IETF Logo Mail Archive

Re: [tcpm] 64-bit sequence numbers

Joe Touch <touch@isi.edu> Wed, 15 March 2017 20:26 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 968F513181F for <tcpm@ietfa.amsl.com>; Wed, 15 Mar 2017 13:26:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IF36DSgJCoAw for <tcpm@ietfa.amsl.com>; Wed, 15 Mar 2017 13:26:17 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D785131827 for <tcpm@ietf.org>; Wed, 15 Mar 2017 13:26:17 -0700 (PDT)
Received: from [128.9.184.222] ([128.9.184.222]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id v2FKPQcA011213 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 15 Mar 2017 13:25:27 -0700 (PDT)
To: Jonathan Looney <jtl.ietf@gmail.com>, tcpm@ietf.org
References: <CAJrujPmZ-H3YfBGpz4D=5K6EH=+XrgN9Hf4Pk3NVgFT47R-7uQ@mail.gmail.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <c00dcd80-436e-d614-ffe2-135c0466f834@isi.edu>
Date: Wed, 15 Mar 2017 13:25:27 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAJrujPmZ-H3YfBGpz4D=5K6EH=+XrgN9Hf4Pk3NVgFT47R-7uQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/PX1z1mE831LDQQlg_3qCVOHQ-hs>
Subject: Re: [tcpm] 64-bit sequence numbers
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 20:26:19 -0000

Hi, Jonathan (et al.),

A few issues:

1) why do you want to use all 64 bits for the TCP-AO MAC, but only the
low 32 bits for the KDF? The latter won't help with backward
compatibility, so why do this? FWIW, one mode of TCP-AO ignores options;
I don't see how you can say "ignore options" (experimental - RFC6978).
This doc probably needs to explain what happens when "ignore options" is
set (for NAT traversal), i.e., the sequence number extensions will be
ignored completely for TCP-AO in that case, AFAICT.

2) the doc should address how to handle RSTs, esp. if the state goes
away. It seems like a connection negotiated with 64-bit sequence numbers
can't ever be reset if the connection state is lost (all the RSTs will
be treated as out of window

3) there are more things than just TCP-AO that use ISNs as input; it
seems like you need a blanket statement on how they're handled. This
also then seems to kill automatic fall-back, AFAICT.

4) the doc needs to explain the impact of using this feature on each
segment on the TCP option space

5) the doc should probably address the impact of odd middleboxes, e.g.,
that split or splice segments or change sequence numbers

That's just scratching the surface; I fear this is a Gordian knot of
issues for which there is no simple sword.

Joe

v2.23.0 | Report a Bug | By Email