IETF Logo Mail Archive

Re: [tcpinc] TCP's treatment of data in SYN packets

David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Wed, 27 July 2016 17:35 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DA1412D748 for <tcpinc@ietfa.amsl.com>; Wed, 27 Jul 2016 10:35:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.188
X-Spam-Level:
X-Spam-Status: No, score=-2.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEiGPUHcwnDZ for <tcpinc@ietfa.amsl.com>; Wed, 27 Jul 2016 10:35:13 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A12DC12D740 for <tcpinc@ietf.org>; Wed, 27 Jul 2016 10:35:13 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id u6RHZAOu002643; Wed, 27 Jul 2016 10:35:10 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id u6RHZ9R5030841; Wed, 27 Jul 2016 10:35:09 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Kyle Rose <krose@krose.org>, Yuchung Cheng <ycheng@google.com>
In-Reply-To: <CAJU8_nWMBbqLLsYQ3GhqRk8YkptqjCF40h_R7HNSOrqHwLbgxQ@mail.gmail.com>
References: <CAJU8_nU1WzQNFFUn_2o1cACutB01iyQ_hC29PHoutr8TRDKGnA@mail.gmail.com> <CAK6E8=d3psZBS1yX56fRQ-SP7qCN_vem5tNB8O42zPyo0TKj7Q@mail.gmail.com> <CAJU8_nWMBbqLLsYQ3GhqRk8YkptqjCF40h_R7HNSOrqHwLbgxQ@mail.gmail.com>
Date: Wed, 27 Jul 2016 10:35:09 -0700
Message-ID: <87wpk7x9v6.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/1BwPUZdetwPOTPgWQt-_XzOLlAM>
Cc: Praveen Balasubramanian <pravb@microsoft.com>, tcpinc <tcpinc@ietf.org>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>, "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, Christoph Paasch <cpaasch@apple.com>
Subject: Re: [tcpinc] TCP's treatment of data in SYN packets
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: David Mazieres expires 2016-10-25 PDT <mazieres-y5hsfgismf3ham3zvhiu5rn43n@temporary-address.scs.stanford.edu>
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2016 17:35:14 -0000

Kyle Rose <krose@krose.org> writes:

> This is really good information: thanks! I think if tcpinc decides to
> pursue early data, we'll want to learn as much as possible from your
> experience.

So just to scope what we had in mind, "pursue early data" sounds a bit
aggressive.  What I think we had in mind is just saying something about
what receivers MUST do when receiving a SYN segment with data, not
encouraging people to do that.

Since TFO will eventually cause people to address these middlebox
issues, it would be nice to avoid creating a second round of problems
where TCP-ENO implementations also crash or do weird stuff.  And it
would also be nice if TCP-ENO didn't disable this possible optimization.

What I had in mind was something along the lines of saying that the last
TEP suboption in host A's SYN segment is the SYN TEP, and that host B
MUST ignore and MUST NOT ACK any data in SYN segments unless the
negotiated TEP is the SYN TEP and that TEP explicitly defines the use of
data in SYN segments.  Furthermore, SYN data MUST be discarded in the
event that TCP-ENO is disabled, even when such data has already been
ACKed.  TEPs MAY define the use of data in SYN segments for when they
are the SYN TEP, but SHOULD limit such usage to cases in which it is
known that the passive opener and network path both support ENO.

David

v2.35.0 | Report a Bug | By Email | System Status