IETF Logo Mail Archive

Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

Eric Rescorla <ekr@rtfm.com> Thu, 27 August 2015 17:35 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2C81B3CA8 for <tcpinc@ietfa.amsl.com>; Thu, 27 Aug 2015 10:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.011
X-Spam-Level: **
X-Spam-Status: No, score=2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, FRT_STOCK2=3.988, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pItsmGA5gXCC for <tcpinc@ietfa.amsl.com>; Thu, 27 Aug 2015 10:35:11 -0700 (PDT)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 627B51B3C8E for <tcpinc@ietf.org>; Thu, 27 Aug 2015 10:35:11 -0700 (PDT)
Received: by wicne3 with SMTP id ne3so81762400wic.0 for <tcpinc@ietf.org>; Thu, 27 Aug 2015 10:35:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=XmKiH5/gmyUxRqygVFBlScjPuwRn8B2xzOOlFfOgEiA=; b=m4Xpz2FpQycH/ol3HKQZbA282ByfbW21VuuZqkNn/M1RKFQlWYcoVFT40gsy+kNSPV UrP7yw3yzDGwTrHsBJ4Oh/vNax/VUcQoWwQXt0tlNskwQN6lLY/PD5tkhwzmHrKpb8w7 9kuim3sacl2EYfgnP+c+mQBp+vzaurVtJuEBZR0fx7gbBbkmc0iWOuEm9FgP12yJCznH DY8Sn1cwPJdkBQy6PFtbI3PUfxHN4oas4EJEAE3bCaWRofK/1gYNDABojBlPTkAYr9vS 3DO3a4fo31yoaHw97/lAZ9u+Qoy4QAmqP/QNGReZpv3OsnrWzRD3tvwujj3x3hSTjhK1 sclA==
X-Gm-Message-State: ALoCoQnh2SxXurJ8FAWYVJUPmsr0LRJfar2ZD3NcJgGwyx74c4qvQVu5Y3Osdl14F9DFVM7vZc6I
X-Received: by 10.180.75.78 with SMTP id a14mr12802549wiw.68.1440696910090; Thu, 27 Aug 2015 10:35:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.179.221 with HTTP; Thu, 27 Aug 2015 10:34:30 -0700 (PDT)
In-Reply-To: <877fogvdq7.fsf@ta.scs.stanford.edu>
References: <CABcZeBNEFVkDi38y3G-C2nQF=dzW2mGDsj5DVK_OKVkPwK=G0g@mail.gmail.com> <878u92oadf.fsf@ta.scs.stanford.edu> <CABcZeBMfk5C4-LF0fDLKpJktV3hJyzRUNfe0gO8RYDnzcs3yMA@mail.gmail.com> <87zj1inf7n.fsf@ta.scs.stanford.edu> <CABcZeBMZCjrwpTH+CkZS_p8TYGEFsXwxGn=KfPe28hY5f=2oXw@mail.gmail.com> <87oahuta7j.fsf@ta.scs.stanford.edu> <CABcZeBPiUxByxUVJ3cb5LaeH5T1LX3iZFetP4cXM3O9avzBkCA@mail.gmail.com> <87si75jo4s.fsf@ta.scs.stanford.edu> <BDF93B3E-9DE0-4FEA-A4A7-6E6A69E4169B@tik.ee.ethz.ch> <87h9nkkcqc.fsf@ta.scs.stanford.edu> <55DF25DC.2040001@tik.ee.ethz.ch> <87twrkhfpg.fsf@ta.scs.stanford.edu> <CAJU8_nWktUwni0=nywx-bbHg+j_K5GWFAZD8g3ZbKx7GLk4jpQ@mail.gmail.com> <877fogvdq7.fsf@ta.scs.stanford.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 27 Aug 2015 10:34:30 -0700
Message-ID: <CABcZeBPTGQvjdP7-6=+mN0S6wWOZC8PrsZhGu85NMkFQF-nMXg@mail.gmail.com>
To: David Mazieres expires 2015-11-25 PST <mazieres-9kk64xehni8g3ju8jaj4asq862@temporary-address.scs.stanford.edu>
Content-Type: multipart/alternative; boundary="f46d0438eb9d8e29a7051e4e6351"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/VcxpiBJd-VtDvh2W_tkYAqin4_s>
Cc: tcpinc <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 17:35:13 -0000

On Thu, Aug 27, 2015 at 10:32 AM, David Mazieres <
dm-list-tcpcrypt@scs.stanford.edu> wrote:

> Kyle Rose <krose@krose.org> writes:
>
> > I think maybe what Mirja is implying is that it's okay to break TCP
> > (i.e., not fall back to unencrypted) if the two peers explicitly set
> > their roles locally to the same thing. TCP-ENO-aware applications that
> > set the role are assumed to get it right and not set both to A or both
> > to B.
> >
> > Question re: the WG goals: is it in fact okay not to always fall back
> > to unencrypted TCP if the applications themselves are aware of TCPINC
> > and relying on TCPINC-specific API calls?
>
> So to be pedantic here, we are now assuming a design with three local
> states for each side, let's call them NULL, A, and B.  If both sides of
> a simultaneous open are NULL (the default) you get unencrypted TCP.  If
> one side is A and the other is B, you get TCP-ENO.  In the other 6
> permutations, you get complete connection failure.
>
> I don't particularly love that or foresee getting a WG consensus behind
> it, but I guess I could live with it.  Moreover, it doesn't really
> address any of the "hot" TCP-SO questions at this point, which are:
>
>  1. Does TCP-SO really exist in the wild, and if so under what
>     circumstances (NAT, no NAT, etc.)?
>

TCP-SO definitely exists in the wild. We do it in Firefox's ICE stack.

-Ekr


>  2. If applications of TCP-SO exist, must TCPINC support them
>     unmodified, or is it okay to disable encryption in the absence of a
>     setsockopt on at least one end of the connection?
>
>  3. If we require a setsockopt to encrypt a TCP-SO connection, is it
>     okay to ask applications to break the tie as well?
>
> For my part, I'm beginning to have doubts about 1, but answer YES to 2
> and 3.
>
> David
>

v2.23.0 | Report a Bug | By Email