Re: [btns] Q: How to deal with connection latch breaks?

Michael Richardson <> Sun, 12 July 2009 23:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 395993A67FF for <>; Sun, 12 Jul 2009 16:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.99
X-Spam-Status: No, score=0.99 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_15=0.6, MANGLED_TEXT=2.3]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xIvq3MHdh1bu for <>; Sun, 12 Jul 2009 16:15:45 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 42D1B3A65A5 for <>; Sun, 12 Jul 2009 16:15:43 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTPS id 974F534254; Sun, 12 Jul 2009 23:16:13 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTP id 62FDE3EC3; Sun, 12 Jul 2009 14:54:24 -0400 (EDT)
From: Michael Richardson <>
To: "Mike Eisler" <>
In-Reply-To: <>
References: <>
X-Mailer: MH-E 8.1; nmh 1.1; XEmacs 21.4 (patch 21)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Date: Sun, 12 Jul 2009 14:54:24 -0400
Message-ID: <>
Subject: Re: [btns] Q: How to deal with connection latch breaks?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Better-Than-Nothing-Security Working Group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 12 Jul 2009 23:15:46 -0000

Hash: SHA1

>>>>> "Mike" == Mike Eisler <> writes:
    >> The last DISCUSS on draft-ietf-btns-connection-latching-10
    >> concerns what the WG thinks is the best way for ULPs to handle
    >> connection latch transitions to the BROKEN state in the _absence_
    >> of connection latching APIs for applications (or when apps are
    >> not aware of such APIs).

    Mike> Isn't this DISCUSS specific to SCTP? 

  I don't think so. 
  I think it's just that SCTP tries to get around other network
connection failures by switching to working end-points, while TCP and
UDP do not, so those applications are already more suspectible to
network failures.

  (First, if you are using channel binding, then you have to be aware of
it, so it is possible that we haven't thought through the non-channel
binding case well enough)

    Mike> I am unsure that the SCTP section defines behavior which is
    Mike> consistent with application expectations.  The last paragraph
    Mike> of 5.4 implies that the whole connection terminates if one of
    Mike> the latches breaks.  This has an impact on the semantics of
    Mike> the application socket API.  While connection latching is
    Mike> transparent when everything is working, there are new failures
    Mike> that ripple to the application.  That is, the application will
    Mike> observe different behavior on a connection with and without
    Mike> latching.

  I agree that this is the case for SCTP.
  For TCP, it looks like a normal network failure, do you agree?

  I think that how the latch breaks when the SA breaks depends upon
whether there are in fact multiple SAs, (the simple NxM approach), or if
the connection latch object is represented as a the N+M object, with
underlying SAs negotiated as needed.

    Mike> Perhaps the second approach is what should be used for
    Mike> SCTP. However, as the last sentence above notes, the first
    Mike> approach is used in the rest of the document. I gather what
    Mike> Russ is saying is that approach might not be appropriate for
    Mike> SCTP and he wants to know if the WG thoroughly considered it.

  I think that we did not consider it enough.

    Nico> a) The ULP MAY/SHOULD/MUST pretend that the equivalent of a
    Nico> TCP reset occurred and the connection latch is transition to
    Nico> the CLOSED state (and destroyed/cleaned up);

    Nico> b) The ULP MAY/SHOULD/MUST act as though bits aren't moving
    Nico> and let ULP and/or application-layer timeout processing decide
    Nico> if and when to close the connection (and underlying connection
    Nico> latch).

    Nico> (b) means potentially hanging forever, but that's generally
    Nico> true now with existing ULPs.

    Nico> The I-D says (b), with "SHOULD".

    Nico> I'd be just as happy with (a), SHOULD, (b) MAY.  I would not
    Nico> be happy with (a), MUST, nor with (b), MUST.

    Nico> Comments?

  Tell me why the connection latch broke?

  I do not like layers that kill connections unlaterally because *they*
think they know what my application's timeout is.  

- -- 
]     Y'avait une poule de jammé dans l'muffler!!!!!!!!!        |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] |device driver[
]    h("Just another Debian GNU/Linux using, kernel hacking,    ruby  guy");  [

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys