Re: The TCP and UDP checksum algorithm may soon need updating

Christian Huitema <huitema@huitema.net> Sun, 07 June 2020 20:05 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72FE13A08C6 for <ietf@ietfa.amsl.com>; Sun, 7 Jun 2020 13:05:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9WSa9BOQBwF for <ietf@ietfa.amsl.com>; Sun, 7 Jun 2020 13:05:13 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB0C53A08BE for <ietf@ietf.org>; Sun, 7 Jun 2020 13:05:13 -0700 (PDT)
Received: from xse426.mail2web.com ([66.113.197.172] helo=xse.mail2web.com) by mx36.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1ji1Xa-0001p5-6U for ietf@ietf.org; Sun, 07 Jun 2020 22:05:12 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 49g6Cb4DNmz4rrD for <ietf@ietf.org>; Sun, 7 Jun 2020 12:39:39 -0700 (PDT)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1ji18t-0000EP-FZ for ietf@ietf.org; Sun, 07 Jun 2020 12:39:39 -0700
Received: (qmail 4681 invoked from network); 7 Jun 2020 19:39:39 -0000
Received: from unknown (HELO [192.168.1.104]) (Authenticated-user:_huitema@huitema.net@[172.58.43.64]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <phill@hallambaker.com>; 7 Jun 2020 19:39:39 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Christian Huitema <huitema@huitema.net>
Mime-Version: 1.0 (1.0)
Subject: Re: The TCP and UDP checksum algorithm may soon need updating
Date: Sun, 07 Jun 2020 12:39:38 -0700
Message-Id: <3AA98081-A70E-4076-8096-79FFAEE8A738@huitema.net>
References: <28A2725D-00F8-4739-8A73-ED176F8EF561@strayalpha.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, Nico Williams <nico@cryptonector.com>, Craig Partridge <craig@tereschau.net>, IETF discussion list <ietf@ietf.org>
In-Reply-To: <28A2725D-00F8-4739-8A73-ED176F8EF561@strayalpha.com>
To: Joseph Touch <touch@strayalpha.com>
X-Mailer: iPhone Mail (17E262)
X-Originating-IP: 66.113.197.172
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0fwuhl+SFh+udCLiTeLN1rOpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDAzc5Jb/eaE0k3pqeq35lKbgN zB/4Jkrw1eDLcif59ftPPAeY7zumq3EHab6rxv3NU7Tmz6iKnkQL9gqsxD347235Nhqq+/HvroPq 8GSPg+7KJix/R2qbtdH2ZflMjNgfX2XX9bIsGDSYq5OAASmskY6jSvfpO+1kZkomjtjB6X5Q5Q9f RUeIpTIC2ySfqvnqLwoxlgatmaBb0rBiK9xbkDrUqzcKIief90MVLZY9LbIZh9+IQ1oS9LBn3VIP 95Jz7ujRlJ9wSMlhvaudJXZ9EIBG/qaR+8r9SKFMmPJLf850OvZYsmoVQuOIhwKLK6IKBNB4LZ0v UHHKTzJX7b1JhLSQQ4vSj0QEim26t/Moy0UPX5E73H1QfrH/5kkrV/Cr0bm2vWdo8usP65i82q1C dZgGrpL44wdx9eXqjQjbvUopOMQJvQ/Ck3iiU+4DQAj3fuQgzT3K9JUHTNiGwfwAmxx/Wk8McinP JEkgAVrOMpYt4o3CgqJq+7GLH3LDcCCXfikzBml8Cm9npywqhRpTgiknhHsHUAKgKsQ3ikbxKrIv UwPy3x0FYtCNEb10sHyQCLHEvD1OqP6bgZ4L66GcgBg66gs5OuzYxJgw5atIxeNDvjI/CYe5WPy0 +t1RP0azhMiuI1t8ZkbysiIz0QGjOJxMPnetLBJMh51NiRRoHICKHaFTBT3ULow4Vdg4pdnemiK7 x42VjdzChZMe6O/Did+/hGXTmfhE+Dx2/NyzMXrPTqvFlWOyqhFpSkHFtBD2vOnCUbNPgcPcQwzM gKHyQxUo+ql2ySTkvEFH/23XMww2BnTTFGX5/yI4Ky+1ZJcbGqc5H4PEZHeoI/d6LWFf332z7LMw LGdoi9FMQ5j9dQUvMi1YKAun15JQSJLyCT5k+MTObVKxHy/dols381l9r9ft9daDonlwd6LnuX+J u10=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/iVKie-mPFdd1xY15OmRzS7_fcLo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jun 2020 20:05:16 -0000

> On Jun 7, 2020, at 12:08 PM, Joseph Touch <touch@strayalpha.com> wrote:
> 
> Overall, I’d feel a lot better about upending transport checksums if we had evidence that the checksum wasn’t catching errors. If the checksum is correct because it’s being constantly recomputed without being checked, a new alg won’t fix the issue.

Or, use a keyed cryptographic checksum and do not give the key to middleboxes.

-- Christian Huitema