[tcpinc] New TCP-ENO draft posted
dm-list-tcpcrypt@scs.stanford.edu Wed, 08 March 2017 08:12 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774BB129570 for <tcpinc@ietfa.amsl.com>; Wed, 8 Mar 2017 00:12:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id di1qgiS7o6dI for <tcpinc@ietfa.amsl.com>; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AA13129468 for <tcpinc@ietf.org>; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v288Csag092710 for <tcpinc@ietf.org>; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v288Cs1t096302; Wed, 8 Mar 2017 00:12:54 -0800 (PST)
From: dm-list-tcpcrypt@scs.stanford.edu
To: tcpinc <tcpinc@ietf.org>
Date: Wed, 08 Mar 2017 00:12:54 -0800
Message-ID: <87shmouqyh.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/6bN91gH59YV6drWJFMv1CfrmOJE>
Subject: [tcpinc] New TCP-ENO draft posted
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 08:12:55 -0000
A new TCP-ENO draft is available in the usual location: https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/ It should address all of the comments received so far in last call, most of which are just wording improvements that were already discussed on the list. Given how small the changes are, the fastest way to check them may be the wdiff interface: https://www.ietf.org/rfcdiff?url1=draft-ietf-tcpinc-tcpeno-07&url2=draft-ietf-tcpinc-tcpeno-08&difftype=--hwdiff There's one substantive though minor change, which is that the "a" bit configuration API is now a MUST rather than a SHOULD. I believe the working group instructed us not to use SHOULD unless there is an explicit exception listed, so I think this was just an oversight. (Otherwise, it's also weird that the API bit for the "b" bit would be a MUST while for the "a" bit only a SHOULD--one of these had to be an oversight.) The new wording is: a Legacy applications can benefit from ENO-specific updates that improve endpoint authentication or avoid double encryption. The application-aware bit "a" is an out-of-band signal through which higher-layer protocols can enable ENO-specific updates that would otherwise not be backwards-compatible. Implementations MUST set this bit to 0 by default, and MUST provide an API through which applications can change the value of the bit as well as examine the value of the bit sent by the remote host. Implementations MUST furthermore support a _mandatory_ application-aware mode in which TCP-ENO is automatically disabled if the remote host does not set "a = 1". Feedback welcome in the next few days as the deadline is coming up. Thanks, David
- [tcpinc] New TCP-ENO draft posted dm-list-tcpcrypt