IETF Logo Mail Archive

Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

dm-list-tcpcrypt@scs.stanford.edu Sat, 29 August 2015 00:04 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D84B81ACD79 for <tcpinc@ietfa.amsl.com>; Fri, 28 Aug 2015 17:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.91
X-Spam-Level:
X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Htzv7V0HKXr for <tcpinc@ietfa.amsl.com>; Fri, 28 Aug 2015 17:04:37 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 253141ACD00 for <tcpinc@ietf.org>; Fri, 28 Aug 2015 17:04:37 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id t7T04Z6W032087; Fri, 28 Aug 2015 17:04:35 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id t7T04Yrc009544; Fri, 28 Aug 2015 17:04:34 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: dm-list-tcpcrypt@scs.stanford.edu
To: Eric Rescorla <ekr@rtfm.com>
In-Reply-To: <CABcZeBNS_3w8moBJhGxPJs45x+2_Lu-4XZcQ02QOeNiAcTxADA@mail.gmail.com>
References: <CABcZeBNEFVkDi38y3G-C2nQF=dzW2mGDsj5DVK_OKVkPwK=G0g@mail.gmail.com> <878u92oadf.fsf@ta.scs.stanford.edu> <CABcZeBMfk5C4-LF0fDLKpJktV3hJyzRUNfe0gO8RYDnzcs3yMA@mail.gmail.com> <87zj1inf7n.fsf@ta.scs.stanford.edu> <CABcZeBMZCjrwpTH+CkZS_p8TYGEFsXwxGn=KfPe28hY5f=2oXw@mail.gmail.com> <87oahuta7j.fsf@ta.scs.stanford.edu> <CABcZeBPiUxByxUVJ3cb5LaeH5T1LX3iZFetP4cXM3O9avzBkCA@mail.gmail.com> <87si75jo4s.fsf@ta.scs.stanford.edu> <BDF93B3E-9DE0-4FEA-A4A7-6E6A69E4169B@tik.ee.ethz.ch> <87h9nkkcqc.fsf@ta.scs.stanford.edu> <55DF25DC.2040001@tik.ee.ethz.ch> <87twrkhfpg.fsf@ta.scs.stanford.edu> <CAJU8_nWktUwni0=nywx-bbHg+j_K5GWFAZD8g3ZbKx7GLk4jpQ@mail.gmail.com> <877fogvdq7.fsf@ta.scs.stanford.edu> <CABcZeBPTGQvjdP7-6=+mN0S6wWOZC8PrsZhGu85NMkFQF-nMXg@mail.gmail.com> <8737z3kijy.fsf@ta.scs.stanford.edu> <CABcZeBPVhQ-nJw4zjELXeU8LwhkyMGxi3gEROaEa0iTsjt=y4g@mail.gmail.com> <87h9nji6mp.fsf@ta.scs.stanford.edu> <CABcZeBNS_3w8moBJhGxPJs45x+2_Lu-4XZcQ02QOeNiAcTxADA@mail.gmail.com>
Date: Fri, 28 Aug 2015 17:04:34 -0700
Message-ID: <87613zrmct.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/JjujUM-U1OwDBdErAFOzEY5RBZg>
Cc: tcpinc <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Mazieres expires 2015-11-26 PST <mazieres-6pnqnqe9tm6uhqma5whcb3t7jw@temporary-address.scs.stanford.edu>
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Aug 2015 00:04:38 -0000

Eric Rescorla <ekr@rtfm.com> writes:

> I think we're finally getting to the place where we have been
> misunderstanding each other. We have some mechanism in the signaling
> which attempts to break the symmetry and assign one side as A and one
> as B. If that mechanism works, then no signaling in TCP is
> necessary. However, if that mechanism does not work, then you have
> three main choices:
>
> 1. Allow things to just fail.
> 2. Have a mechanism to detect failure and then fall back to ordinary TCP.
> This is what the "b" bit primarily does. You could also do this by having
> the negotiated security protocol detect that both sides thought they
> were (A) or (B) and then discard the handshake and fall back to ordinary
> TCP.
> 3. Have a mechanism to resolve the conflict. This is what a larger
> tiebreaker
> like the one in TCP-use-TLS or the one in ICE does.
>
> Does that seem like a fair summary of the situation?

Indeed, if Mirja was thinking #1, I was thinking #2, and you were
thinking #3, then this all makes sense.  Frankly, I could live with any
of the three, so long as some application action is required.  The only
thing I strongly oppose is having to support encrypted simultaneous open
without some non-default setting by the connecting application.

In the absence of a TCP-SO application that can use TCPINC, I'm in favor
of doing the minimum work possible for TCP-SO, which I thought was #2,
but maybe is #1.  If you strongly prefer #3, we can easily make TCP-ENO
support it either before or after adoption.

David

v2.23.0 | Report a Bug | By Email