IETF Logo Mail Archive

Re: [tcpm] Fwd: Re: Data on 'Nonce' and 'Broken' responses to AccECN SYN?

"Scharf, Michael (Nokia - DE/Stuttgart)" <michael.scharf@nokia.com> Wed, 18 July 2018 13:24 UTC

Return-Path: <michael.scharf@nokia.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA0E9130DC4 for <tcpm@ietfa.amsl.com>; Wed, 18 Jul 2018 06:24:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOuN3ibcenGz for <tcpm@ietfa.amsl.com>; Wed, 18 Jul 2018 06:24:50 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40126.outbound.protection.outlook.com [40.107.4.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E03F126F72 for <tcpm@ietf.org>; Wed, 18 Jul 2018 06:24:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F0OGlb46EWQlenAUcafGgNNgI8qk8wKD5CPfgSzRwuM=; b=AzDAtDM91Ff8XUwIZAAhr/8YMZ+Umg7KnQ3iPnT19lPffdno9bfgk+IL0uNzplec8i+XqBS+OKE51RI3gkciCGAnmX3mH/P0+jtXlA/QLPmnxWO1wP6Q+J8uD5Gswcapm/MTTDrRcMO7p6Nl1zbjvNHpOUcqDKuIr6906cLnrnA=
Received: from VI1PR07MB0880.eurprd07.prod.outlook.com (10.161.108.22) by VI1PR07MB3248.eurprd07.prod.outlook.com (10.175.243.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.14; Wed, 18 Jul 2018 13:24:47 +0000
Received: from VI1PR07MB0880.eurprd07.prod.outlook.com ([fe80::3c69:da1e:3095:ab25]) by VI1PR07MB0880.eurprd07.prod.outlook.com ([fe80::3c69:da1e:3095:ab25%11]) with mapi id 15.20.0973.016; Wed, 18 Jul 2018 13:24:47 +0000
From: "Scharf, Michael (Nokia - DE/Stuttgart)" <michael.scharf@nokia.com>
To: Bob Briscoe <ietf@bobbriscoe.net>
CC: ANNA MARIA MANDALARI <amandala@it.uc3m.es>, tcpm IETF list <tcpm@ietf.org>
Thread-Topic: [tcpm] Fwd: Re: Data on 'Nonce' and 'Broken' responses to AccECN SYN?
Thread-Index: AQHUHow/b8Ap3RKVakKEgphqvUnb66SU9+Dw
Date: Wed, 18 Jul 2018 13:24:47 +0000
Message-ID: <VI1PR07MB0880A7BF3FCC4FBC31E81D6093530@VI1PR07MB0880.eurprd07.prod.outlook.com>
References: <CANBVbAtF3nrSEW+Mf5vcmS9HioKaVSTr2JEvzrwX2xztkghQeQ@mail.gmail.com> <bb5e3d4c-3c79-1790-3780-b1fdec9cb2b3@bobbriscoe.net>
In-Reply-To: <bb5e3d4c-3c79-1790-3780-b1fdec9cb2b3@bobbriscoe.net>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.245.212.158]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB3248; 6:X0MGbL/a3AqEFVE0fzM0btHG3sf8OC3VcKzUSQfIb/hISi0+toicbpkguxZqHQDt8UyetcG7+JQlFHY40HGZ5weE8EURaJGQnMvjK4ZCm7KTTq/w8FdnZMCKXB7YK5Rb5/rNk9Z1p7w/Cb2p9rqGFirzb9bP239BHZpZa3bTnhcJhyTt8Gwxv46et2VSUXHJkglV3iQf1slAcNGUwSOOoIZmotDFBhI2TvF8dWdkLuDn0wvZDNWSxUPpiX6HaO4so+znpF+kUUtKEMyEslUR5tB7W6Sbp0ntlm2NGuNllDZxhHO3+pC1dHZXFEcWe9ZMiRvxG4y7MgN7pbDGPOFq0WYKgrJ2ExLPOgwyuxZMmZd8A+wexIaxA6nfvbpNulOn9C57PvsKV3lI/Va3RxQbASGwP5gzKmaTbsdePOuS4381iiGF4KLo3EqET5+rfCIOPie+osaL8fHbPeREwFNwKg==; 5:W1t2NA4IE95LcCVw4ISxrnqofugKmRQTYTCfkJL1kzggYdRq2uIx6hovy7k5v8FHzLxuzOxRBKacLAZHOefkUTtJqC+bFiyzzLJtjQVe1qlk/8BbAYrC4sJOEetytuqy8RgKXsGd5zLI36DvDWybqNQIwOsmapbKzcmgOLxnFi0=; 7:h7ZRj2/TJwmPNbuaM8dNi2DsVUu6b9rgz83yMOcoXgt2lmrQyt7X0Tj7l+MkEvCkT0sEZBc6XhOrGeMurdvNldPXPKamwGwyJ9wsxcETSvUFn9uaeFi/pqby4zN8tmr3wmmYSaNJ39U9JGMepj8plC5ubQZL9Mr3oDFaXWlTtmiNBm/ZVP16PkBON+lZciSLX+xQBcRbeHHrwdCS+pGnoz/oAX/AfXOAQX6+6cGIWTFZ6N7TfVLW8ljpMs0Jhv8d
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 0b3a9a57-9d91-4235-f923-08d5ecb1d580
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600064)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7193020); SRVR:VI1PR07MB3248;
x-ms-traffictypediagnostic: VI1PR07MB3248:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.scharf@nokia.com;
x-microsoft-antispam-prvs: <VI1PR07MB3248B131120BB6613616862A93530@VI1PR07MB3248.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(85827821059158)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231311)(11241501184)(806099)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:VI1PR07MB3248; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB3248;
x-forefront-prvs: 0737B96801
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(376002)(346002)(136003)(366004)(189003)(199004)(54896002)(6916009)(5660300001)(316002)(6436002)(66066001)(7696005)(102836004)(7736002)(9686003)(3846002)(54906003)(55016002)(236005)(186003)(106356001)(26005)(6306002)(74316002)(76176011)(105586002)(6506007)(97736004)(33656002)(53546011)(790700001)(68736007)(81156014)(6116002)(81166006)(8676002)(2906002)(8936002)(4326008)(14454004)(53376002)(229853002)(966005)(478600001)(2900100001)(6246003)(25786009)(53936002)(476003)(486006)(446003)(256004)(5024004)(11346002)(5250100002)(86362001)(99286004)(606006); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB3248; H:VI1PR07MB0880.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 4V7JTaqggwcaxrQaeduWNbHd821YDysPOMJASRVY4Gy9voStJOtBgkba5hek7b83/laM0eoVp1y3SAQZefVzQHJWeF0bsG6hLiGhEW/Wufhubgycus8Kh3YfUXnteSIcYGssy9Frx6RUXy484dm6fvDqPzwQQvnUazT0m9HcsKOkDzj5odK17kMz/4lUzy8D66gflZ5vl4istxoNtQUlevtEk8eaxTeIofeYaNV04Ali568/qxFUQiK+BF52Aw5YUGU9WRYXHI3UnVjsYGE2256kYIdFF81aTGTK26Qrd3hLQYx5gvlD9sDEulPQeGRYnxKJeMWulK011AGabESvAZBdUxmmQ21JcnsFGJ6nxix4EuqmLKb7jgyVCak4fszgnuFtJWzeW76BAyMN6nnjlA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB0880A7BF3FCC4FBC31E81D6093530VI1PR07MB0880eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b3a9a57-9d91-4235-f923-08d5ecb1d580
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2018 13:24:47.6607 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3248
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/7XquimsZzhk-BLDU6-lN9R4ot-w>
Subject: Re: [tcpm] Fwd: Re: Data on 'Nonce' and 'Broken' responses to AccECN SYN?
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 13:24:54 -0000

