Re: [tcpm] More option space on any segment: draft-briscoe-tcpm-inner-space-00 (was syn-op-sis-02)
Bob Briscoe <bob.briscoe@bt.com> Mon, 27 October 2014 18:05 UTC
Return-Path: <bob.briscoe@bt.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6D71A8915 for <tcpm@ietfa.amsl.com>; Mon, 27 Oct 2014 11:05:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tiSgOpqnqv81 for <tcpm@ietfa.amsl.com>; Mon, 27 Oct 2014 11:05:25 -0700 (PDT)
Received: from hubrelay-by-04.bt.com (hubrelay-by-04.bt.com [62.7.242.140]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00A671A892E for <tcpm@ietf.org>; Mon, 27 Oct 2014 11:05:22 -0700 (PDT)
Received: from EVMHR72-UKRD.domain1.systemhost.net (10.36.3.110) by EVMHR04-UKBR.bt.com (10.216.161.36) with Microsoft SMTP Server (TLS) id 8.3.348.2; Mon, 27 Oct 2014 18:06:27 +0000
Received: from EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) by EVMHR72-UKRD.domain1.systemhost.net (10.36.3.110) with Microsoft SMTP Server (TLS) id 8.3.348.2; Mon, 27 Oct 2014 18:05:18 +0000
Received: from bagheera.jungle.bt.co.uk (132.146.168.158) by EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) with Microsoft SMTP Server id 14.3.181.6; Mon, 27 Oct 2014 18:05:18 +0000
Received: from BTP075694.jungle.bt.co.uk ([10.109.159.243]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id s9RI5EIs016509; Mon, 27 Oct 2014 18:05:15 GMT
Message-ID: <201410271805.s9RI5EIs016509@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 27 Oct 2014 18:05:06 +0000
To: Joe Touch <touch@isi.edu>
From: Bob Briscoe <bob.briscoe@bt.com>
In-Reply-To: <54455A68.9040708@isi.edu>
References: <201410200058.s9K0wQnS014207@bagheera.jungle.bt.co.uk> <54455A68.9040708@isi.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/D96_8Xvdn9CG_baJWhN60J-AafA
Cc: tcpm IETF list <tcpm@ietf.org>
Subject: Re: [tcpm] More option space on any segment: draft-briscoe-tcpm-inner-space-00 (was syn-op-sis-02)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 18:05:28 -0000
Joe, At 18:54 20/10/2014, Joe Touch wrote: >On 10/19/2014 5:58 PM, Bob Briscoe wrote: > > Chairs and list, > > > > My individual draft has a new file-name (and title): inner-space-00 > > <https://tools.ietf.org/html/draft-briscoe-tcpm-inner-space-00> > > This is a major rev of syn-op-sis-02 > > <https://tools.ietf.org/html/draft-briscoe-tcpm-syn-op-sis-02>, but I > > won't be using that name any more. > > Sorry to confuse everyone by changing the name. But the old name was no > > longer relevant. > > > > I believe the new Inner Space protocol could be a significant advance > > for TCP. > >IMO, you're on the path to implementing TCP inside TCP. > >That is, right up until a middlebox starts parsing and modifying the >inner TCP, at which point you'll need TCP-in-TCP-in-TCP, ad infinitum. Nope. Here's a bulleted summary of the section in inner-space that explains why this could be a permanent stop on middleboxes, not just a step in an arms race. Of course, I can't predict for certain what the operators will buy, but this is a plausible argument: non-goal * evasion of security middleboxes they will evolve to check Inner Options goal * Inner Space deployed for something useful (e.g. tcpcrypt) traverses most middleboxes, so reaches critical mass can deploy integrity protection over TCP Data (cannot protect Outer Options for consumer Internet today would fail too often) * raises stakes then tampering with Inner Options will break comms, not just the theoretical potential benefit of a new option * puts security middlebox designers on the back foot blocking comms just 'cos options are non-typical will not sell distinguishing attacks from the latest advances will sell result * mess with options and you shoot yourself in the foot For full text, see <https://tools.ietf.org/html/draft-briscoe-tcpm-inner-space-00#section-3.2.2> >IMO this whole exercise is a significant step backwards, except as a >good example of why we need constraints for middleboxes. It /is/ about constraining future middleboxes. But you have to provide something useful as well, to get it deployed. And that means getting thru today's middleboxes first. It's fairly pointless trying to constrain deployment of middleboxes that are already deployed. That horse has bolted. Bob >Joe ________________________________________________________________ Bob Briscoe, BT