Re: [tcpm] AccECN field order

"Scharf, Michael" <> Tue, 17 November 2020 08:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9BB623A03F3; Tue, 17 Nov 2020 00:11:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XPnpVhw-1XqT; Tue, 17 Nov 2020 00:11:06 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A58ED3A0E3C; Tue, 17 Nov 2020 00:10:30 -0800 (PST)
Received: from localhost (localhost.localdomain []) by (Postfix) with ESMTP id 0EB7525A15; Tue, 17 Nov 2020 09:10:29 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1605600629; bh=bJbkY24tYCz6JVQ7kw/T5tpPKW/3nw04mj4Cww/SA8c=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=kqriUfBhhgROK+Z5I2XurEwop6YNtw0lL1pKDds73tCwnQjup5r2PjHm9OlFYDwQ0 zruXKFeRpXSVClPk5qPSxEm/30nNzowohU30UetuIGCCGU8o4aSJBlM8AvOIy3G1El jLeTRTHmjCpxXd2oSb6cfjlR2qbhtFeKOeyuk10M=
X-Virus-Scanned: by amavisd-new-2.7.1 (20120429) (Debian) at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1fftQpAtbu66; Tue, 17 Nov 2020 09:10:26 +0100 (CET)
Received: from ( []) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS; Tue, 17 Nov 2020 09:10:26 +0100 (CET)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Tue, 17 Nov 2020 09:10:26 +0100
Received: from ([fe80::aca4:171a:3ee1:57e0]) by ([fe80::aca4:171a:3ee1:57e0%3]) with mapi id 15.01.1979.006; Tue, 17 Nov 2020 09:10:26 +0100
From: "Scharf, Michael" <>
To: Bob Briscoe <>, Yoshifumi Nishida <>
CC: Michael Tuexen <>, "" <>, Mirja Kuehlewind <>, "Scheffenegger, Richard" <>, tcpm IETF list <>
Thread-Topic: AccECN field order
Thread-Index: AQHWvDjFKAN34ufmsUi0uesNI2lMmanK+nPQgAC8GACAADPpcA==
Date: Tue, 17 Nov 2020 08:10:26 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: de-DE, en-US
Content-Language: de-DE
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_30781ea61a794131beafe9997ed9221ahsesslingende_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [tcpm] AccECN field order
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Nov 2020 08:11:10 -0000


I am fine with the two option kinds proposed in -13, but I don’t buy your arguments why this encoding is better than others.

Most importantly, I don’t think that your “forward compatibility” argument is a very compelling reason for two codepoints. All proposals I am aware of have their pros and cons. And I am not aware of a really comprehensive discussion. At least neither the e-mail below nor today’s meeting discuss all tradeoffs I would investigate.

For instance, the benefit of the length encoding variant would be to consume only one TCP option codepoint now. If we decided later to that a flag byte is needed (say, at the end), a follow-up proposed standard could specify another option format with that flag byte, using a second codepoint.

Regarding the resulting codepoint consumption (two option kinds) and the addition of a flag byte, this approach would basically end up with the same result as the current proposal in -13 plus some hypothetical future addition leveraging the length field beyond the currently known use.

And, yes, the length encoding variant may be less flexible and/or consume some more bits in some cases, but on the plus side it only needs one codepoint now – and given that it is entirely unclear whether any AccECN option will indeed be widely used in future, this is a big plus. The fact that implementers are quite silent on the option design is not a good sign.

To me, one potential difference between two proposals would be incremental deployment. The proposal in -13 only has an advantage if middleboxes such as firewalls will indeed pass TCP options with a format that contains content beyond the (first) Accurate ECN standard (i.e., currently unused length values). IMHO it is too early to know whether firewalls would indeed allow this in future.

From a security perspective, it is not clear to me whether allowing arbitrary unspecified bytes in a TCP option is a good idea *at all*. It will be interesting to hear the opinion from SEC area on that. Personally, I am not convinced that this really makes sense, but I my concerns are not strong enough to formally push back. I’ll leave it to others to think about whether this is a bug or a feature.

Maybe one lesson learnt is that the document could have a non-normative appendix that explains the rationale for the finally picked TCP option encoding. That may also help if there are further questions whether two codepoints are really required, e.g. by the IESG (if two codepoints are still the design after WGLC). At least for past TCP option codepoint allocations I recall some discussions late in the IETF process. In those past cases, good arguments in an appendix and running code has helped a lot.


