Re: [tcpinc] Simultaneous open tie breaking

Kyle Rose <> Tue, 25 August 2015 14:22 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 51B7A1ACDA1 for <>; Tue, 25 Aug 2015 07:22:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 2.121
X-Spam-Level: **
X-Spam-Status: No, score=2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_31=0.6, J_CHICKENPOX_37=0.6, MANGLED_BACK=2.3, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DEQOXyQZrkTl for <>; Tue, 25 Aug 2015 07:21:56 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C8E4A1B3305 for <>; Tue, 25 Aug 2015 07:21:56 -0700 (PDT)
Received: by iodv127 with SMTP id v127so187832596iod.3 for <>; Tue, 25 Aug 2015 07:21:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mdgxzDcDa23HvEjzx2BlpSsLHZYSzRdNto2hag+b3Ms=; b=Bb9WdT6oilcIltUfgbJ7upf/itlMOSbQF3w6v27ctLa5Ltc6gCkaFkg5ql5JpUnszD pYzbLrQMVExdmMYJsywxBsr5iEr/UHSipDQy4Jo5B8CwrDxRndGPol8JRo3AXycVKXjk YzGmHOyrB54qui8HHXBusfhyCbdLptYC3RecY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=mdgxzDcDa23HvEjzx2BlpSsLHZYSzRdNto2hag+b3Ms=; b=dFXfJTGXHx4/L9DTaOR+9E6OiqQrwYvcunf3L7VQ6FmLeFaKGVfrttajHVDFKH4sOZ WWTccqzXysJ14gY0aVd+RiHP+KOEO4vQ9mYlmofB6UOiS307RlkK0RDFVg7yg9ZqiU2I RPv8XzzTu2tYkmESjeyO8AS1evJKbJhl5Jbx9qpxnpu14hAHTutyCcI2Ocifdy3RiHSo mK8kO0/IqrrJ6X8UWA0Qlv1rxw5+wqlNH+ZEU9kv+t+yHNDfpsDx1Xotu09x+bMO2TJw gsGWgsjmmkmE+xDbaLBjYalnwtSU+oMYt0Orahs814v279BIHGJz3VdxGYjp8vM8XcfR RvWA==
X-Gm-Message-State: ALoCoQnRKCE2XqIlxtA/QG6lRZSU8qsfCdPxUJomg6zeYmKkymzkVGE0iinZ30gOSg5PVjuLN3gc
MIME-Version: 1.0
X-Received: by with SMTP id x39mr23890088ioi.156.1440512516238; Tue, 25 Aug 2015 07:21:56 -0700 (PDT)
Received: by with HTTP; Tue, 25 Aug 2015 07:21:56 -0700 (PDT)
X-Originating-IP: []
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <>
Date: Tue, 25 Aug 2015 10:21:56 -0400
Message-ID: <>
From: Kyle Rose <>
To: David Mazieres expires 2015-11-23 PST <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: tcpinc <>, Tero Kivinen <>
Subject: Re: [tcpinc] Simultaneous open tie breaking
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Aug 2015 14:22:01 -0000

> If we are going to add another round of exchanges anyway, though, why
> not do the tie-breaking there?  We could keep the single b bit as is
> (for applications that want to work it out), and then add a
> variable-length tie-breaking phase.  E.g.,
>     A->B:  SYN ENO<Z, Y>
>     B->A:  SYN ENO<X, Y, Z>
>     A->B:  ACK ENO<Breaker 0x29892a863ce5>
>     B->A:  ACK ENO<Breaker 0xdb636b5918a2>

Why not dump b entirely and just always require an extra round trip
for simultaneous open? It seems to be enough of an edge case that,
given the options, I'd rather not optimize for it (and also not spend
a disproportionate amount of time debating optimization of something
that is such a long-tail, and practically degenerate, use case).

> Before settling on something, I'd like to get a sense of whether people
> think it's okay to ask applications to signal their intent to use
> simultaneous open, or whether it's important for TCP-ENO to enable
> encryption for existing, unmodified applications that use simultaneous
> open.  Those two options put us down different paths.

IMHO, all applications should be able to benefit from TCPINC's
protection against passive eavesdropping without any changes.