[tcpm] Disabling PAWS when possible
Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Thu, 21 June 2018 06:50 UTC
Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 469AB130EB9 for <tcpm@ietfa.amsl.com>; Wed, 20 Jun 2018 23:50:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdOrcL-TvBA6 for <tcpm@ietfa.amsl.com>; Wed, 20 Jun 2018 23:50:03 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.142.130]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3511292F1 for <tcpm@ietf.org>; Wed, 20 Jun 2018 23:50:02 -0700 (PDT)
Received: from mail-it0-f54.google.com (mail-it0-f54.google.com [209.85.214.54]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id B2D0F2784E9 for <tcpm@ietf.org>; Thu, 21 Jun 2018 15:50:00 +0900 (JST)
Received: by mail-it0-f54.google.com with SMTP id a3-v6so3284876itd.0 for <tcpm@ietf.org>; Wed, 20 Jun 2018 23:50:00 -0700 (PDT)
X-Gm-Message-State: APt69E2tNtNIun7zhJNnq2khzTJ0J1bvbw8YqziwvdKR+2b6YYWNXDRn 5x1LkeyycaaCqkhC5lWAXXLLlmHvGRok1qOJq+s=
X-Google-Smtp-Source: ADUXVKK5BPckA5Ek1eRzqlLF7RxRfHMGF1vjpibdKPyRCfGuug74p/6ptTg15LFXD4FtRf4+XAJcd7ImZz0zroAny2s=
X-Received: by 2002:a02:a999:: with SMTP id q25-v6mr19640377jam.47.1529563799487; Wed, 20 Jun 2018 23:49:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:11c4:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 23:49:58 -0700 (PDT)
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Wed, 20 Jun 2018 23:49:58 -0700
X-Gmail-Original-Message-ID: <CAO249yccvy3c2ytrwOFBAg88X3V4ubbUVzr_Ag3PnrJQOFmckg@mail.gmail.com>
Message-ID: <CAO249yccvy3c2ytrwOFBAg88X3V4ubbUVzr_Ag3PnrJQOFmckg@mail.gmail.com>
To: "tcpm@ietf.org" <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ee0f58056f215236"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/0hKvrjmBDYlNBQD0lXymPPEItPE>
Subject: [tcpm] Disabling PAWS when possible
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 06:50:06 -0000
Hello, I have been thinking about PAWS and TS option for a while and prepared a simple short draft. The basic ideas in the draft are like this. 1: There are several technologies (such as tcpinc, mptcp, tls) that can be used as a replacement of PAWS They can even provide stronger protections than PAWS, which might be able to contribute to recycling connections in TIME_WAIT. 2: Some implementations have records of transmission times on each segment which won't require TS option for RTTM. 3: When 1 is available, we don't have to put a TS option in every segment. Also, when 1 and 2 are available, we don't have to use TS option at all. Since we already have base technologies to replace PAWS and TS, all we need here is a simple signaling mechanism for feature negotiation. The draft is still very premature and I may overlook something, but it would be great if I could get some feedback. Thanks, -- Yoshi ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: Wed, Jun 20, 2018 at 9:28 PM Subject: I-D Action: draft-nishida-tcpm-disabling-paws-00.txt To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Disabling PAWS When Other Protections Are Available Author : Yoshifumi Nishida Filename : draft-nishida-tcpm-disabling-paws-00.txt Pages : 7 Date : 2018-06-20 Abstract: PAWS provides protection against old duplicated segments caused by wrapped sequence or earlier incarnated connections. One drawback of PAWS is that it requires to place timestamp option in all segments, which consumes 10-12 bytes in the option space of TCP. In addition, since PAWS just checks if timestamps is older or not, the protection logic is not very strong against malicious attacks or cannot work properly in some situations. On the other hand, some other technologies which can provide stronger protections than PAWS are becoming available these days. In this document, we propose to utilize other protection mechanisms as replacements of PAWS when they are available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-nishida-tcpm-disabling-paws/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-nishida-tcpm-disabling-paws-00 https://datatracker.ietf.org/doc/html/draft-nishida-tcpm-disabling-paws-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- Re: [tcpm] Disabling PAWS when possible Yoshifumi Nishida
- Re: [tcpm] Disabling PAWS when possible Yoshifumi Nishida
- [tcpm] Disabling PAWS when possible Yoshifumi Nishida
- Re: [tcpm] Disabling PAWS when possible Yuchung Cheng
- Re: [tcpm] Disabling PAWS when possible Scheffenegger, Richard
- Re: [tcpm] Disabling PAWS when possible Lawrence Stewart
- Re: [tcpm] Disabling PAWS when possible Yoshifumi Nishida
- Re: [tcpm] Disabling PAWS when possible Yoshifumi Nishida
- Re: [tcpm] Disabling PAWS when possible Fernando Gont
- Re: [tcpm] Disabling PAWS when possible Neal Cardwell
- Re: [tcpm] Disabling PAWS when possible Brian Trammell (IETF)
- Re: [tcpm] Disabling PAWS when possible Scheffenegger, Richard