IETF Logo Mail Archive

Re: [Spud] SPUD's open/close are unconvincing

Toerless Eckert <eckert@cisco.com> Thu, 09 April 2015 13:55 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 490C01A1ADF for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 06:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id viMFcxfrJ6FL for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 06:55:12 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 050F91A1A88 for <spud@ietf.org>; Thu, 9 Apr 2015 06:55:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1961; q=dns/txt; s=iport; t=1428587712; x=1429797312; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=EdrfZzeiDbmEvhmDdoXV1qeehEfj+yLsEMpecQ+zen8=; b=dwMGrmrWcda+Tq6HiWCerN6Racr5hExhjXvpTIHGNaBASMC5OKca+zBZ H91uweimIpgJ1ersaFaSxKXDCzZoxjqzD+BXKKXFC+W+H4F5aICLPnROL EJk2n+c2ClqFCO4bLBh/3duRpa+8AgdxVHxTeUFNOgEVFQzKOoPTr9knY M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AHBQC+gyZV/5pdJa1cgwjNSQKBPkwBAQEBAQF+hB8BAQEDATo/BQsLGAklDwVJiDUIzWIBAQEBAQEBAQEBAQEBAQEBAQEBAQEXiyuEKgEBUAeELQWLJ49dAZRlIoQPHoE8gTgBAQE
X-IronPort-AV: E=Sophos;i="5.11,550,1422921600"; d="scan'208";a="407353466"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP; 09 Apr 2015 13:55:11 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id t39DtAqA004897 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Apr 2015 13:55:11 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t39DtAIu010568; Thu, 9 Apr 2015 06:55:10 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t39Dt9mh010567; Thu, 9 Apr 2015 06:55:09 -0700
Date: Thu, 9 Apr 2015 06:55:09 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Message-ID: <20150409135509.GK24286@cisco.com>
References: <87iod631nv.fsf@alice.fifthhorseman.net> <DM2PR0301MB06555C7D7F32A69214405D44A8FC0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150408193920.GD24286@cisco.com> <871tju2rdq.fsf@alice.fifthhorseman.net> <20150409012229.GG24286@cisco.com> <CALx6S35NH9yPZxeARTic10b0jFEi8aC4Gmt79cxuzF_VpYYqLA@mail.gmail.com> <20150409041507.GJ24286@cisco.com> <CAMm+LwgD8Foe=JdJvZ4oeuhGkJJvUaNOsCJATGDsRmBwN4en_w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMm+LwgD8Foe=JdJvZ4oeuhGkJJvUaNOsCJATGDsRmBwN4en_w@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/grt00Es9EKlSB9SHXq9IFRr1uxc>
Cc: Tom Herbert <tom@herbertland.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] SPUD's open/close are unconvincing
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 13:55:17 -0000

On Thu, Apr 09, 2015 at 09:09:17AM -0400, Phillip Hallam-Baker wrote:
> TCP should probably not happen in the kernel either. Nor should
> printer drivers be in the kernel or anything that does not require the
> intermediation of the security monitor.

Right. As an OS person i would love for someone to implement a
"raw transport socket" option for unprivileged processes. Implement
in linux, go to POSIX, spend a decade trying to get it proliferated across
OSs.

Alas, as a network person, i think this would be an exercise in futility
because the only real benefit would be to create connections between
a legacy kernel TCP stack and a new userland TCP stack and those
connections would likely be mostly have little benefits over a simple
old kernel to old kernel TCP stack:

If you want new functionalities, most of the time, both sides need to support
these, the fastest way to get both sides to support them is to both
run them in userland over UDP and once people get their minds around
the fact that this is good and not just a workaround, the interest in
"native TCP" for new improved transport functions should recede.

> Looking at the shoot-yourself-in-the-foot opportunities in the IPv6
> encoding, I am not exactly anxious to put all those untrusted code
> paths in a position where they can root the machine.
> 
> One of the main reasons the current generation of O/S are chronically
> insecure is that 90% of the stuff that is inside the security
> perimeter has no business being there.
> 
> At this point TCP is water under the bridge. But that does not mean we
> are obliged to remake the mistake.
> 
> When TCP was designed, the mantra was 'everything is a stream'. That
> was the right abstraction for Telnet and FTP and Mail. It is probably
> not the right abstraction for real time web where an unreliable
> sequence of chunks seems a better fit.

What's missing from SCTP ? 

Cheers
    Toerless

v2.8.7 | Report a Bug | By Email