IETF Logo Mail Archive

Re: [Spud] SPUD's open/close are unconvincing

Roland Bless <roland.bless@kit.edu> Thu, 09 April 2015 13:19 UTC

Return-Path: <roland.bless@kit.edu>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC19C1A0BE8 for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 06:19:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.85
X-Spam-Level:
X-Spam-Status: No, score=-3.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVibWFKpngbe for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 06:19:31 -0700 (PDT)
Received: from iramx2.ira.uni-karlsruhe.de (iramx2.ira.uni-karlsruhe.de [141.3.10.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1262D1A0AF8 for <spud@ietf.org>; Thu, 9 Apr 2015 06:18:41 -0700 (PDT)
Received: from i72vorta.tm.uni-karlsruhe.de ([141.3.71.26] helo=i72vorta.tm.kit.edu) by iramx2.ira.uni-karlsruhe.de with esmtp port 25 iface 141.3.10.81 id 1YgCLv-0000t7-E5; Thu, 09 Apr 2015 15:18:39 +0200
Received: from [IPv6:::1] (localhost [127.0.0.1]) by i72vorta.tm.kit.edu (Postfix) with ESMTPS id 35D71B00532; Thu, 9 Apr 2015 15:18:39 +0200 (CEST)
Message-ID: <55267C2F.7060303@kit.edu>
Date: Thu, 09 Apr 2015 15:18:39 +0200
From: Roland Bless <roland.bless@kit.edu>
Organization: Institute of Telematics, Karlsruhe Institute of Technology (KIT)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: Brian Trammell <ietf@trammell.ch>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <87iod631nv.fsf@alice.fifthhorseman.net> <BAF3E36A-3D44-454E-BF3A-A9F9C3B9C4BC@trammell.ch>
In-Reply-To: <BAF3E36A-3D44-454E-BF3A-A9F9C3B9C4BC@trammell.ch>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-ATIS-AV: ClamAV (iramx2.ira.uni-karlsruhe.de)
X-ATIS-Timestamp: iramx2.ira.uni-karlsruhe.de 1428585519.
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/QDzX29pNPocO001jOBXclAUy9Xk>
Cc: spud@ietf.org
Subject: Re: [Spud] SPUD's open/close are unconvincing
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 13:19:34 -0000

Hi Brian,

On 09.04.2015 at 00:03 Brian Trammell wrote:

> SPUD's ACK (roughly TCP SYN/ACK) is more interesting. A SYN/ACK in 
> proper response to a SYN means that someone on the other side of
> the firewall decided a connection could proceed, or more mundanely
> means there is now actually state on the endpoint so any state the
> network needs should be there too. For bidirectional transports
> (i.e., for

Interesting thought, but only for the very simple TCP model the
endpoint already created state and is thus vulnerable to TCP SYN flood
attacks. So a responding endpoint is probably not a sufficient
indication...see also below.

> every transport one should be running over SPUD, since congestion 
> control requires feedback, as does proof of reverse reachability
> to reduce spoofing) it might be that ACK is sufficient to get us
> what we need. (In reviewing that paragraph, we probably also need
> to name it something other than ACK.)

SYN Flooding would also result in endpoints responding, i.e.,
the SYN/ACK is IMHO not a sufficient indication for a proper
conversation/state setup as the third way (ACK) would probably be.
Moreover, purely unidirectional data flows
(e.g., very sparse measurement data) may have no such prior handshake,
or multicast flows may have no ACKs.

> some sort of heuristic for rate-limiting. Indeed, these all speak 
> toward making ACK the important OPEN.

Maybe, but that is still not sufficient IMHO.

Regards,
 Roland

v2.8.7 | Report a Bug | By Email