Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno
David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Wed, 22 February 2017 18:58 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE256129A2D for <tcpinc@ietfa.amsl.com>; Wed, 22 Feb 2017 10:58:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.902
X-Spam-Level:
X-Spam-Status: No, score=-0.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oy07RvM9PKP9 for <tcpinc@ietfa.amsl.com>; Wed, 22 Feb 2017 10:58:52 -0800 (PST)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B89129A2A for <tcpinc@ietf.org>; Wed, 22 Feb 2017 10:58:52 -0800 (PST)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v1MIwqX6009606; Wed, 22 Feb 2017 10:58:52 -0800 (PST)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v1MIwpA9008295; Wed, 22 Feb 2017 10:58:51 -0800 (PST)
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Wesley Eddy <wes@mti-systems.com>, tcpinc@ietf.org
In-Reply-To: <16c01c14-0896-c8fd-d7c4-e1dd7254420f@mti-systems.com>
References: <CAJU8_nUGxd0yo2htZg6LY_gSHy8xAjSOY9w4zKFLbVDw+CtZDg@mail.gmail.com> <16c01c14-0896-c8fd-d7c4-e1dd7254420f@mti-systems.com>
Date: Wed, 22 Feb 2017 10:58:51 -0800
Message-ID: <87y3wyaw7o.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/Tis5Jk7kb2nYolI9Qhw1jG_j5ww>
Subject: Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: David Mazieres expires 2017-05-23 PDT <mazieres-uahef52gbsnnunrtjtjsagv5ke@temporary-address.scs.stanford.edu>
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 18:58:53 -0000
Wesley Eddy <wes@mti-systems.com> writes: > 1) edge cases where you're communicating with non-ENO hosts, that do not > discard data on SYNs (for whatever reason), and may pollute the data > stream delivered to the application, breaking the goals of TCPINC to > work without impacting the application's TCP mapping > > 2) cases where other TCP extensions (perhaps yet to-be-defined) do > something in conflict with that data Can you make concrete suggestions for wording changes? In particular, we intended to address the points you raised with the following language of section 4.7: 1) If a host sends a SYN-only SYN+ENO segment bearing data and subsequently receives a SYN-ACK segment without an ENO option, that host MUST reset the connection even if the SYN-ACK segment does not acknowledge the SYN data... To avoid unexpected connection resets, ENO implementations MUST disable the use of data in SYN-only segments by default. 2) More specifically, a host that implements ENO MUST discard the data in a received SYN+ENO segment if any of the following applies: ... * The SYN segment contains a non-empty TFO option or any other TCP option implying a conflicting definition of SYN data. If those aren't clear, the question is how to make them so. Thanks, David
- [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Kyle Rose
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Wesley Eddy
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Joe Touch
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno David Mazieres
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Joe Touch
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Wesley Eddy
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno dm-list-tcpcrypt
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Joe Touch
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Joe Touch
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Joe Touch