Re: [tcpinc] Revised version of TCP-ENO
Kyle Rose <krose@krose.org> Tue, 11 August 2015 22:04 UTC
Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DA7F1B2B3B for <tcpinc@ietfa.amsl.com>; Tue, 11 Aug 2015 15:04:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D2DjisGvhxHZ for <tcpinc@ietfa.amsl.com>; Tue, 11 Aug 2015 15:04:16 -0700 (PDT)
Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79081B2B3A for <tcpinc@ietf.org>; Tue, 11 Aug 2015 15:04:15 -0700 (PDT)
Received: by igfj19 with SMTP id j19so1510858igf.1 for <tcpinc@ietf.org>; Tue, 11 Aug 2015 15:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5SqaptCmhUKU09osOZ8PhHh9mv7lj0bzsPYiD2KmTzQ=; b=jFn4hySMbj0WkA9jDZIP1WYlg36lNr0S++66AhQghDAhObJU73z42sbrqz2w4OVn1p 6dpOg7KUCcxnAdlVk4dOngd1utj3AMe3TQBeqTpuTnKRGtdOglSuYVPxX9dIGBPWEuLf yXe+tD88Lmu273i7CMDbUgPrCQksaFKt1w5iM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5SqaptCmhUKU09osOZ8PhHh9mv7lj0bzsPYiD2KmTzQ=; b=frl7HlbbluBfpFKYifMgeDfQle1hUuQdfJHnXrwBpf9XztL8jG+CvRSdO9bUFDq7Qw qEUU6VXZn8j9yjjeBDAjw8863x2NsPEV1Nb+4MjlquI6MBPwsyqiT9TYsFJNBEGpLKW/ uLcvzDIYh8dU7oTEMb/CDm0I52jNRqBmOMib+Gb4ZCwipQhrhS7GMtUifZ3zZDxOf540 GOxNouigQEV/u4kyKK1HT3bZ7NjW9zavZ4HMZpFcwOoW/Tu3fOEbeOPwrU19UOco62cn Iio35yPPtWlsgG12ToV1Ej0pSk+ram6i8arYsi4hNQyMN+utLxaFeF48kvzLRzG1KjUF cRRw==
X-Gm-Message-State: ALoCoQnYAYn8HXvxsluI5h277NYG40db5yqq4sVZklRYNTfE0xvBm2bZmkweMdNSSHVue/lYclX7
MIME-Version: 1.0
X-Received: by 10.50.62.33 with SMTP id v1mr21113749igr.69.1439330655215; Tue, 11 Aug 2015 15:04:15 -0700 (PDT)
Received: by 10.79.31.197 with HTTP; Tue, 11 Aug 2015 15:04:15 -0700 (PDT)
X-Originating-IP: [72.246.0.14]
In-Reply-To: <87pp2vqplu.fsf@ta.scs.stanford.edu>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu>
Date: Tue, 11 Aug 2015 18:04:15 -0400
Message-ID: <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/wAGFHjtTESTr_0WsoRwuE0xmyLY>
Cc: tcpinc@ietf.org
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 22:04:18 -0000
My comments so far: > Once the two sides have exchanged SYN segments, the _negotiated spec_ > is the first valid spec identifier in the SYN segment of host B (that > is, the passive opener in the absence of simultaneous open). In > other words, the order of suboptions in host B's SYN segment > determines spec priority, while the order of suboptions in host A's > SYN segment has no effect. Hosts must disable TCP-ENO if there is no > valid spec in host B's SYN segment. > When possible, host B SHOULD send only one spec identifier (suboption > in the range 0x20-0xff), and SHOULD ensure this option is valid. > However, sending a single valid spec identifier is not required, as > doing so could be impractical in some cases, such as simultaneous > open or library-level implementations that can only provide a static > TCP-ENO option to the kernel. What is the meaning of "first valid spec identifier"? This allowance for multiple spec identifiers sent by host B makes sense if the chosen spec is "the first spec identifier also among those spec identifiers that host A sent", but otherwise there's no difference between host B sending a single static identifier or multiple: if host A supports the first in host B's static list, that would get used; otherwise TCP-ENO negotiation would fail. You seem to imply the meaning above in figure 8, in which case I think the text should be clarified. 3.3: > A TCP segment MUST > include at most one suboption whose high nibble is 0. Does this mean "A TCP SYN segment including the TCP-ENO option MUST..."? 4.1: Do you want to add the additional requirement that session IDs be public, i.e., not be secret to endpoints/applications? Kyle On Mon, Aug 10, 2015 at 8:45 AM, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> wrote: > We have revised the TCP-ENO draft and posted a new version that > addresses feedback we have received so far. The biggest change we made > was to split the document in two. TCP-ENO itself specified is specified > in an experimental status document, as before: > > * https://datatracker.ietf.org/doc/draft-bittau-tcpinc-tcpeno/ > > The API changes are now specified in a new informational status document > that could potentially form the basis of the working group's API > document if people like it: > > * https://datatracker.ietf.org/doc/draft-bittau-tcpinc-api/ > > We'd appreciate feedback on these two new drafts. > > Thanks, > David > > _______________________________________________ > Tcpinc mailing list > Tcpinc@ietf.org > https://www.ietf.org/mailman/listinfo/tcpinc
- [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Everhart, Craig
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Ted Hardie
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Daniel B Giffin
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO dm-list-tcpcrypt
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres