Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG
Christian Grothoff <christian@grothoff.org> Tue, 19 August 2014 19:04 UTC
Return-Path: <christian@grothoff.org>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 298671A0715; Tue, 19 Aug 2014 12:04:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.85
X-Spam-Level:
X-Spam-Status: No, score=-3.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xue1sEtyFyQg; Tue, 19 Aug 2014 12:04:14 -0700 (PDT)
Received: from smtp1.informatik.tu-muenchen.de (mail-out1.informatik.tu-muenchen.de [131.159.0.8]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515F11A05D1; Tue, 19 Aug 2014 12:04:14 -0700 (PDT)
Received: from [192.168.178.20] (pd95c0f92.dip0.t-ipconnect.de [217.92.15.146]) by mail.net.in.tum.de (Postfix) with ESMTPSA id 4A61B191C878; Tue, 19 Aug 2014 21:04:11 +0200 (CEST)
Message-ID: <53F39FAC.9070500@grothoff.org>
Date: Tue, 19 Aug 2014 21:04:12 +0200
From: Christian Grothoff <christian@grothoff.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.7.0
MIME-Version: 1.0
To: Hagen Paul Pfeifer <hagen@jauu.net>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com> <CAFggDF2jhQPz0Eez=AU9M-k862wD_=VSyVpXtRAjT4zC6H4tgA@mail.gmail.com> <1408397675.299896.154112109.6F69043F@webmail.messagingengine.com> <8c5f6a1e9f2340e48e25dd151406b7d3@hioexcmbx05-prd.hq.netapp.com> <1408401991.317123.154137701.0A30F30C@webmail.messagingengine.com> <CAPh34meB=EtgNu=_eBS6ekB20fRccAqXFWydkCWG+6VKSa98rg@mail.gmail.com> <CAFggDF39L+kLQLmiWJR3q6suPOtYmKJiJUqp0kBv7GjUtNVOjA@mail.gmail.com> <CAPh34mdPtKvVJ2FfshPFwrwRDOw9CxxHT4ZTFYZZEVSoKOEq0A@mail.gmail.com> <53F3970D.5080906@grothoff.org> <CAPh34mf2rnNuM=YZ1uin1_PtkB8buOskMtf3NAJMOwdFeMe9MQ@mail.gmail.com>
In-Reply-To: <CAPh34mf2rnNuM=YZ1uin1_PtkB8buOskMtf3NAJMOwdFeMe9MQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/EJQu_tm7rVC8bUAsr617h5kcJek
X-Mailman-Approved-At: Wed, 20 Aug 2014 08:04:35 -0700
Cc: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2014 19:04:17 -0000
On 08/19/2014 08:59 PM, Hagen Paul Pfeifer wrote: > On 19 August 2014 20:27, Christian Grothoff <christian@grothoff.org> wrote: > >> You clearly also deliberately missunderstand the difference between >> design / specification / mechanism, and the reality of an implementation. > > No, I don't. But you are right, we should talk about implementation issues. > >> Prove is a strong word. Now, I would not mind if the standard included >> some strong wording on using a random TSval in combination with TCP >> Stealth by default. But, as was pointed out, due to some NATs messing >> with TSvals, we decided to keep it optional, as opposed to mandatory. >> But I think that is a point I would be open to discuss, as it is really >> a trade-off. > > TSvals *are* optional, you propose TCP stealth should depend on an > "optional option"? What I said is that if possible, clients should use TCP stealth in combination with this optional option. As it is an option, we did not make it mandatory, but I think it is totally acceptable to recommend using the option. > I clearly see problems here because they can be > filtered, disabled or simple the limited option space is exhausted by > other options. We do have a measurement study on this in Julian's master's thesis. Yes, it does happen, but it is uncommon. > What about PAWS? What about ISN duplicates and how are > these handled (and differentiated)? We discuss TCP SYN retransmissions in the draft.
- [tcpm] TCP Stealth - possible interest to the WG Scheffenegger, Richard
- Re: [tcpm] TCP Stealth - possible interest to the… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] TCP Stealth - possible interest to the… Ted Faber
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Florian Westphal
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Florian Westphal
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Yoshifumi Nishida
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Daniel Borkmann
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Joe Touch
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Joe Touch
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff