IETF Logo Mail Archive

Re: [multipathtcp] [Int-area] SOCKS 6 Draft

Joe Touch <touch@isi.edu> Thu, 13 July 2017 17:07 UTC

Return-Path: <touch@isi.edu>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC6F1201F8; Thu, 13 Jul 2017 10:07:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7l9GFsv8PNTC; Thu, 13 Jul 2017 10:07:37 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F6741316FF; Thu, 13 Jul 2017 10:07:37 -0700 (PDT)
Received: from [10.31.59.150] (ip-64-134-100-23.public.wayport.net [64.134.100.23]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id v6DH7BpN003269 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 13 Jul 2017 10:07:13 -0700 (PDT)
To: Dragoș Niculescu <dragos.niculescu@cs.pub.ro>
Cc: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>, mohamed boucadair <mohamed.boucadair@orange.com>, David Schinazi <dschinazi@apple.com>, multipathtcp <multipathtcp@ietf.org>, int-area <Int-area@ietf.org>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <AE3FC07A-DE86-4765-9D1F-00640942B4E4@apple.com> <3f975b41-78b0-9f50-6c46-cc8e30007f34@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000764@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <a922a59f-2670-8d50-f3c5-99e1c29848ca@cs.pub.ro> <ec8cae81-dbeb-ed92-33ca-678bb2b5efeb@isi.edu> <1459306318.3890958.1499330475778.JavaMail.zimbra@cs.pub.ro>
From: Joe Touch <touch@isi.edu>
Message-ID: <c15031f3-95cf-d341-2ddb-0b3850a74d76@isi.edu>
Date: Thu, 13 Jul 2017 10:07:09 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <1459306318.3890958.1499330475778.JavaMail.zimbra@cs.pub.ro>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-MailScanner-ID: v6DH7BpN003269
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/bI_prX7rMX_GG-0xSDE0_1gqHmI>
Subject: Re: [multipathtcp] [Int-area] SOCKS 6 Draft
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 17:07:38 -0000


On 7/6/2017 1:41 AM, Dragoș Niculescu wrote:
> ----- On Jul 5, 2017, at 7:59 PM, Joe Touch touch@isi.edu wrote:
>
>> On 7/5/2017 9:39 AM, Vladimir Olteanu wrote:
>>
>>
>> It can also be stacked as many times as desired for arbitrarily long proxy
>> chains. However:
>> * We avoid using the SYN's payload as extra option space (which, I think, goes
>> against TCP's core philosophy).
>>
>> [Med] This is also true for MP_CONVERT Information Element which is not a TCP
>> option, but a data supplied for proxy purposes in the SYN payload.
>> Fair enough, but this is not a purely layer 5+ protocol. It seems that you are
>> strongly tied to TFO (between the client and the proxy). MP_CONVERT must be
>> part of the SYN's payload, because the following SYN+ACK depends on the
>> contents of MP_CONVERT and signals that the remote server has accepted your
>> connection.
>> The biggest impact of including non-data information in the SYN payload area is
>> that it completely defeats graceful fallback for SYN receivers that don't
>> support the option. As you note, it can be *more* safe when tied to out-of-band
>> context (e.g., prior TFO support), but TCP has NO requirement that such context
>> is absolutely maintained across different connections. You might be speaking to
>> a different stack or demuxed off to a different virtual host behind a load
>> balancer.
>>
>> Ultimately, putting any non-data info in the SYN payload violates the
>> requirement that TCP options can be ignored by receivers that don't support
>> them *without* impacting the ability of *that* connection attempt to succeed.
>>
>> Joe
> SOCKSv6 proposal makes use of extra data in the SYN (SOCKS data, and user data), but 
> its correctness and backward compatibility does not depend on TFO, only its RTT performance. 
> In fact, when TFO is not available neither between client and proxy, nor between proxy and 
> server the SOCKSv6 RTT is still lower than SOCKSv4 and SOCKSv5. But TFO is likely to be the most 
> common case in the future - Linux kernel has TFO client side on by default since 3.12 
> (November 2013)[1], and it seems to be the default in all Android phones and default 
> Linux installs.  
What happens with a legacy receiver?

Joe

v2.23.0 | Report a Bug | By Email