IETF Logo Mail Archive

Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

Eric Rescorla <ekr@rtfm.com> Fri, 28 August 2015 17:22 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584771ACDED for <tcpinc@ietfa.amsl.com>; Fri, 28 Aug 2015 10:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M356NMutH7UO for <tcpinc@ietfa.amsl.com>; Fri, 28 Aug 2015 10:22:13 -0700 (PDT)
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7A611ACDB6 for <tcpinc@ietf.org>; Fri, 28 Aug 2015 10:22:12 -0700 (PDT)
Received: by wiyy7 with SMTP id y7so5525562wiy.1 for <tcpinc@ietf.org>; Fri, 28 Aug 2015 10:22:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mf/E3HlfyXiVQVyc1L6u/MDUCo6VUarXW6170B36M38=; b=jg553YZpM/hCrRTDt5k6s8ufwGoOwNTmq3Y4BcWVs2kcJwpG1HNk5LdOWPdjcfjai9 k7EnWhyxXadUgiFHneP9BNUSgpak9yVDzOQuW7k+PoSh7Zls/7/srq1d27YhGtE7rtfy SiFhSI6bvtVM4bRjSAYBOc6lvy1ycrIf0KjBCk1zcjceI46pGV8grju06netlCRAHvsz qDPdVvsV4KiLJ39FcRCJ3nPhx9U545V3QlvR15X/c+FoPuYNj9a+yBfzD0NcSPPb8nZh 54fIYuVnmLGspQLkcN9zAPccQ+zxrDfVPYGOiJWyVlAjm7QLdkgeqHE52LHl+3jYs7ha NIRA==
X-Gm-Message-State: ALoCoQmyPuUeFhmmnOTBYk59mhNXxDDEdftTU/o3rIvexvbXkvFhsr0fNrjGh8PVzIYns/qnPvmC
X-Received: by 10.194.79.225 with SMTP id m1mr12954431wjx.8.1440782531257; Fri, 28 Aug 2015 10:22:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.179.221 with HTTP; Fri, 28 Aug 2015 10:21:31 -0700 (PDT)
In-Reply-To: <CABcZeBPVhQ-nJw4zjELXeU8LwhkyMGxi3gEROaEa0iTsjt=y4g@mail.gmail.com>
References: <CABcZeBNEFVkDi38y3G-C2nQF=dzW2mGDsj5DVK_OKVkPwK=G0g@mail.gmail.com> <878u92oadf.fsf@ta.scs.stanford.edu> <CABcZeBMfk5C4-LF0fDLKpJktV3hJyzRUNfe0gO8RYDnzcs3yMA@mail.gmail.com> <87zj1inf7n.fsf@ta.scs.stanford.edu> <CABcZeBMZCjrwpTH+CkZS_p8TYGEFsXwxGn=KfPe28hY5f=2oXw@mail.gmail.com> <87oahuta7j.fsf@ta.scs.stanford.edu> <CABcZeBPiUxByxUVJ3cb5LaeH5T1LX3iZFetP4cXM3O9avzBkCA@mail.gmail.com> <87si75jo4s.fsf@ta.scs.stanford.edu> <BDF93B3E-9DE0-4FEA-A4A7-6E6A69E4169B@tik.ee.ethz.ch> <87h9nkkcqc.fsf@ta.scs.stanford.edu> <55DF25DC.2040001@tik.ee.ethz.ch> <87twrkhfpg.fsf@ta.scs.stanford.edu> <CAJU8_nWktUwni0=nywx-bbHg+j_K5GWFAZD8g3ZbKx7GLk4jpQ@mail.gmail.com> <877fogvdq7.fsf@ta.scs.stanford.edu> <CABcZeBPTGQvjdP7-6=+mN0S6wWOZC8PrsZhGu85NMkFQF-nMXg@mail.gmail.com> <8737z3kijy.fsf@ta.scs.stanford.edu> <CABcZeBPVhQ-nJw4zjELXeU8LwhkyMGxi3gEROaEa0iTsjt=y4g@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 28 Aug 2015 10:21:31 -0700
Message-ID: <CABcZeBOo9_0TkJUXrnk4Ffykr9ymxjPTXf-YobeOTLA3K+950Q@mail.gmail.com>
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
Content-Type: multipart/alternative; boundary="047d7b10c903f98776051e6252e2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/sMGFF1aKhU68pVFdv59rG65ZEWU>
Cc: tcpinc <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2015 17:22:14 -0000

I should also mention several other points about this:

1. Chrome doesn't do SO candidates even though it has ICE-TCP.
TCP NAT traversal works so badly that the major argument for ICE-TCP
is to allow for clients to talk to public servers even if they are behind
TCP-only firewalls, and that doesn't require SO.

2. We just added ICE-TCP and we may also remove SO if experience
shows it doesn't help.

3. WebRTC has its own COMSEC so we would want to disable TCPCINC
for these settings in any case.

So I think this is really an argument in favor of "don't worry too much
about SO"

-Ekr


On Fri, Aug 28, 2015 at 10:18 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> On Thu, Aug 27, 2015 at 11:56 PM, David Mazieres <
> dm-list-tcpcrypt@scs.stanford.edu> wrote:
>
>> Eric Rescorla <ekr@rtfm.com> writes:
>>
>> >>  1. Does TCP-SO really exist in the wild, and if so under what
>> >>     circumstances (NAT, no NAT, etc.)?
>> >
>> > TCP-SO definitely exists in the wild. We do it in Firefox's ICE stack.
>>
>> So I'm not familiar with ICE over TCP, though I see there's now an
>> RFC6544 on this.  Is that what firefox does?  That's great information.
>>
>> With RFC6544, could the controlling/controlled roles be used to break
>> ties?  E.g., with TCP-ENO, could the controlling peer just always set
>> b=1?
>
>
> The problem is that there are situations where each side thinks it is
> controlling
> ("role conflicts"). RFC 5245 has the tiebreaker field to resolve this.
>
> -Ekr
>
>
>

v2.23.0 | Report a Bug | By Email