Re: [Spud] Connect and ACK Bits: Why?
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 13 July 2015 18:07 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id CAB7C1B2CF5
for <spud@ietfa.amsl.com>; Mon, 13 Jul 2015 11:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 216IJMZOMsPV for <spud@ietfa.amsl.com>;
Mon, 13 Jul 2015 11:07:18 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com
[IPv6:2607:f8b0:400d:c09::231])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 274D51B2CF6
for <spud@ietf.org>; Mon, 13 Jul 2015 11:07:17 -0700 (PDT)
Received: by qkdl129 with SMTP id l129so17291185qkd.0
for <spud@ietf.org>; Mon, 13 Jul 2015 11:07:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:cc:content-type;
bh=xi/9vOieuVMRYRhW589YQjr7YTt9wf5mrgtJlAQ9FLs=;
b=NQtNobv/MXFBK5LIr0up1vJu4gxNspCeobJPW8pz+TM3s2zssQBmtA2OU+/r1OsB3g
eCfT58t4MbFLpkASYI0MTQDQ2eItRloYh4oWoYqZLFdxmjhB0zAyG6Dz4GWxbAK/DVln
ZLJ/dLv8xu/zaD+aE5+jm1UKOpjjicq+OzdGbxXq+7tyPjn4GKT+FJvIR05QTaVuowuP
9/Jgnpg/sSryXEJARTRDzNWDh1nrPAinry8KqykFyVxBrzU50G7n1P/bkdV4ie2HXt45
0Jz1R8lpqITtSAhTXaiU2kNLcvJXRMHWAI/kZbJIWu9fzehXMyDjfEyXbcw/NUxjDGFt
RUMw==
MIME-Version: 1.0
X-Received: by 10.140.109.199 with SMTP id l65mr54522965qgf.91.1436810836420;
Mon, 13 Jul 2015 11:07:16 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.140.18.232 with HTTP; Mon, 13 Jul 2015 11:07:16 -0700 (PDT)
In-Reply-To: <20150713172537.GF23837@cisco.com>
References: <CANJ8QndAWK1ErRsUNAUHkA00aA5xzFsaQHiArCaN9jr64qCSnQ@mail.gmail.com>
<FD304957-E34A-4CA5-B05A-3394D9062F1D@tik.ee.ethz.ch>
<DM2PR0301MB06551595B03037418CD24D75A89C0@DM2PR0301MB0655.namprd03.prod.outlook.com>
<20150713172537.GF23837@cisco.com>
Date: Mon, 13 Jul 2015 14:07:16 -0400
X-Google-Sender-Auth: I6mj2qDOagxXy0xF81gyW2nqMF0
Message-ID: <CAMm+LwgG90aEresAXhNwCwv1WMOFw6iRL=h5mQNf2BciOJyHww@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Toerless Eckert <eckert@cisco.com>
Content-Type: multipart/alternative; boundary=001a113a37f483ac57051ac59721
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/NEa5dtksmFptX9TvEuGXSfarVQE>
Cc: Jacob Chappell <chappellind@gmail.com>,
Christian Huitema <huitema@microsoft.com>,
=?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>,
"spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] Connect and ACK Bits: Why?
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2015 18:07:20 -0000
On Mon, Jul 13, 2015 at 1:25 PM, Toerless Eckert <eckert@cisco.com> wrote: > Route changes: > > the middleboxes of interest are setup so that route-changes don't > matter, eg: eithre single point of failure or chassis redundancy or > the like. > > Teardown: > > Explicit teardown in TCP doesn't seem to be bad enough of a > problem that TCP was changed, right ? And it is sen as valuable by > middlebox vendors. > TCP was designed in an era when malice was rarely considered as part of network design and when it was considered it was (correctly) regarded as secondary to getting the system working at all. So the lack of authenticated teardown is certainly a concern, but not that difficult to address using some lightweight symmetric crypto: Sender, on session startup: Generate nonce n1, send 128 bits of H(n1) with connect message. Sender on session shutdown: Send nonce n1 with teardown message. Middleboxen: * On receipt of packet without connect, optionally buffer till connect is visible * On receipt of teardown, keep connection open for MAX_TIME seconds. Once a sender has sent a teardown message it is contracting that it is not going to source any further packets without re-establishing the connection. So while a middleboxen may see packets out of order, if it sees packets after the max network time to live has expired, it is an error and they can be discarded.
- [Spud] Connect and ACK Bits: Why? Jacob Chappell
- Re: [Spud] Connect and ACK Bits: Why? Mirja Kühlewind
- Re: [Spud] Connect and ACK Bits: Why? Christian Huitema
- Re: [Spud] Connect and ACK Bits: Why? Toerless Eckert
- Re: [Spud] Connect and ACK Bits: Why? Joe Touch
- Re: [Spud] Connect and ACK Bits: Why? Eliot Lear
- Re: [Spud] Connect and ACK Bits: Why? Joe Touch
- Re: [Spud] Connect and ACK Bits: Why? Phillip Hallam-Baker
- Re: [Spud] Connect and ACK Bits: Why? Toerless Eckert