Re: The TCP and UDP checksum algorithm may soon need updating

Joseph Touch <touch@strayalpha.com> Sun, 07 June 2020 19:08 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692CF3A0844 for <ietf@ietfa.amsl.com>; Sun, 7 Jun 2020 12:08:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbw6mabfCq7R for <ietf@ietfa.amsl.com>; Sun, 7 Jun 2020 12:08:23 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 521993A0843 for <ietf@ietf.org>; Sun, 7 Jun 2020 12:08:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=HEo5uS2d90eBUhNSlIa4LuCa62vAeIM+qxyIzLor8J8=; b=O/+GWvaZmQxeBcGm9JnQsGgo5 6gVeojD49s3Id16XXpLE4ffpYk3yorL/65h5uUXhi7WofN8cMqqRbCI62UV/+S3CMkAb5lrgpgfp9 gUQgzaal5nsAVccnTgnyNHL8g51UxLMAYa4/xW9IK9eYa/JdQEUHEfrF5ZXc8HHetlwPZXJ98Dj1x 60I6erX2e0waopKkOrCqsRsoY+rU3r9of7fCsemdHdbEvQ1aGA7c7ZtEhIQKLGhxHxFsC62WQwwGc t7l1a/O6T7Bm4CFS6+6wfUjV7oVPa0eY6T/OP8dy3zF7l6yHqTEGC4t8Q5mPvJZfN9QdzMWr8OODl LdVTgwUZA==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:54012 helo=[192.168.1.14]) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <touch@strayalpha.com>) id 1ji0eX-000iaX-NJ; Sun, 07 Jun 2020 15:08:22 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_64938C67-77AD-47F4-A851-6751F639B751"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: The TCP and UDP checksum algorithm may soon need updating
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <CAMm+Lwia_4zh-9HA5P9L5DqE6bMNMFOZFbzW5DKO025eNuuq4w@mail.gmail.com>
Date: Sun, 7 Jun 2020 12:08:16 -0700
Cc: Nico Williams <nico@cryptonector.com>, Craig Partridge <craig@tereschau.net>, Christian Huitema <huitema@huitema.net>, IETF discussion list <ietf@ietf.org>
Message-Id: <28A2725D-00F8-4739-8A73-ED176F8EF561@strayalpha.com>
References: <CAHQj4Cem6YdTXKFPW6Mk6gK9Yt_2qD=M7PAE6nxFEdJrD==ZVA@mail.gmail.com> <8CDB0383-41B9-4D10-BCA8-FF6FC7AFF2DD@huitema.net> <db8943fc-5cd3-9ea7-2876-a5468216d86f@huitema.net> <CAMm+Lwj=5h_zgm0=fD6AjbLmsg91ctv7a6pW0fh8L9o38C1GmQ@mail.gmail.com> <76F7B5D1-27E3-467C-9375-0030AD5B839F@strayalpha.com> <CAMm+Lwj6jAW2w-Q7RuWrJJfrfii4L7zcdykdaYHw_w_0h89ZSQ@mail.gmail.com> <20200605163910.GV18021@localhost> <CAMm+Lwia_4zh-9HA5P9L5DqE6bMNMFOZFbzW5DKO025eNuuq4w@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/94WZCe6M0H9OOlgFV8e1HK5rFXE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jun 2020 19:08:24 -0000

+1

> On Jun 7, 2020, at 11:37 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
> 
> Rather than trying to make TCP/IP a flawless transport, we have to apply the same principle of making a lossy channel robust at the higher level.

My other concern is also with offload mechanisms and middleboxes. There’s the old adage of whether we’re corruption errors (line, memory) or manipulation errors (incorrect code or assumptions about the inputs to that code).

Overall, I’d feel a lot better about upending transport checksums if we had evidence that the checksum wasn’t catching errors. If the checksum is correct because it’s being constantly recomputed without being checked, a new alg won’t fix the issue.

And if this were truly a 1 in 100 problem, wouldn’t we be seeing a lot more of it?

If somethings fishy here, it’s not clear at all yet what it is.

Joe