Re: [tcpm] WGLC for UTO
Lars Eggert <lars.eggert@nokia.com> Wed, 31 October 2007 16:31 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1InGTV-0004co-0H; Wed, 31 Oct 2007 12:31:25 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1InGTT-0004Z2-DX for tcpm-confirm+ok@megatron.ietf.org; Wed, 31 Oct 2007 12:31:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1InGTT-0004Yu-3e for tcpm@ietf.org; Wed, 31 Oct 2007 12:31:23 -0400
Received: from smtp.nokia.com ([131.228.20.172] helo=mgw-ext13.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1InGTL-0006Y1-Ee for tcpm@ietf.org; Wed, 31 Oct 2007 12:31:23 -0400
Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext13.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l9VGUfEk001896; Wed, 31 Oct 2007 18:31:10 +0200
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 31 Oct 2007 18:30:50 +0200
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 31 Oct 2007 18:30:50 +0200
Received: from mgw-int01.ntc.nokia.com ([172.21.143.96]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 31 Oct 2007 18:30:49 +0200
Received: from [172.21.35.97] (esdhcp03597.research.nokia.com [172.21.35.97]) by mgw-int01.ntc.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l9VGUldL022854; Wed, 31 Oct 2007 18:30:48 +0200
In-Reply-To: <4728A553.2020300@isi.edu>
References: <20071015161355.CDC992CA32C@lawyers.icir.org> <44C4AF94-CC5D-4702-914E-764583E2AADA@nokia.com> <78C9135A3D2ECE4B8162EBDCE82CAD77026345DE@nekter> <4717E7D6.7000407@isi.edu> <14C200C0-73DE-4550-A1E2-5B43BEE29BAF@nokia.com> <472756CC.8070809@isi.edu> <582A6F13-12CC-4B5C-8415-CBDAD73116AA@nokia.com> <4728A553.2020300@isi.edu>
Mime-Version: 1.0 (Apple Message framework v752.3)
Message-Id: <6B3D5E1D-F2DA-428C-AAEF-6F548F48F4F5@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
Subject: Re: [tcpm] WGLC for UTO
Date: Wed, 31 Oct 2007 18:30:47 +0200
To: ext Joe Touch <touch@ISI.EDU>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 31 Oct 2007 16:30:49.0230 (UTC) FILETIME=[655ADAE0:01C81BDB]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ec7c6dab5a62df223002ae71b5179d41
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1920564859=="
Errors-To: tcpm-bounces@ietf.org
On 2007-10-31, at 17:54, ext Joe Touch wrote: > Lars Eggert wrote: >> On 2007-10-30, at 18:07, ext Joe Touch wrote: >>> Lars Eggert wrote: >>>> The intent was to make UTO work with SYN cookie implementations >>>> that >>>> can't encode whether a UTO option was present in the cookie, by >>>> including the option also in the first non-SYN packets. >>> >>> That should be deemed non-compliant. The point of the SYN cookie >>> is to >>> reestablish the entirety of state that would have been >>> established by >>> the SYN; if the cookie can't do that, a cookie should not be used. >> >> Well, if the SYN requests (many) options and the receiver cannot >> encode >> them all in the cookie, it can always reply with a SYN-ACK that only >> echoes those that it can and does encode. That's compliant, no? > > It is, but only if current SYN cookie responses for stacks that don't > support UTO could be detected. I'm not sure that's possible. Can you rephrase? I don't follow. (Maybe it's too late in the day here.) >>> TCP has no provisions for post-SYN establishment of new >>> connection state >>> AFAIK. Requiring this of this option would be new, and, IMO, a bit >>> confusing for designers. What happens if the post-SYN packet >>> lacks the >>> option? do you declare state mis-synchronization and drop it? >> >> No - the UTO option is purely advisory and not transmitted >> reliably. We >> had a long thread a while ago on the list that boiled down to that >> consensus. (I can dig it up if you like me to.) The gist was that it >> should be OK these days to send new options during a connection, >> even if >> the SYN exchange didn't negotiate their use. > > Then there's no point in having the SYN cookie encode anything. If the SYN cookie could always encode the UTO value, we didn't need to also include a UTO with the first non-SYN packet. But I don't know of any SYN cookie encoding that can. (And SYN cookies aren't standardized anyway.) All this is a very narrow corner case anyway. The main motivation for sending UTO twice (in the SYN and first non-SYN segment) was to make sure it takes effect as early as possible in the connection. If this is a showstopper, we could remove the recommendation to send it in the SYNs and only recommend