Re: [tcpm] SYN/ACK Payloads, draft 01

"Caitlin Bestler" <Caitlin.Bestler@neterion.com> Fri, 15 August 2008 16:57 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F5FD3A68F9; Fri, 15 Aug 2008 09:57:17 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6C5173A68F9 for <tcpm@core3.amsl.com>; Fri, 15 Aug 2008 09:57:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m-q5Ut8Wa-pH for <tcpm@core3.amsl.com>; Fri, 15 Aug 2008 09:57:14 -0700 (PDT)
Received: from owa.neterion.com (mx.neterion.com [72.1.205.142]) by core3.amsl.com (Postfix) with ESMTP id 47F333A687A for <tcpm@ietf.org>; Fri, 15 Aug 2008 09:56:57 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 15 Aug 2008 12:56:24 -0400
Message-ID: <78C9135A3D2ECE4B8162EBDCE82CAD770417B3EE@nekter>
In-Reply-To: <48A5B003.5070408@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] SYN/ACK Payloads, draft 01
Thread-Index: Acj+9QP9J4CFMrl7RZG3KJwordCtbAAAme4A
References: <396556a20808111035s2b974233o1e9d3671e82e3350@mail.gmail.com> <000301c8fc81$8e02d470$aa087d50$@pt> <396556a20808120914k6d087534o5c34dfd51dd7d1c5@mail.gmail.com> <000b01c8fc9f$4d9f3c20$e8ddb460$@pt> <396556a20808121155h4e3c551aqcf5260d551bcdd4a@mail.gmail.com> <78C9135A3D2ECE4B8162EBDCE82CAD77040E3E2E@nekter> <396556a20808141014m459e07ebh667aaee60e355ac9@mail.gmail.com> <78C9135A3D2ECE4B8162EBDCE82CAD77040E3F07@nekter> <396556a20808141341p5cb6f6b6m59c95094517a142f@mail.gmail.com> <48A563F1.8060607@0x63.nu><396556a20808150757n576ebcd7ie12f44034cc26321@mail.gmail.com> <48A5B003.5070408@isi.edu>
From: "Caitlin Bestler" <Caitlin.Bestler@neterion.com>
To: "Joe Touch" <touch@ISI.EDU>, "Adam Langley" <agl@imperialviolet.org>
Cc: tcpm@ietf.org, Anders Waldenborg <anders@0x63.nu>
Subject: Re: [tcpm] SYN/ACK Payloads, draft 01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

Joe Touch wrote:
> 
> >
> > It's certainly a consideration, which is why the draft recommended
> > that 64 bytes be the maximum payload size. At this size there are
> more
> > juicy targets for amplification, like DNS servers.
> 
> FWIW, since this is payload data, the size of the data is an
> implementation detail - unless, as I've noted, you're changing the
> semantics of TCP from a byte stream to delineated messages.
> 
> (yes, you're already changing the semantics from one where connection
> info is available only after TWHS to one that allows info to be used
by
> the app before the TWHS completes, which is a different issue)
> 

If this were to move forward, the Security Considerations would need
to document the amplification attack, and probably have SHOULD language
about a default maximum packet size.

But this is probably not something that the TCP stack should enforce.
There are many situations where the system administrator would have
valid reasons for knowing that a DoS was already blocked by other means.

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm