IETF Logo Mail Archive

Re: [tcpm] SYN/ACK Payloads, draft 01

Joe Touch <touch@ISI.EDU> Fri, 15 August 2008 16:35 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CBC6428C24A; Fri, 15 Aug 2008 09:35:57 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1375928C249 for <tcpm@core3.amsl.com>; Fri, 15 Aug 2008 09:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfYfo50d6hHe for <tcpm@core3.amsl.com>; Fri, 15 Aug 2008 09:35:56 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 3074F28B797 for <tcpm@ietf.org>; Fri, 15 Aug 2008 09:35:56 -0700 (PDT)
Received: from [75.211.28.114] (114.sub-75-211-28.myvzw.com [75.211.28.114]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m7FGYxpr000437 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 15 Aug 2008 09:35:02 -0700 (PDT)
Message-ID: <48A5B003.5070408@isi.edu>
Date: Fri, 15 Aug 2008 09:34:11 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Adam Langley <agl@imperialviolet.org>
References: <396556a20808111035s2b974233o1e9d3671e82e3350@mail.gmail.com> <000301c8fc81$8e02d470$aa087d50$@pt> <396556a20808120914k6d087534o5c34dfd51dd7d1c5@mail.gmail.com> <000b01c8fc9f$4d9f3c20$e8ddb460$@pt> <396556a20808121155h4e3c551aqcf5260d551bcdd4a@mail.gmail.com> <78C9135A3D2ECE4B8162EBDCE82CAD77040E3E2E@nekter> <396556a20808141014m459e07ebh667aaee60e355ac9@mail.gmail.com> <78C9135A3D2ECE4B8162EBDCE82CAD77040E3F07@nekter> <396556a20808141341p5cb6f6b6m59c95094517a142f@mail.gmail.com> <48A563F1.8060607@0x63.nu> <396556a20808150757n576ebcd7ie12f44034cc26321@mail.gmail.com>
In-Reply-To: <396556a20808150757n576ebcd7ie12f44034cc26321@mail.gmail.com>
X-Enigmail-Version: 0.95.7
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, Anders Waldenborg <anders@0x63.nu>
Subject: Re: [tcpm] SYN/ACK Payloads, draft 01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Adam Langley wrote:
> On Fri, Aug 15, 2008 at 4:09 AM, Anders Waldenborg <anders@0x63.nu> wrote:
>> Doesn't SA payloads open up for DoS-amplification (attacker would send SYN
>> packets to your SMTP server with spoofed source address to send more data to
>> victim then would be possible by sending them directly to victim)?
> 
> It's certainly a consideration, which is why the draft recommended
> that 64 bytes be the maximum payload size. At this size there are more
> juicy targets for amplification, like DNS servers.

FWIW, since this is payload data, the size of the data is an
implementation detail - unless, as I've noted, you're changing the
semantics of TCP from a byte stream to delineated messages.

(yes, you're already changing the semantics from one where connection
info is available only after TWHS to one that allows info to be used by
the app before the TWHS completes, which is a different issue)

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkilsAMACgkQE5f5cImnZrukEgCgmJ8EMS2Ok5wrxzMl9IpziV9w
tGgAnj2Lc1kNceJVbamjJvUMnP21TRzH
=G70K
-----END PGP SIGNATURE-----
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email