[Spud] Comments on draft-hildebrand-spud-prototype-03
Tom Herbert <tom@herbertland.com> Wed, 01 April 2015 01:15 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id CD98A1B2BBF
for <spud@ietfa.amsl.com>; Tue, 31 Mar 2015 18:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7]
autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id dA9lOYIA1zz9 for <spud@ietfa.amsl.com>;
Tue, 31 Mar 2015 18:15:48 -0700 (PDT)
Received: from mail-ig0-f171.google.com (mail-ig0-f171.google.com
[209.85.213.171])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 1DD691A1A97
for <spud@ietf.org>; Tue, 31 Mar 2015 18:15:48 -0700 (PDT)
Received: by igbud6 with SMTP id ud6so35162202igb.1
for <spud@ietf.org>; Tue, 31 Mar 2015 18:15:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:date:message-id:subject:from:to
:content-type;
bh=Xkw9Liw1JVGRUaj2uJ4vCtExxIuMgs1CvcVrV/dgpl4=;
b=A7uU5/WCumK+uFx5PeSmNlL/ChtTrS5h3gKr1OgYZakMk145VAo9lvgSz0djp6ty5v
ijYhVU2PBew8ylUZZT62+2k7/Y9Nzp8865Cl9cqNlf2XcNI03LNwpX/JBmDYmL4k2fLZ
7azaIjcboOM1VkN2bzPdIkLDecWrKQU6qdfAgACzb2w7AIVnR4vtVPL4jSUxxDV/z6IO
RjuEY3aaH91Xq0iaan8zqU29PZsTJen8HcVo/hI8nF5sapWV5WFMPrODg/zyJoVCzrT+
wQkYq6hq8RX+hKHtITCzGytTmv5M4lBtZvk00MyWRzMt09/2U/hk3d6/WJfqkl5EQRYS
hHXg==
X-Gm-Message-State: ALoCoQmJxuSR4c4f0S+8NYjSWNrV437rthV9hNkh3vhEeHSwB4ZWjaPdmrFc8j4P+UtqrprdbJXs
MIME-Version: 1.0
X-Received: by 10.42.199.75 with SMTP id er11mr39284231icb.43.1427850947322;
Tue, 31 Mar 2015 18:15:47 -0700 (PDT)
Received: by 10.107.149.15 with HTTP; Tue, 31 Mar 2015 18:15:47 -0700 (PDT)
Date: Tue, 31 Mar 2015 18:15:47 -0700
Message-ID: <CALx6S37Y7wFH5TzuSSKgRYBzP-7mQz0xcLJdCBxxv=+Mc8O1=g@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: jhildebr@cisco.com, spud@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/BPnq1rHk_BAG2LI8vmti2BqkalY>
Subject: [Spud] Comments on draft-hildebrand-spud-prototype-03
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 01:15:53 -0000
Hi Joe, I was looking at the state machine in the SPU prototype protocol, especially with regards of how a TCP connection might be mapped to it. Here are a few comments. 1. For a session it seems like one side is delegated to be the initiator. The initiator sends the open and sets the session ID which is reflected by it's peer. We can use an additional bit in the header to indicate if the sender (source IP address) is the initiator or not. 2. Assuming that there is a clear initiator, the state machine viewpoint can always be from the initiator and then is common for both endpoints and any intermediate nodes. So there shouldn't be a need to consider active or passive opens, or simultaneous opens. sopen would just be open, and the transition from unknown to running would not be needed.. 3. If the underlying protocol does allow simultaneous opens so that two sessions are created, presumably some method would be needed by the underlying protocol to select which session to use for the connection and close the session. 4. I think there should be an additional opening state. With transition flow: 1) When open is seen from initiator, go to first opening state. 2) When open-ack is seen from peer, go to second opening state. 3) When open-ack is seen from initiator, go to running. This then matches the completion 3WHS of TCP. For instance, in a SYN attack the created session states would only get to the second open state (assuming SYN=>open and then SYN-ACK=>open-ack), so this way we can differentiate these with sessions with the ones fully established ones in the underlying protocol. Thanks, Tom