IETF Logo Mail Archive

Re: [tcpinc] TCP's treatment of data in SYN packets

David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Fri, 29 July 2016 02:43 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 737AE12D5D1 for <tcpinc@ietfa.amsl.com>; Thu, 28 Jul 2016 19:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.188
X-Spam-Level:
X-Spam-Status: No, score=-2.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TwgMGcIXbfEf for <tcpinc@ietfa.amsl.com>; Thu, 28 Jul 2016 19:43:39 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCA2212D597 for <tcpinc@ietf.org>; Thu, 28 Jul 2016 19:43:39 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id u6T2hcRC024621 for <tcpinc@ietf.org>; Thu, 28 Jul 2016 19:43:38 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id u6T2hcsa028315; Thu, 28 Jul 2016 19:43:38 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: tcpinc <tcpinc@ietf.org>
In-Reply-To: <CAJU8_nXSxr7ykC1TwptBmyP8pNccz52ozq=hF7-EYiaMdDeLBQ@mail.gmail.com>
Message-ID: <8737mtqkf5.fsf@ta.scs.stanford.edu>
References: <CAJU8_nU1WzQNFFUn_2o1cACutB01iyQ_hC29PHoutr8TRDKGnA@mail.gmail.com> <579A4669.7030600@isi.edu> <87lh0lselg.fsf@ta.scs.stanford.edu> <CAJU8_nUPrm9JJMrrMbL5+FpP-9CKC6EkidCry9UuZA5ZfyJtoA@mail.gmail.com> <579A8223.8050308@isi.edu> <CAJU8_nXSxr7ykC1TwptBmyP8pNccz52ozq=hF7-EYiaMdDeLBQ@mail.gmail.com>
Date: Thu, 28 Jul 2016 19:43:38 -0700
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/If7qzITpJyt3JLv0QFCH4_E7kOc>
Subject: Re: [tcpinc] TCP's treatment of data in SYN packets
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 02:43:40 -0000

How about the following wording?

   A SYN segment containing an ENO option MUST NOT include a TCP Fast
   Open (TFO) option [RFC7413].  However, TEPs MAY specify the use of
   data in SYN segments to achieve similar benefits to TFO.

   The last TEP identifier suboption in host A's SYN segment is the _SYN
   TEP_.  The SYN TEP governs the use of data in A's SYN segment.  If
   the SYN TEP's specification does not define the use of such data,
   then host A's SYN segment MUST NOT contain data and host B MUST
   discard any such data.  Host B must also discard data in A's SYN
   segment if either the SYN TEP differs from the negotiated TEP or host
   B disables encryption.

   The use of data in B's SYN-ACK segment is governed by the negotiated
   TEP.  If the negotiated TEP's specification does not define the use
   of such data, then host B's SYN-ACK segment MUST NOT contain data and
   host A MUST discard any such data.  Host A MUST also discard any
   received SYN data if it disables encryption.

   When a host discards SYN data, it MUST NOT acknowledge the sequence
   number of the discarded data.  Rather, it MUST acknowledge the other
   host's initial sequence number as if the received SYN segment
   contained no data.

   Regardless of the SYN TEP and negotiated TEP, host A MUST NOT include
   data in a SYN-only segment when in mandatory application-aware mode.
   Moreover, in the event that host B is an active opener (because of
   simultaneous open), host B's SYN-only segment MUST NOT include data.

   Using data in SYN segments deviates from TCP semantics and can cause
   problems with middleboxes or non-compliant TCP hosts.  Hence, all
   TEPs SHOULD support a normal mode of operation that does not make use
   of data in SYN segments.  Moreover, implementations SHOULD employ SYN
   data only if explicitly requested by the application or in cases
   where such use is highly unlikely to pose problems.

David

v2.37.1 | Report a Bug | By Email | System Status