Re: The TCP and UDP checksum algorithm may soon need updating

Nico Williams <nico@cryptonector.com> Mon, 08 June 2020 21:00 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46A1C3A1009 for <ietf@ietfa.amsl.com>; Mon, 8 Jun 2020 14:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJVKVJu-_Acz for <ietf@ietfa.amsl.com>; Mon, 8 Jun 2020 14:00:49 -0700 (PDT)
Received: from crocodile.birch.relay.mailchannels.net (crocodile.birch.relay.mailchannels.net [23.83.209.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9A703A1006 for <ietf@ietf.org>; Mon, 8 Jun 2020 14:00:48 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 6FB5D341845; Mon, 8 Jun 2020 21:00:47 +0000 (UTC)
Received: from pdx1-sub0-mail-a99.g.dreamhost.com (100-96-137-10.trex.outbound.svc.cluster.local [100.96.137.10]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 99C043408CD; Mon, 8 Jun 2020 21:00:46 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a99.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.8); Mon, 08 Jun 2020 21:00:47 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Macabre-Vacuous: 786c50f5190d094e_1591650046927_2687292129
X-MC-Loop-Signature: 1591650046927:621948683
X-MC-Ingress-Time: 1591650046927
Received: from pdx1-sub0-mail-a99.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a99.g.dreamhost.com (Postfix) with ESMTP id 428987F100; Mon, 8 Jun 2020 14:00:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=LyQeejp6cM9GN7 Z3EmnOQKPpkbk=; b=DPyjUTpyD6/j82eBaLomgqRl6YiXouF85CvkccBvD8McjS ob6/ujrAGd7Ul6d0ItmIekUr1HP8O1I8aJXnRx2+gx/8siBQBMZuFm5gisLvBe92 nwwqy0djf6c8+b6x5SbTW65zzi+UyEWaC28SH3zu+wCK+8RsX4W2z3VG21Vj8=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a99.g.dreamhost.com (Postfix) with ESMTPSA id E50297F0F9; Mon, 8 Jun 2020 14:00:43 -0700 (PDT)
Date: Mon, 8 Jun 2020 16:00:40 -0500
X-DH-BACKEND: pdx1-sub0-mail-a99
From: Nico Williams <nico@cryptonector.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Michael Thomas <mike@mtcc.com>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: The TCP and UDP checksum algorithm may soon need updating
Message-ID: <20200608210038.GA3100@localhost>
References: <D55AFBFD-0D59-4176-B6BD-D6A1801FEC2C@akamai.com> <f42134de-3d0f-87e5-b13f-82afdb3689c9@mtcc.com> <96c65ca8-6ed5-2afa-a6d5-14905fc75ce8@foobar.org> <8946c5bf-0f6b-7a52-6326-dda59a78a798@mtcc.com> <995f5e46-b79a-ec9a-5465-9ec5abcdb759@foobar.org> <9d18c630-8506-9097-fc8c-86d6264afcbe@mtcc.com> <1783a7fa-fed4-2973-05dd-236f1120a74c@foobar.org> <5bf95457-5d44-86fa-5062-800680cc5a6a@mtcc.com> <20200608190220.GA18021@localhost> <9e0425e8-dffb-78a6-2520-c9214392caf7@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9e0425e8-dffb-78a6-2520-c9214392caf7@gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrudehvddgleeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucggtffrrghtthgvrhhnpefftdektefhueetveeigfefgeejteejvdfhhefgvddtfeeujeehleeguefhgffhgfenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/q4aROsQPtcTRFjavDmpYSGLA0fM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 21:00:51 -0000

On Tue, Jun 09, 2020 at 08:57:00AM +1200, Brian E Carpenter wrote:
> On 09-Jun-20 07:02, Nico Williams wrote:
> > On Mon, Jun 08, 2020 at 11:23:09AM -0700, Michael Thomas wrote:
> >> ssl had the advantage that it 1) beat ipsec to market, and 2) wasn't subject
> >> to API differences from OS layer calls like IPsec was, and with quite a bit
> >> of churn as i recall too. it's really too bad, imo. we wouldn't have had to
> >> do the contortions of dtls, for example. and now there's this problem. none
> >> of them are earth shattering, but it would have been cleaner.
> > 
> > You can sprinkle TLS anywhere you have an octet stream.  You can
> > sprinkle DTLS anywhere you have datagram flows. 
> 
> Unless someone says "multicast". 

That's a whole different ball of wax.