Re: [tcpm] TCP Long Options
"Anantha Ramaiah (ananth)" <ananth@cisco.com> Tue, 01 July 2008 17:47 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC4313A6BB6; Tue, 1 Jul 2008 10:47:27 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D3393A6BB6 for <tcpm@core3.amsl.com>; Tue, 1 Jul 2008 10:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.159
X-Spam-Level:
X-Spam-Status: No, score=-6.159 tagged_above=-999 required=5 tests=[AWL=0.441, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AbohO+WwkWB9 for <tcpm@core3.amsl.com>; Tue, 1 Jul 2008 10:47:25 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id 0589C3A6784 for <tcpm@ietf.org>; Tue, 1 Jul 2008 10:47:25 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,732,1204531200"; d="scan'208";a="47304452"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 01 Jul 2008 10:47:31 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m61HlVlG003823; Tue, 1 Jul 2008 10:47:31 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m61HlVhY010399; Tue, 1 Jul 2008 17:47:31 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 1 Jul 2008 10:47:30 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 01 Jul 2008 10:46:31 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC58056ADDF2@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <396556a20807010949i6c6c1d16g41c74e2f78414a92@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] TCP Long Options
Thread-Index: AcjbmoksLMF9/xvjTJa2AHeahYl44QABZLhQ
References: <396556a20807010949i6c6c1d16g41c74e2f78414a92@mail.gmail.com>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: Adam Langley <agl@imperialviolet.org>, tcpm@ietf.org
X-OriginalArrivalTime: 01 Jul 2008 17:47:30.0942 (UTC) FILETIME=[88FB61E0:01C8DBA2]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4772; t=1214934451; x=1215798451; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20RE=3A=20[tcpm]=20TCP=20Long=20Options |Sender:=20; bh=K5toAta09D9FgWx3e0t+goH3oKXMbmYwPTc8r3uOQls=; b=eJ8jiGueobPS6FqhWt9RNHYU/5bJe46XqWWBxn0T600cdERHXJ8TwM25zL JIXajZOQ15qe9MlPLn7Q9fXvgq0b1/ONgtJTZg29gU7UtasY8EwallXJ20og egzxOLtr0O;
Authentication-Results: sj-dkim-2; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Subject: Re: [tcpm] TCP Long Options
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
It is good call to revive this draft. Needless to mention, the TCP option space is exhausted and something needs to be done to fix it. When the discussions last came up, I voted in favor of taking this item up, and my viewpoint remains the same :-) I will give this new version, a read later. Thanks, -Anantha > -----Original Message----- > From: tcpm-bounces@ietf.org [mailto:itcpm-bounces@ietf.org] On > Behalf Of Adam Langley > Sent: Tuesday, July 01, 2008 9:50 AM > To: tcpm@ietf.org > Subject: [tcpm] TCP Long Options > > I've revived an old draft, with the original author's > permission: TCP Long Options[1] > > For a SYN packet with window scale, MSS, TS, SACK permitted > and MD5 options (and the associated word alignment padding) > we have already filled the 40 byte option space. Not to > mention that SACK permitted is a waste in such a packet since > no SACK blocks can fit in the following frames. > > TCP-AO will probably truncate the MAC by 4 bytes to add space > for a single SACK block, but even packets without > authentication options have only 20 bytes of option space > left in a typical SYN [2]. This is hampering experimentation, > esp in the cryptographic space because you can't fit even a > reasonable elliptic curve key in the remaining space[4]. Even > with the current feature set, extra SACK blocks are known to > be helpful in certain situations[3]. > > I suggest to the working group that reaching consensus on a > long options standard would be positive for TCP. > > http://www.ietf.org/internet-drafts/draft-eddy-tcp-loo-04.txt > > Experimental, Linux implementation: > > http://marc.info/?l=linux-netdev&m=121435555619591&w=2 > > Changes since 03 > > 1. Change the option numbers specified to placeholders: > "TBD-IANA-KIND1" and "TBD-IANA-KIND2". > > 2. Change the requirement that all segments include the LO option, > if negotiated, to a SHOULD NOT unless the options require it. > The reasoning behind the initial requirement was for > implementation ease but, having implemented it myself, the > ability to use the fast path processing for LO connections > outweighs that. > > 3. Change the units of the LO option from bytes to words. > This was > ambiguous in the 03 draft and, since padding to four bytes was > required anyway, it seemed best to remove one extra > way that the > option could be invalid. > > > [1] http://www.ietf.org/internet-drafts/draft-eddy-tcp-loo-04.txt > [2] SYN options take 20 bytes in modern Linux kernels with > default sysctl settings [3] > http://portal.acm.org/citation.cfm?id=1259591.1260102&coll=GUI > DE&dl=GUIDE > [4] Assuming this it isn't to be the last option ever, we > leave 4 bytes of space. With the 2 byte option header, we > have 14 bytes, or > 112 bits for a key. Using Pollard's Rho algorithm we need > 14*3 = 42 bytes to store a point. Granting the attacker only > 1 PB of space (approx cost < €200K) they can store 2**44 > points, so one in 2**12 points are distinguished. So the > attacker can break such a key almost > instantly: 2**12 operations on average. > > > AGL > > -- > Adam Langley agl@imperialviolet.org > http://www.imperialviolet.org > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm > _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] TCP Long Options Adam Langley
- Re: [tcpm] TCP Long Options Joe Touch
- Re: [tcpm] TCP Long Options Anantha Ramaiah (ananth)
- Re: [tcpm] TCP Long Options Adam Langley
- Re: [tcpm] TCP Long Options Eddy, Wesley M. (GRC-RCN0)[VZ]
- Re: [tcpm] TCP Long Options Caitlin Bestler
- Re: [tcpm] TCP Long Options Anantha Ramaiah (ananth)
- Re: [tcpm] TCP Long Options Joe Touch
- Re: [tcpm] TCP Long Options Adam Langley
- Re: [tcpm] TCP Long Options Joe Touch