[tcpinc] New TCP-ENO draft posted
dm-list-tcpcrypt@scs.stanford.edu Wed, 08 March 2017 08:12 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774BB129570 for <tcpinc@ietfa.amsl.com>; Wed, 8 Mar 2017 00:12:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id di1qgiS7o6dI for <tcpinc@ietfa.amsl.com>; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AA13129468 for <tcpinc@ietf.org>; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v288Csag092710 for <tcpinc@ietf.org>; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v288Cs1t096302; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
From: dm-list-tcpcrypt@scs.stanford.edu
To: tcpinc <tcpinc@ietf.org>
Date: Wed, 08 Mar 2017 00:12:54 -0800
Message-ID: <87shmouqyh.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/6bN91gH59YV6drWJFMv1CfrmOJE>
Subject: [tcpinc] New TCP-ENO draft posted
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 08:12:55 -0000
A new TCP-ENO draft is available in the usual location:
https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/
It should address all of the comments received so far in last call, most
of which are just wording improvements that were already discussed on
the list. Given how small the changes are, the fastest way to check
them may be the wdiff interface:
https://www.ietf.org/rfcdiff?url1=draft-ietf-tcpinc-tcpeno-07&url2=draft-ietf-tcpinc-tcpeno-08&difftype=--hwdiff
There's one substantive though minor change, which is that the "a" bit
configuration API is now a MUST rather than a SHOULD. I believe the
working group instructed us not to use SHOULD unless there is an
explicit exception listed, so I think this was just an oversight.
(Otherwise, it's also weird that the API bit for the "b" bit would be a
MUST while for the "a" bit only a SHOULD--one of these had to be an
oversight.)
The new wording is:
a
Legacy applications can benefit from ENO-specific updates that
improve endpoint authentication or avoid double encryption. The
application-aware bit "a" is an out-of-band signal through which
higher-layer protocols can enable ENO-specific updates that would
otherwise not be backwards-compatible. Implementations MUST set
this bit to 0 by default, and MUST provide an API through which
applications can change the value of the bit as well as examine
the value of the bit sent by the remote host. Implementations
MUST furthermore support a _mandatory_ application-aware mode in
which TCP-ENO is automatically disabled if the remote host does
not set "a = 1".
Feedback welcome in the next few days as the deadline is coming up.
Thanks,
David
- [tcpinc] New TCP-ENO draft posted dm-list-tcpcrypt