[tcpinc] New draft of TCP-ENO
David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Fri, 20 January 2017 20:05 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B42E41293E1 for <tcpinc@ietfa.amsl.com>; Fri, 20 Jan 2017 12:05:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level:
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DP5HgCPec6ZM for <tcpinc@ietfa.amsl.com>; Fri, 20 Jan 2017 12:05:56 -0800 (PST)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FC42127735 for <tcpinc@ietf.org>; Fri, 20 Jan 2017 12:05:56 -0800 (PST)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v0KK5u2o087163 for <tcpinc@ietf.org>; Fri, 20 Jan 2017 12:05:56 -0800 (PST)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v0KK5ua4080733; Fri, 20 Jan 2017 12:05:56 -0800 (PST)
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: tcpinc <tcpinc@ietf.org>
In-Reply-To: <20170120041448.GA1063@scs.stanford.edu>
References: <20170120041448.GA1063@scs.stanford.edu>
Date: Fri, 20 Jan 2017 12:05:56 -0800
Message-ID: <87mvelo5sr.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/frqYipXTh0_hYQSKjOrxACo_5SM>
Subject: [tcpinc] New draft of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: David Mazieres expires 2017-04-20 PDT <mazieres-v7b3262yqn33jbixwzk9qme55w@temporary-address.scs.stanford.edu>
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2017 20:05:57 -0000
There is a new draft of TCP-ENO, here: https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/ There are very few changes from the previous draft, and most of them are just cosmetic improvements or clarifications. At the last meeting, there was some discussion about whether the draft should allow a host to send an ENO option with zero suboptions. Upon further reflection, it appeared there was really nothing in the existing draft that would prevent such usage. Hence, the only action we took on this question was to clarify the situation by adding the following paragraph to the end of section 4.6: A host MAY send a _vacuous_ SYN-form ENO option containing zero TEP identifier suboptions. If either host sends a vacuous ENO option, it follows that there are no valid TEP identifiers for the connection and hence the connection must fall back to unencrypted TCP. Hosts MAY send vacuous ENO options to indicate that ENO is supported but unavailable by configuration, or to probe network paths for robustness to ENO options. However, a passive opener MUST NOT send a vacuous ENO option in a SYN-ACK segment unless there was an ENO option in the SYN segment it received. Moreover, a passive opener's SYN-form ENO option MUST still include a global suboption with "b = 1", as discussed in Section 4.3. David
- [tcpinc] New draft of tcpcrypt posted Daniel B Giffin
- [tcpinc] New draft of TCP-ENO David Mazieres