl.com>; Tue, 8 Mar 2016 03:05:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([127.0.0.1]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28hrQuoEjrY1 for <tcpinc@ietfa.amsl.com>; Tue, 8 Mar 2016 03:05:27 -0800 (PST)
Received: from mail1.bemta5.messagelabs.com (mail1.bemta5.messagelabs.com [195.245.231.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCCC812D5CA for <tcpinc@ietf.org>; Tue, 8 Mar 2016 03:05:26 -0800 (PST)
Received: from [85.158.139.163] by server-7.bemta-5.messagelabs.com id 67/0B-22772-5F1BED65; Tue, 08 Mar 2016 11:05:25 +0000
X-Env-Sender: Kevin.Smith@vodafone.com
X-Msg-Ref: server-5.tower-188.messagelabs.com!1457435124!21031881!1
X-Originating-IP: [195.232.244.134]
X-StarScan-Received:
X-StarScan-Version: 8.11; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 21649 invoked from network); 8 Mar 2016 11:05:24 -0000
Received: from mailout02.vodafone.com (HELO mailout02.vodafone.com) (195.232.244.134) by server-5.tower-188.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 8 Mar 2016 11:05:24 -0000
Received: from mailint03.vodafone.com (mailint03.vodafone.com [195.232.244.200]) by mailout02.vodafone.com (Postfix) with ESMTP id 3qKDGX2yMvzbdMf for <tcpinc@ietf.org>; Tue, 8 Mar 2016 12:05:24 +0100 (CET)
Received: from mailint03.vodafone.com (localhost [127.0.0.1]) by mailint03.vodafone.com (Postfix) with ESMTP id 3qKDGX1xJvz16J4j for <tcpinc@ietf.org>; Tue, 8 Mar 2016 12:05:24 +0100 (CET)
Received: from VOEXC03W.internal.vodafone.com (voexc03w.dc-ratingen.de [145.230.101.23]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailint03.vodafone.com (Postfix) with ESMTPS id 3qKDGX1qgQz16JDj for <tcpinc@ietf.org>; Tue, 8 Mar 2016 12:05:24 +0100 (CET)
Received: from VOEXM17W.internal.vodafone.com ([169.254.1.137]) by VOEXC03W.internal.vodafone.com ([145.230.101.23]) with mapi id 14.03.0224.002; Tue, 8 Mar 2016 12:05:23 +0100
From: "Smith, Kevin, (R&D) Vodafone Group" <Kevin.Smith@vodafone.com>
To: tcpinc <tcpinc@ietf.org>
Thread-Topic: [tcpinc] tcpcrypt - what's encrypted?
Thread-Index: AdF5Kma/V8arseClQAygs4FfjQyMHg==
Date: Tue, 08 Mar 2016 11:05:22 +0000
Message-ID: <A4BAAB326B17CE40B45830B745F70F10D8D75F3E@VOEXM17W.internal.vodafone.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/y_QYYHQeK5f9RBylBB7LjmXCzmk>
Subject: [tcpinc] tcpcrypt - what's encrypted?
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 11:05:28 -0000

Apologies if this is obvious and I've missed it in the docs - but please can someone confirm if the TCP protocol itself is encrypted as part of tcpcrypt, i.e. the ACKs, MSS, cwnd etc. etc. will not be visible to any middleboxes? A quick test shows them still visible to a packet capture...

Cheers
Kevin

v2.23.0 | Report a Bug | By Email