IETF Logo Mail Archive

Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt

Joe Touch <touch@isi.edu> Mon, 03 June 2013 16:59 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A2521F9638 for <tcpm@ietfa.amsl.com>; Mon, 3 Jun 2013 09:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygHEblm2CLX4 for <tcpm@ietfa.amsl.com>; Mon, 3 Jun 2013 09:59:28 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 91DBC21F8F38 for <tcpm@ietf.org>; Mon, 3 Jun 2013 09:59:28 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id r53GwXrw017103 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 3 Jun 2013 09:58:33 -0700 (PDT)
Message-ID: <51ACCB34.6010205@isi.edu>
Date: Mon, 03 Jun 2013 09:58:28 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Pasi Sarolahti <pasi.sarolahti@iki.fi>
References: Your message of Fri, 31 May 2013 10:24:59 -0700. <51A8DCEB.2090401@isi.edu> <E1UiUMS-00074F-00@www.xplot.org> <26227_1370095078_51A9FDE5_26227_5079_1_012C3117EDDB3C4781FD802A8C27DD4F24BBF87A@SACEXCMBX02-PRD.hq.netapp.com> <CAAF1A05-1511-410F-9209-C46B5AE27E10@iki.fi>
In-Reply-To: <CAAF1A05-1511-410F-9209-C46B5AE27E10@iki.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm@ietf.org Extensions" <tcpm@ietf.org>, Tim Shepard <shep@alum.mit.edu>, Fernando Gont <fgont@si6networks.com>
Subject: Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2013 16:59:34 -0000

Hi, Pasi,

On 6/3/2013 3:18 AM, Pasi Sarolahti wrote:
>
> On Jun 1, 2013, at 4:57 PM, "Scheffenegger, Richard" <rs@netapp.com> wrote:
>
>> I agree with your reasoning, and think that IF Tsopt was
>> established, under the current semantics, subsequent segments
>> without Tsopt MUST not be accepted.
>
> This is true for reliable operation of PAWS, but I did not find any
> language in RFC 1323 that speaks about the situation when a segment
> is received without timestamp. Instead, the way how R1 was written
> "if there is a timestamp option and [...Ts conditions...] then treat
> the arriving segment as not acceptable" easily leads to
> interpretation that segment that arrives without timestamp is
> acceptable.

I disagree with your logic.

On connections that successfully negotiate TSopt, a segment lacking 
TSopt has insufficient information to be considered "acceptable", which 
to me indicates that it is "not acceptable".

I.e., we agree that a segment lacking TSopt has insufficient info; so do 
we assume that such a segment is in-window? or not?

Assuming such a segment is acceptable effectively disables PAWS.

> So the implementations that accept such segments are
> compliant with RFC 1323 in my reading, even if it opens a window of
> possible failure to the PAWS check.

RFC1323 does not specifically address segments lacking TSopt in the PAWS 
section. IMO, you can't claim compliance, but you can claim it doesn't 
violate it if you want - but I don't see the point in that.

> If we want reliable PAWS, I agree that "MUST not be accepted" is
> needed, but it seems that practical deployments have opted for
> imperfect PAWS in favor of being able to deal with problematic
> middleboxes in the network (or whatever other reason), no matter how
> rare those might be. I guess this is one of the principle vs.
> practice issues that implementations need to face these days. If we
> include this as MUST, I think it would be appropriate to note that
> many (or most?) current implementations do not have it (i.e., we do
> not necessarily know about all the deployment implications, referring
> to the discussion in middlebox part), and also note the check wasn't
> required by RFC 1323 (but this might have been an oversight).

I agree that we should note that 1323 doesn't address the case of TSopt 
being dropped or selectively omitted after being negotiated, and that 
the current recommendation may cause some broken middlebox behavior to 
be detected.

Joe

v2.23.0 | Report a Bug | By Email