IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Eric Rescorla <ekr@networkresonance.com> Wed, 28 January 2009 16:12 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0045528C176; Wed, 28 Jan 2009 08:12:18 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC44028C17C for <tcpm@core3.amsl.com>; Wed, 28 Jan 2009 08:12:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.559
X-Spam-Level:
X-Spam-Status: No, score=-2.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OMnnrfi1CiKz for <tcpm@core3.amsl.com>; Wed, 28 Jan 2009 08:12:15 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id DFEDD28C1E7 for <tcpm@ietf.org>; Wed, 28 Jan 2009 08:11:36 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 3799450822; Wed, 28 Jan 2009 08:27:56 -0800 (PST)
Date: Wed, 28 Jan 2009 08:27:56 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <497F7DDC.70309@isi.edu>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20090128162756.3799450822@romeo.rtfm.com>
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Tue, 27 Jan 2009 13:34:20 -0800,
Joe Touch wrote:
> I'll kick off discussion on this point on the list.
> 
> IMO, this mechanism is not viable for TCP-AO; it requires generating
> (and consuming) TCP segments that a native TCP would not generate. I was
> under the assumption that our design space was as close to TCP MD5 as
> possible, i.e., augment existing segments with a new option, but neither
> generate nor consume new segments.

I think it's important to separate two issues:

1. How can an implementation decide when it's safe to use a newly installed
   key?
2. How can an implementation help a peer implementation make that decision.

I think it's pretty clear that the most natural way to answer question
(1) is "when you see a segment protected with that key". Unfortunately,
this creates a deadlock problem since both sides are waiting for the
other side to use the key. Thus, we need a combination of two 
methods:

1. If a node has two keys, OLD and NEW, as soon as it sees a segment
   from the peer protected with NEW, it starts sending with NEW.
2. If a node has two keys, OLD and NEW, and it's still using OLD
   it occasionally experimentally sends a segment with NEW (probing).
   
Taken together, these rules allow a clean transition, since both
nodes are in probing state until one node receives a packet with
NEW, at which point it switches over and the peer soon follows.

The question then becomes how the probing mechanism works. At a 
high level, there are two options:

1. Probe with packets that the TCP stack would already send.
2. Generate new segments to use explicitly as probes.

The advantage of (1) is obviously minimal impact on the stack,
but may mean that segments are lost and could unless cere is taken,
exert false congestion feedback. The advantage of (2) is that it 
is less likely to create false congestion feedback, but it requires
more changes to the stack and of course creates additional traffic
on the wire. Greg's mechanism is of course of type (2).

-Ekr
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email