On Tue, 2017-02-28 at 16:28 -0800, Tom Herbert wrote: > The Mellanox team working on TLS offload pointed out to us that if > data is changed for a retransmit then it becomes trivial for someone > snooping to break the encryption. Sounds pretty scary and it would be > a shame if we couldn't use zero-copy in that use case :-( Hopefully we > can find a solution...
Right, this is why offloading encryption over TCP is also hard ;)
