Re: The TCP and UDP checksum algorithm may soon need updating

Joseph Touch <> Fri, 05 June 2020 16:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AE0AA3A091F for <>; Fri, 5 Jun 2020 09:30:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.319
X-Spam-Status: No, score=-1.319 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id weAW_n6BXGIf for <>; Fri, 5 Jun 2020 09:30:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 00C9B3A08F9 for <>; Fri, 5 Jun 2020 09:30:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YiV+WpWWKFOqzV28XXKqnV5NOCyVZHaZK/uUJsnuqBA=; b=MsNvLB3Ut6G3cQH1jpS524qDW o2ZK9KxYPN5yKMtrT402A/gKCiHdXC+OFkpGSsc1UMbRi3DcM9D023b87NYFJSS7PKlP0LNdFGLL/ SVyc/4uZWWeCjMMN7m8zjeYCW8kg/t3lZlrBo7U7lXo+qoUKl2N2wR1fS7LPZjc0eEd9CY0UjNltU pwxvg6ZwTFnrgEvVQJyAwTJjKUyVoRg24pZRNCDLWOWG5n5HL74lTNOm0vXkYBKQS6izb3sC7Lzgr xp92wXgO6PE0vsYMIVHdc+eZvMUgCqiQtqsW9TQgSCcy9ukX7VzBb3ipVKIGgDWcZtB/2dZq+oDlX NDz855OQw==;
Received: from ([]:61175 helo=[]) by with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <>) id 1jhFEQ-002rOR-Ig; Fri, 05 Jun 2020 12:30:15 -0400
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Subject: Re: The TCP and UDP checksum algorithm may soon need updating
From: Joseph Touch <>
In-Reply-To: <>
Date: Fri, 5 Jun 2020 09:30:09 -0700
Cc: Christian Huitema <>, Craig Partridge <>, IETF discussion list <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <>
To: Phillip Hallam-Baker <>
X-Mailer: Apple Mail (2.3608.
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
X-From-Rewrite: unmodified, already matched
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 05 Jun 2020 16:30:32 -0000

Hi, Philip,

All these statistical analyses assume that errors are not correlated in many dimensions. If that were to happen on the wire, it would likely be caught by things like Ethernet’s CRC. The issue we’re dealing with are errors that are either not caught on the wire OR happen in memory or processing, neither of which are very likely to be uncorrelated.

The only thing that’s “pretty clear” to me is that if this were actually as uncorrelated as you’re assuming, we would have lots of examples of transfers that failed. I asked a simple question - are we seeing that? I’ll admit that doesn’t come up for me, but by everyone’s “analysis” they ought to be raining down everywhere, esp. in large data centers. But I haven’t heard anyone screaming yet.

So either the other protections we have (as others have mentioned) are sufficient or these errors are not correlated the way that’s been assumed (and thus they’re being caught by the existing checksum).

There’s no law against repeating a checksum with different data if all the data gets there OK.