From: Bob Briscoe <>
Sent: Tuesday, November 17, 2020 6:10 AM
To: Scharf, Michael <>; Yoshifumi Nishida <>
Cc: Michael Tuexen <>;; Mirja Kuehlewind <>; Scheffenegger, Richard <>; tcpm IETF list <>
Subject: Re: AccECN field order

On 16/11/2020 17:36, Scharf, Michael wrote:

One proposal using the length field with *one option codepoint only* is detailed in:

It is the third option mentioned in this e-mail. One example would be to use option length values 5/8/11 for one encoding type and option length values 6/9/12 for the other encoding type (i.e., order of fields). Or one could use some other combination of length values – the only requirement is that a certain value for the option length is only used by one of the option formats. In that approach, the value of the length field would thus directly describe the encoding of the option. Unless I miss something, this would work and it would just require one option codepoint.

Thus, alternatives to two option codepoints exist and I have explained them on the list in March 2020.

OK, sorry, yes, I remember this now.

As I will explain in the AccECN status update talk today in virtual Bangkok, the draft has made provision for different length values than 5/8/11. It says existing implementations MUST accept length values other than those currently defined. But then read in as many whole 3-byte fields as they can.

This can be used to add a flags byte on the end in future, for extensibility. Or any other form of extensibility the WG might decide in the future.

I know a flags byte at the end seems odd compared to at the beginning. But (if decided it's needed in future) it's reasonably easy to implement by reading the whole option, then processing the last byte, before reading the rest of the option.

I believe you will agree that this is a better way to utilize different lengths.

And thank you for repeatedly emphasizing that you're happy with the 2-kind scheme, or other alternatives.


Anyway, I don’t really care how the options are encoded as long as the receiver doesn’t need per-connection state for decoding a TCP option. So, personally, I would be fine with using e.g. the length field as described in my old e-mail. Or an additional flag byte. And one could come up with further encodings, e.g., by using one or a few bits as a short “type” field for each counter. This is all about protocol engineering. And all these variants have their pros and cons.

I am also fine with using two option codepoints as specified in -13; this is probably the approach that consumes the least number of bits.

Michael (w/o any hat)

From: Bob Briscoe <><>
Sent: Monday, November 16, 2020 5:52 PM
To: Yoshifumi Nishida <><>
Cc: Scharf, Michael <><>; Michael Tuexen <><>;<>; Mirja Kuehlewind <><>; Scheffenegger, Richard <><>; tcpm IETF list <><>
Subject: AccECN field order

Yoshi, (adding the tcpm list in cc)
On 05/11/2020 06:58, Yoshifumi Nishida wrote:
Hi Bob,

On Wed, Nov 4, 2020 at 3:29 PM Bob Briscoe <<>> wrote:
On 04/11/2020 06:51, Yoshifumi Nishida wrote:
Hi, folks,

In my understanding, I'm not sure if we settled down on using two option kinds or encoding schemes for 24bits fields in acc ecn draft.
So, I think there're still something to be clarified and hope things will be settled at the meeting.

[BB] I know a WG can change it's mind at any time. But I'd rather we just clarified what a previous decision was, to avoid the need to keep re-opening discussion on a question that have been decided then changed three different ways already.

My memory is not so good these days. I trusted that Michael S remembered the decision correctly, and I seem to remember that decision being made.
I've just checked the minutes of the last interim:
and they mention Michael's proposal to use two kinds, but don't record any decision.
The jabber log gives no clues about any decision.

I can't find an audio or video recording. Can you point me at one?

I thought that it's because there was no clear decision at the meeting.
But, you can check
Please let us know if you have any questions or opinions with regard to this.

[BB] I checked the Youtube link you sent below.

First I think we're agreed no-one was fighting for us to keep the previous way we did this (using the initial value of the field to set the order for the connection).
In my presentation I said there was strong resistance from Michael to do it a different way.
(also, offlist, the co-authors including me also didn't like this so much. And Ilpo said it made the implementation complex.)

Then came the question of what we do instead. There were three alternative proposals:
a) use 2 option kinds
b) add a flags byte
c) somehow use the length field maybe

Michael raised (c) in the meeting as a possibility, but no-one could think how to distinguish two options of the same length but a different field order using the length field. Michael said he'd post any ideas to the list if he could think of any, but that didn't happen.

So we're left choosing between (a) and (b).
I said in the meeting (and on the list when discussing with Ilpo) that I'd be happy to go with (b), but only if there was another use for a flag. Because it would consume 1B more options space in many packets, which is a scarce resource.

Ilpo had a proposed use for another flag (to help synch counters after a loss), but I think the discussion about it ended that it wouldn't be helpful, 'cos the way it worked depended on itself (circular logic).

In conclusion, I don't think there was an explicit decision to go with 2 option kinds, but it ended up as the 'last person standing'.
I like it. It's simple. And apparently option kinds are not such a scarce resource.

Perhaps we can ratify this in the WG tomorrow.





Bob Briscoe                     



Bob Briscoe