IETF Logo Mail Archive

[tcpm] Disabling PAWS when possible

Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Thu, 21 June 2018 06:50 UTC

Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 469AB130EB9 for <tcpm@ietfa.amsl.com>; Wed, 20 Jun 2018 23:50:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdOrcL-TvBA6 for <tcpm@ietfa.amsl.com>; Wed, 20 Jun 2018 23:50:03 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.142.130]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3511292F1 for <tcpm@ietf.org>; Wed, 20 Jun 2018 23:50:02 -0700 (PDT)
Received: from mail-it0-f54.google.com (mail-it0-f54.google.com [209.85.214.54]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id B2D0F2784E9 for <tcpm@ietf.org>; Thu, 21 Jun 2018 15:50:00 +0900 (JST)
Received: by mail-it0-f54.google.com with SMTP id a3-v6so3284876itd.0 for <tcpm@ietf.org>; Wed, 20 Jun 2018 23:50:00 -0700 (PDT)
X-Gm-Message-State: APt69E2tNtNIun7zhJNnq2khzTJ0J1bvbw8YqziwvdKR+2b6YYWNXDRn 5x1LkeyycaaCqkhC5lWAXXLLlmHvGRok1qOJq+s=
X-Google-Smtp-Source: ADUXVKK5BPckA5Ek1eRzqlLF7RxRfHMGF1vjpibdKPyRCfGuug74p/6ptTg15LFXD4FtRf4+XAJcd7ImZz0zroAny2s=
X-Received: by 2002:a02:a999:: with SMTP id q25-v6mr19640377jam.47.1529563799487; Wed, 20 Jun 2018 23:49:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:11c4:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 23:49:58 -0700 (PDT)
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Wed, 20 Jun 2018 23:49:58 -0700
X-Gmail-Original-Message-ID: <CAO249yccvy3c2ytrwOFBAg88X3V4ubbUVzr_Ag3PnrJQOFmckg@mail.gmail.com>
Message-ID: <CAO249yccvy3c2ytrwOFBAg88X3V4ubbUVzr_Ag3PnrJQOFmckg@mail.gmail.com>
To: "tcpm@ietf.org" <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ee0f58056f215236"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/0hKvrjmBDYlNBQD0lXymPPEItPE>
Subject: [tcpm] Disabling PAWS when possible
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 06:50:06 -0000

Hello,

I have been thinking about PAWS and TS option for a while and prepared a
simple short draft.
The basic ideas in the draft are like this.

1: There are several technologies (such as tcpinc, mptcp, tls) that can be
used as a replacement of PAWS
    They can even provide stronger protections than PAWS, which might be
able to contribute to recycling connections in TIME_WAIT.

2: Some implementations have records of transmission times on each segment
which won't require TS option for RTTM.

3: When 1 is available, we don't have to put a TS option in every segment.
    Also, when 1 and 2 are available, we don't have to use TS option at all.
    Since we already have base technologies to replace PAWS and TS, all we
need here is a simple signaling mechanism for feature negotiation.

The draft is still very premature and I may overlook something, but it
would be great if I could get some feedback.

Thanks,
--
Yoshi

---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Wed, Jun 20, 2018 at 9:28 PM
Subject: I-D Action: draft-nishida-tcpm-disabling-paws-00.txt
To: i-d-announce@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts
directories.


        Title           : Disabling PAWS When Other Protections Are
Available
        Author          : Yoshifumi Nishida
        Filename        : draft-nishida-tcpm-disabling-paws-00.txt
        Pages           : 7
        Date            : 2018-06-20

Abstract:
   PAWS provides protection against old duplicated segments caused by
   wrapped sequence or earlier incarnated connections.  One drawback of
   PAWS is that it requires to place timestamp option in all segments,
   which consumes 10-12 bytes in the option space of TCP.  In addition,
   since PAWS just checks if timestamps is older or not, the protection
   logic is not very strong against malicious attacks or cannot work
   properly in some situations.  On the other hand, some other
   technologies which can provide stronger protections than PAWS are
   becoming available these days.  In this document, we propose to
   utilize other protection mechanisms as replacements of PAWS when they
   are available.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-nishida-tcpm-disabling-paws/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-nishida-tcpm-disabling-paws-00
https://datatracker.ietf.org/doc/html/draft-nishida-tcpm-disabling-paws-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

v2.23.0 | Report a Bug | By Email