Re: [tcpinc] TCP-ENO draft 04 posted
David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Sat, 30 July 2016 00:24 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93B6112D575 for <tcpinc@ietfa.amsl.com>; Fri, 29 Jul 2016 17:24:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.188
X-Spam-Level:
X-Spam-Status: No, score=-2.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CXl1Gfjl4FI for <tcpinc@ietfa.amsl.com>; Fri, 29 Jul 2016 17:24:58 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF34C12D0F7 for <tcpinc@ietf.org>; Fri, 29 Jul 2016 17:24:58 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id u6U0OwpD005127; Fri, 29 Jul 2016 17:24:58 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id u6U0OwZs017512; Fri, 29 Jul 2016 17:24:58 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Joe Touch <touch@isi.edu>, tcpinc <tcpinc@ietf.org>
In-Reply-To: <579BE560.2060300@isi.edu>
References: <87invokuu8.fsf@ta.scs.stanford.edu> <579BCAD1.4020509@isi.edu> <87fuqskpjh.fsf@ta.scs.stanford.edu> <579BE560.2060300@isi.edu>
Date: Fri, 29 Jul 2016 17:24:57 -0700
Message-ID: <87d1lwkm5i.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/c2lrLoOtZMHiO4laPW5h8QHJE_U>
Subject: Re: [tcpinc] TCP-ENO draft 04 posted
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: David Mazieres expires 2016-10-27 PDT <mazieres-km7uit28qazn68v63terznb4fn@temporary-address.scs.stanford.edu>
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jul 2016 00:24:59 -0000
Joe Touch <touch@isi.edu> writes: > Fair enough, but then you really need to re-implement the bulk of what > TFO does if you intend to act on previous state as if it were known for > future connections. Yes, except the reimplementation may turn out to be simplified by the fact that A) TEPs have a cryptographically strong way to check data integrity at their disposal, and B) there may be extrinsic information about the server-side SYN handling. E.g., if TCPINC ever integrates with DANE, there could be a DNS record promising that a server always implements some TEP and is always willing to engage in some server authentication pre-protocol. In that case, the client can count on the server observing ENO's requirement to discard unexpected SYN data. >> 1. Is the current section 4.7 setting the right goals? > IMO, it is incomplete. > > The first goal should be correct TCP behavior in all cases. I don't understand. Don't we already have RFC793 and the whole IETF process to ensure correct TCP behavior? I'm not saying TCP-ENO should advocate incorrect behavior, just that A) most correctness requirements are implicit (or by normative citation of RFC793), and B) from time to time the IETF sees value in deviating from RFC793 (e.g., TFO). There's no reason to write the spec in such a way as to complicate or redundantly prohibit future TFO-like things *if* the IETF wants to pursue them. > I appreciate the desire to avoid TFO with ENO, but then you need to > stick to non-TFO semantics. Unless a TEP specifies TFO-like semantics, right? There may be value in having a TEP replicate or incorporate TFO, but for backwards compatibility A) it should do so without including option 34, and B) older versions of the TEP should ignore the SYN data. > That means that previous connection state can be used only as a hint, > and that the connection MUST be able to undo 100% of that hint when (not > if) it is wrong. > > In that case, you have only two options: > > 1) require that ENO never *send* SYN data > > 2) require that failed ENO negotiation MUST result in a dropped > connection > > In the case of #2, the question is what to do next. I could see going with #2 if that's the sentiment of the working group, but my preference would be to leave it up to the individual TEP, for two reasons. First, we don't have any empirical evidence about SYN data buffering, and it does seem like something that can be probed for or annouced at a different layer of abstraction. Second, as things evolve, who's to say some future TEP won't have a better workaround for the problem? As a compromise, how about making #2 a SHOULD, so as to minimize the chances of TEP accidentally messing this up without closing the door on intentional deviations? David
- Re: [tcpinc] TCP-ENO draft 04 posted David Mazieres
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- Re: [tcpinc] TCP-ENO draft 04 posted David Mazieres
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- [tcpinc] TCP-ENO draft 04 posted dm-list-tcpcrypt