Essential - Someone who understands the wire format can explain why the client-mbox capture contains additional data - Fix the captures so they aren't corrupt (probably by terminating tcpdump properly) - Find another way of "stepping out" of encryption other than asking the middlebox to modify a record? or - if we can't do that, fix the bug that prevents the middlebox from modifying stuff; keeping the message length constant results in MAC integrity fail warning, but transaction continues. Changing length results in fatal failure. Nice to have - Do the timing in a less monkey way than done here - Think of a better or more powerful demonstration of this part of the story? - Timings here show re-encrpytion is slower, but not by much. Difference in time could be dominated by calling script. Also could be diluted by the fact both are constantly writing to disk (have a "no-writing-to-disk" option in all three?)