Re: [tcpinc] AD review of tcp-eno

Joe Touch <touch@isi.edu> Thu, 27 July 2017 15:50 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12471131CC7; Thu, 27 Jul 2017 08:50:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NjYTR_-cs5JN; Thu, 27 Jul 2017 08:50:56 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBA3812EC4B; Thu, 27 Jul 2017 08:50:55 -0700 (PDT)
Received: from [192.168.1.189] (cpe-172-250-240-132.socal.res.rr.com [172.250.240.132]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id v6RFoDQU008087 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 27 Jul 2017 08:50:23 -0700 (PDT)
From: Joe Touch <touch@isi.edu>
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
Cc: draft-ietf-tcpinc-tcpeno.all@ietf.org, tcpinc <tcpinc@ietf.org>
References: <55B07DA5-E274-4720-A919-83483094B9A0@tik.ee.ethz.ch> <80C705CD-8A24-49A9-A1B8-6FA7B2162941@kuehlewind.net> <baad59c7-03cb-738a-e1b9-185931fe96a2@isi.edu> <E855DFC2-1D60-4FF5-B67A-3E2DE4B44541@kuehlewind.net> <68220a4f-01dd-61dc-0e68-8c9fc68587bf@isi.edu>
Message-ID: <d93a8eb8-ca36-04d7-11e1-92608f6daee4@isi.edu>
Date: Thu, 27 Jul 2017 08:50:12 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <68220a4f-01dd-61dc-0e68-8c9fc68587bf@isi.edu>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/HZoMgvzRRSPn2bYUvD0HpUz3yDU>
Subject: Re: [tcpinc] AD review of tcp-eno
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2017 15:50:57 -0000

FWIW:


On 7/27/2017 8:40 AM, Joe Touch wrote:
> ...
>>>>> 2) I’m wondering if it would make sense to specify at the beginning of section 4.7 another requirement that TEPs SHOULD only specify the use of SYN data if there is some a-priori knowledge that the other end is likely to support tcp-eno and the tep (e.g. due to previous successful connections aka session resumption, or application knowledge).
>>> That section does not appear to address the case where non-user data in
>>> the SYN is received by a legacy receiver, either because of first
>>> contact or in contacting a host that has changed configuration since
>>> last contact. In such cases, there is no way to support transparent
>>> fallback as required by RFC 1122 -- which is why it is avoided at all
>>> costs. AFAICT, this optimization is too hazardous to include at all.
>> It does. The initiator must reset the connection in this case.
> I would assume then that NO TCP connection is possible to that endpoint
> - i.e., by aborting the connection, you're saying that this endpoint is
> not reachable because it's "ENO or nothing".
>
> If so, that needs to be made very clear - especially that it is not
> appropriate for the TCP layer to try another connection without ENO
> (i.e., transparent fallback NEVER involves multiple connection attempts
> - otherwise you're violating RFC1122).

The text does address this case, but still a bit too vague IMO. I'd
appreciate an explicit statement highlighting interaction with legacy
receivers, including a note that even a previously-visited ENO node
might be legacy upon next contact, and stating that the connection abort
MUST NOT include an automatic subsequent attempt at fallback, e.g.,
because BOTH this violates the nature of ENO (once the client wants ENO,
it's ENO-or-nothing) *and* because automatic fallback would violate TCP
semantics.

Joe