to send it in the first non-SYN. > Receivers that implement SYN cookies MAY drop the option; senders > sending UTO have no reason to resend, since it's 'advisory and not > transmitted reliably'. > > I.e., you can't have it both ways. If this is truly unreliable, then > there is NO reason to ever retransmit it. The reason we special-cased this is that we know of a case (SYN cookies) where a UTO on the SYN will be "dropped" (because it can't be encoded). As I said above, we can remove this special case, if people feel this is cleaner. >> We can add that TCP should try for a few segments to include a TO >> option >> if it wants to send one, but I don't think notifying the >> application on >> failure is necessary, because UTO options are advisory and not >> transmitted reliably. Not being able to include it locally is >> equivalent >> to having the segment that it was included on being dropped in the >> network. > > Again, if that's the case, then try to send it ONCE. Never retry - > there's no point. It was YOUR suggestion in an earlier email to try and include a UTO in one of a small sequence of a few consecutive segments if option space limitation prevented sending it on the next outgoing segment. The draft doesn't have this. >>> Can someone on the path do something you don't want to your >>> connection >>> by tacking this option on? >> >> So that's a different question than your original one, which was >> changing the value very frequently. >> >> An attacker that adds or modifies the content of UTO options may >> be able >> to affect how long the ends keep the connection alive. Since UTO is >> advisory, an attacker can't really do anything to the connection that >> couldn't happen anyway. > > I'm not sure that's true; even though it's advisory, it can cause a > change in behavior - if not, then there's no point in sending it. An > attacker could cause large UTOs for receivers that act on the option, > which could cause a DOS opportunity. Sure, but nothing in TCP is resistant against on-path attackers. We can certainly mention that there is a danger, but an on-path attacker can do all sorts of other things to a connection. >>>>> About retransmission, IMO, it SHOULD be done - or else what's >>>>> the point >>>>> of this? >>>> >>>> Is this related to your previous comment? If so, there was >>>> consensus to >>>> not make UTO reliable, i.e., retransmit lost options. >>> >>> I have no idea what the point of an unreliable option on a reliable >>> transport protocol means. IMO, options should be retransmitted when >>> their associated segments are. The control protocol ought to be >>> at least >>> as robust as the data. Although I appreciate that UTO isn't as >>> critical >>> as some other options or flags, introducing nondeterminism at >>> this level >>> doesn't seem appropriate, IMO. >> >> We had a long discussion on this a year or two ago on this list. The >> outcome was that because UTO is advisory, a simple, unreliable >> transmission is sufficient. We can certainly revisit this >> decision, but >> I'd personally would like to see strong WG consensus on changing this >> pretty central assumption behind UTO this late in the game. > > Agreed. Noted. Thanks, Lars
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] WGLC for UTO Mark Allman
- [tcpm] WGLC for UTO Mark Allman
- RE: [tcpm] WGLC for UTO toby.moncaster
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO Pasi Sarolahti
- Re: [tcpm] WGLC for UTO Mark Allman
- Re: [tcpm] WGLC for UTO Pasi Sarolahti
- Re: [tcpm] WGLC for UTO Joe Touch
- [tcpm] Re: WGLC for UTO Mark Allman
- Re: [tcpm] WGLC for UTO Pasi Sarolahti
- Re: [tcpm] WGLC for UTO Joe Touch
- RE: [tcpm] WGLC for UTO Caitlin Bestler
- Re: [tcpm] WGLC for UTO Joe Touch
- Re: [tcpm] WGLC for UTO Brian Dickson
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO Joe Touch
- RE: [tcpm] WGLC for UTO Caitlin Bestler
- Re: [tcpm] WGLC for UTO Joe Touch
- RE: [tcpm] WGLC for UTO Caitlin Bestler
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO Joe Touch
- RE: [tcpm] WGLC for UTO Caitlin Bestler
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO Joe Touch
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO Ted Faber
- Re: [tcpm] WGLC for UTO Joe Touch
- Re: [tcpm] WGLC for UTO Joe Touch
- RE: [tcpm] WGLC for UTO toby.moncaster
- Re: [tcpm] WGLC for UTO Lars Eggert
- Re: [tcpm] WGLC for UTO (fwd) Alfred Hönes
- Re: [tcpm] WGLC for UTO (fwd) Lars Eggert