Closed tfpauly closed 2 months ago
If I understand correctly, the scramble transform can be defeated by a single injected packet (ie with duplicated iv bytes, leading to key/iv reuse with aes-ctr). I think we should explicitly mention this in the security considerations, as this is both lower effort than most active attacks, and difficult to detect.
Creating a PR for the output of the design team, to add a way to encrypt packets in forwarded mode.
Rendered view of this PR Rendered diff with main