Re: [tcpinc] TCP-ENO draft 04 posted
Joe Touch <touch@isi.edu> Fri, 29 July 2016 23:24 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF11D12D0C4 for <tcpinc@ietfa.amsl.com>; Fri, 29 Jul 2016 16:24:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.187
X-Spam-Level:
X-Spam-Status: No, score=-8.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MmZ1jJvj3Ogg for <tcpinc@ietfa.amsl.com>; Fri, 29 Jul 2016 16:24:13 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA82312D17B for <tcpinc@ietf.org>; Fri, 29 Jul 2016 16:24:13 -0700 (PDT)
Received: from [128.9.184.41] ([128.9.184.41]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id u6TNNF9k010359 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 29 Jul 2016 16:23:16 -0700 (PDT)
To: David Mazieres expires 2016-10-27 PDT <mazieres-2u5dqmt2am7nrrif3uubqnwdi6@temporary-address.scs.stanford.edu>, tcpinc <tcpinc@ietf.org>
References: <87invokuu8.fsf@ta.scs.stanford.edu> <579BCAD1.4020509@isi.edu> <87fuqskpjh.fsf@ta.scs.stanford.edu>
From: Joe Touch <touch@isi.edu>
Message-ID: <579BE560.2060300@isi.edu>
Date: Fri, 29 Jul 2016 16:23:12 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <87fuqskpjh.fsf@ta.scs.stanford.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/hUnYen6pHx2fk9a3O7twvbpiKVI>
Subject: Re: [tcpinc] TCP-ENO draft 04 posted
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 23:24:15 -0000
On 7/29/2016 4:11 PM, David Mazieres wrote: > Joe Touch <touch@isi.edu> writes: > >> Hi, all, >> >> I'm very confused by the new SYN data text. >> >> First, if you really want state based on previous connections that >> allows early use of SYN data before the 3WHS, that seems to be the very >> definition of TFO. So declaring that this solution is valid only where >> TFO isn't used seems the opposite of what I would expect. > TFO requires sending plaintext. ENO explicitly prohibits it. Either or > both options could get munged by a middlebox. Hence, it is much safer > to say that ENO specs can do something TFO-like than to allow ENO specs > to modify the semantics of TFO. Fair enough, but then you really need to re-implement the bulk of what TFO does if you intend to act on previous state as if it were known for future connections. > The principle here is that it is far more likely for a middlebox to > remove a TCP option than it is for a middlebox to add a TCP option > created out of thin air. TCP is a reliable transport protocol. That reliability is not predicated on "likeliness". > >> Second, the text doesn't cover the case where the endpoint abilities >> have changed. Unless you use TFO cookies to verify that ability, you >> should not assume you know it. Which means you can easily be sending >> data you need to unroll - and the only safe way to do that (if the >> endpoint turns out to be non-ENO even if you assumed otherwise) is to >> terminate the connection. > Quite possibly. However, the goal of section 4.7 is not to prevent TEPs > from doing "bad" things. Rather, the goal is to impose the minimum > restrictions such that if different TEPs say different things about SYN > data, then it is always unambiguous which TEP specification governs a > particular SYN segment. A secondary goal is to ensure that TEPs can > later be amended to take advantage of SYN data (because initial TEP > implementations MUST discard SYN data whose usage the old specification > did not define). > > Questions about when to reset a connection (or whether to allow some > really weird behavior when the application has explicitly requested it) > should be deferred to the point at which a TEP actually wants to use SYN > data. If you foresee problems with the current wording (as opposed to > what future TEPs might hypothetically do), then it would help to discuss > two questions separately: > > 1. Is the current section 4.7 setting the right goals? IMO, it is incomplete. The first goal should be correct TCP behavior in all cases. A secondary goal can be optimization, but only when it does not interfere with the first goal at all. > 2. Is the current section 4.7 achieving its goals? > >> Third, the claim that "Using data in SYNs deviates..." is incorrect. >> Data in the SYN is valid for TCP. Did you mean "acting on received data >> in the SYN before the 3WHS in the absence of TFO deviates..."? > I originally had "consuming" instead of "using," but thought that read > kind of weird. Would you prefer "consuming"? And yes I definitely > meant in the absence of TFO, since the absence of TFO is required. (TFO > itself already claims to deviate from standard TCP semantics.) I appreciate the desire to avoid TFO with ENO, but then you need to stick to non-TFO semantics. That means that previous connection state can be used only as a hint, and that the connection MUST be able to undo 100% of that hint when (not if) it is wrong. In that case, you have only two options: 1) require that ENO never *send* SYN data 2) require that failed ENO negotiation MUST result in a dropped connection In the case of #2, the question is what to do next. I don't see a good way to make an *option* require a TCP retry. That's why I suggested #1, unless - of course - you build some sort of TFO-like way to ensure that you're not just talking to the same IP you spoke to before, but the same endpoint stack. Joe
- Re: [tcpinc] TCP-ENO draft 04 posted David Mazieres
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- Re: [tcpinc] TCP-ENO draft 04 posted David Mazieres
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- [tcpinc] TCP-ENO draft 04 posted dm-list-tcpcrypt