RE: [rddp] FW: Analysis of overhead for software implementation o f markers verses key based framing
"Williams, Jim" <Jim.Williams@Emulex.com> Fri, 06 December 2002 19:46 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21753 for <rddp-archive@odin.ietf.org>; Fri, 6 Dec 2002 14:46:45 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gB6JnB416468 for rddp-archive@odin.ietf.org; Fri, 6 Dec 2002 14:49:11 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB6JnBv16465 for <rddp-web-archive@optimus.ietf.org>; Fri, 6 Dec 2002 14:49:11 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21731 for <rddp-web-archive@ietf.org>; Fri, 6 Dec 2002 14:46:12 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB6Jm4v16359; Fri, 6 Dec 2002 14:48:05 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB6Jkhv16302 for <rddp@optimus.ietf.org>; Fri, 6 Dec 2002 14:46:43 -0500
Received: from emulex.emulex.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21589 for <rddp@ietf.org>; Fri, 6 Dec 2002 14:43:36 -0500 (EST)
Received: from xbl.ad.emulex.com (xbl.ma.emulex.com [172.16.12.11]) by emulex.emulex.com (8.9.1a/8.9.1) with ESMTP id LAA13832; Fri, 6 Dec 2002 11:46:19 -0800 (PST)
Received: by xbl.ma.emulex.com with Internet Mail Service (5.5.2653.19) id <XTGNDP5J>; Fri, 6 Dec 2002 14:46:19 -0500
Message-ID: <3356669BBE90C448AD4645C843E2BF289B8F5F@xbl.ma.emulex.com>
From: "Williams, Jim" <Jim.Williams@Emulex.com>
To: 'Jim Pinkerton' <jpink@windows.microsoft.com>, rddp@ietf.org
Subject: RE: [rddp] FW: Analysis of overhead for software implementation o f markers verses key based framing
Date: Fri, 06 Dec 2002 14:46:18 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C29D60.25068240"
Sender: rddp-admin@ietf.org
Errors-To: rddp-admin@ietf.org
X-BeenThere: rddp@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=unsubscribe>
List-Id: IETF Remote Direct Data Placement (rddp) WG <rddp.ietf.org>
List-Post: <mailto:rddp@ietf.org>
List-Help: <mailto:rddp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=subscribe>
-----Original Message----- From: Jim Pinkerton [mailto:jpink@windows.microsoft.com] Sent: Thursday, December 05, 2002 3:55 PM To: rddp@ietf.org Subject: [rddp] FW: Analysis of overhead for software implementation of markers verses key based framing Below is an analysis that I mailed out a while back to the group that was looking at the framing issue - they were trying to select between the "magic key" based approach (see draft-ietf-tsvwg-tcp-ulp-frame-01 for the details) verses using markers. [...] After yesterday's internal review, the conclusion was that a key based mechanism which includes a hash function based on [srcip, dstip, srcport, dstport, TCPSeqNum, Len] is preferable to using a marker based approach. However, this assumes that the application does not somehow discover the "secret" - the initial sequence number, or ISN. If it does, the probability of silent data corruption is possibly much less than the chance of silent data corruption with a CRC. Badness. I hadn't heard this one before. It must have come up after I realized that framing wasn't as good an idea as I had once thought. :-) Anyway, if I understand correctly, the threat model is an application layer that discovers the framing layer's secret and embeds that in the payload Further it must engage in a malicious conspiricy with a middle-box that agrees to resegment and arranges for the first resegmented packet to somehow be dropped so that the receiver won't discover that resegmenting is going on prior to making a framing mistake. And for all this effort the application succeeds in corrupting its own data. On the other hand, it is plausable that the application is not creating its own data, but rather receiving its data from multiple external sources which are mutual suspicious. At this point the threat becomes more concerning as the ability for one such source to corrupt another sources data is bad. It does assume that the malicious source can snoop the packets or otherwise discover the framing layers secret, but can't inject forged packets. (If it could inject forged packets, that would be a simpler and more direct way to corrupt data.) Hmmm .... I guess this is not a totally bogus argument. How is it that the data source can discover the "secret" but not directly corrupt the data? Perhaps it has read only access to memory used by framing layer? Perhaps it has the ability to snoop packets on the network, but not send them? Perhaps the packets are protected by IPSec authentication but not encryption? No can't be that because authenticated packets can't be resegmented by a middle box. Interesting. I'll have to ponder this one a bit.
- RE: [rddp] FW: Analysis of overhead for software … Williams, Jim