Interesting. So what prevents us from reserving the nonce pattern for future use?

Michael


From: tcpm [mailto:tcpm-bounces@ietf.org] On Behalf Of Bob Briscoe
Sent: Wednesday, July 18, 2018 1:41 PM
To: Michael Scharf <michael.scharf@gmail.com>
Cc: ANNA MARIA MANDALARI <amandala@it.uc3m.es>; tcpm IETF list <tcpm@ietf.org>
Subject: [tcpm] Fwd: Re: Data on 'Nonce' and 'Broken' responses to AccECN SYN?

Michael,

Below is data from 410,803 of the Alexa top 500k web server that confirms what I said in the presentation about space for future evolution of AccECN:

  *   the nonce pattern on the SYN-ACK could be reused now (0.0007%)
  *   the broken reflection pattern is still far too prevalent to re-use it (0.35%).
If anyone wants the list of broken servers that Anna attached for me, pls ask.
The whole dataset is also available via: http://www.it.uc3m.es/amandala/ecn++/

@Anna, thanks v much for responding so quickly - it was me that hadn't read your email in time for the talk.



Bob

-------- Forwarded Message --------
Subject:

Re: Data on 'Nonce' and 'Broken' responses to AccECN SYN?

Date:

Tue, 17 Jul 2018 15:42:10 +0200

From:

ANNA MARIA MANDALARI <amandala@it.uc3m.es><mailto:amandala@it.uc3m.es>

To:

Bob Briscoe <research@bobbriscoe.net><mailto:research@bobbriscoe.net>


Hi Bob,

I had a look at the data and I found 1,438 servers over the top 410,803 Alexa (0.35%) that reply SYN/ACK+111 to a SYN+111 (attached the list).

Only 3 servers (0.0007%) reply SYN/ACK+101 to a SYN+111:

test_synack;200.12.171.53;80;ect;0;flags;338
test_synack;60.28.220.134;80;ect;0;flags;338
test_synack;200.12.171.52;80;ect;0;flags;338

Let me know if I can help you with something else!






2018-07-17 13:26 GMT+02:00 Bob Briscoe <research@bobbriscoe.net<mailto:research@bobbriscoe.net>>:
Anna,

Could you do me a favour and look up how many servers responded to an AccECN (111) SYN with a SYN/ACK carrying respectively 'Nonce' (101) or 'Broken' (111)?

And also the total number of tests sent with an AccECN SYN, so I can give proportions in the AccECN draft.

Cheers



Bob (too lazy to look at the data myself)

--
________________________________________________________________
Bob Briscoe                               http://bobbriscoe.net/



--
ANNA MARIA MANDALARI
Universidad Carlos III de Madrid

v2.23.0 | Report a Bug | By Email