IETF Logo Mail Archive

[tcpm] Re: RFC 5925 Section 6.2 Issue

"touch@strayalpha.com" <touch@strayalpha.com> Fri, 17 April 2026 04:54 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tcpm@mail2.ietf.org
Delivered-To: tcpm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id DDDCFDE0C207 for <tcpm@mail2.ietf.org>; Thu, 16 Apr 2026 21:54:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776401661; bh=T7oTOG91dpz9g1N5MK9SbXeAIv7XtXa4F6PdCHf3Tbo=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=XKCNhKchppzfSjFCLhVPC0xV0LwlxX8ms62NHTmXx4ams6rCCoI1KNXCDWwwd4yvF MAzKnsvLzcUzDecsOGGyisec40sEuBk7ahqGE93w6wILS9wSNrNWoeiZgtiXua8PfP W4kWXBrGqV06ApDTRSCSWqLi+DgEqwy7do02NlAA=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZmqrgTID-yg for <tcpm@mail2.ietf.org>; Thu, 16 Apr 2026 21:54:21 -0700 (PDT)
Received: from server217-4.web-hosting.com (server217-4.web-hosting.com [198.54.116.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 15C3CDE0C200 for <tcpm@ietf.org>; Thu, 16 Apr 2026 21:54:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=zBa7ogq+vqPzGDtGFmC9X8cVWX27s3Iot97evw8LH/Q=; b=szmwnaT3YPoyHcuAptjPL5g1ps O47InxUNvIqtzP7N6XUdqCkLrKf4cZ7im29su7ChBPDPnd4lNOOehOoIFTD2GlQpAegP+VSkroFu6 +72s9LbKb9O1ZcYgPd9SrV/+UfNB9GgxZUMLuI605mgb9NooGOAT4vk4sXcWQAwbRpfcdtw+tPxau ZFf2YOmQGzQjysZ7DYCDT6JcfWOfNKeHUSdRD9pe74/EeMI8HH0XHOUJQlUrrbNKn4/Ehq0ypI2iW yPaxha+MfpqH/qPO+4KlVRpMtcLBJn4DnA+r3Xua+BbFp7iSUgmyjBR5UoQXuGVR4u+QQDC9an4Jc wBLUMDtg==;
Received: from [172.58.213.177] (port=41835 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.99.1) (envelope-from <touch@strayalpha.com>) id 1wDbDZ-00000009vz1-1W6A; Fri, 17 Apr 2026 00:54:13 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_F3AF29EF-FAA0-4BEC-B8F8-B003A2EA13E1"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.500.181\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <DM4PR84MB23106124CB4CBF4A5F4EDFD1F4232@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
Date: Thu, 16 Apr 2026 21:54:02 -0700
Message-Id: <16BBD577-6C08-4D48-A1A1-8D185A0D2776@strayalpha.com>
References: <DM4PR84MB23101CB9D908995A65184C17F4222@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM> <49EDDD40-4E15-4365-B010-16FBE27C6DCF@strayalpha.com> <DM4PR84MB23106124CB4CBF4A5F4EDFD1F4232@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
To: "Bonica, Ron" <ronald.bonica@hpe.com>
X-Mailer: Apple Mail (2.3864.500.181)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Message-ID-Hash: 34MYUF5HVVFDUX5KFWDIO7GSGQL5CI7P
X-Message-ID-Hash: 34MYUF5HVVFDUX5KFWDIO7GSGQL5CI7P
X-MailFrom: touch@strayalpha.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tcpm@ietf.org Extensions" <tcpm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Re: RFC 5925 Section 6.2 Issue
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/dL25ckKqGwUnAJsm0IhoL9JLo14>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>

There’s already an errata from 2020 that corrects the code once. This is just another bug in the code, effectively.

The intent of the SNE is clear and isn’t changing; what is changing (like in 2020) is the code that generates the intended SNE.

That’s generally considered just a technical errata - it’s not a new MUST, any more than the 2020 fix was. The RFC 9187 code was more robustly vetted than the code from 5925; neither code is a MUST in any sense.

RFC5925 states, correctly:


   ...The implementation of SNEs is not specified in this document, but one
   possible way is described here that can be used for either RCV.SNE,
   SND.SNE, or both.





Yes, the description has an error and that should be fixed. But the code in 5925 wasn’t a MUST, nor should the code in 9187 be.

Joe

> On Apr 16, 2026, at 9:13 AM, Bonica, Ron <ronald.bonica@hpe.com> wrote:
> 
> Joe,
> 
> Thanks for writing RFC 9187. I didn't know that it existed.
> 
> But I think that we need to give the errata some consideration. Errata scope and backwards compatibility are issues.
> 
> The errata will say either:
> 
> TCP-AO MUST use the algorithm specified in RFC 9187
> TCP-AO MUST use an algorithm that, given the validation data provided in Section 6 of RFC 9187, generates the same results as the algorithm provided in RFC 9187
> 
> Can we add a MUST in an errata? We can tiptoe around the word "MUST", but we cannot tiptoe around the errata intent.
> 
> Moreover, it the errata has any impact, it will cause people to change implementations. If they change implementations, there will be a backwards compatibility issue. Granted, the backwards compatibility issue will only be evident in a few corner cases, but there will be a backwards compatibility issue.
> 
>                                                         Ron
> 
> 
> 
> From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>>
> Sent: Thursday, April 16, 2026 12:44 AM
> To: Bonica, Ron <ronald.bonica@hpe.com <mailto:ronald.bonica@hpe.com>>
> Cc: tcpm@ietf.org <mailto:tcpm@ietf.org> Extensions <tcpm@ietf.org <mailto:tcpm@ietf.org>>
> Subject: Re: [tcpm] RFC 5925 Section 6.2 Issue
>  
> Errata that points to RFC 9187.
> 
>> On Apr 15, 2026, at 3:56 PM, Bonica, Ron <ronald.bonica=40hpe.com@dmarc.ietf.org <mailto:ronald.bonica=40hpe.com@dmarc.ietf.org>> wrote:
>> 
>> 
>> Folks,
>> 
>> There is a problem in RFC 5925. I am looking for the WG's advice regarding whether we should:
>> 
>> Ignore it
>> Fix it with an Errata
>> Fix it with a bis document
>> 
>> According to the RFC:
>> 
>> "TCP uses a 32-bit sequence number, which may, for long-lived connections, roll over and repeat.  This could result in TCP segments being intentionally and legitimately replayed within a connection. TCP-AO prevents replay attacks, and thus requires a way to differentiate these legitimate replays from each other, and so it adds a 32-bit Sequence Number Extension (SNE) for transmitted and received segments."
>> 
>> The RFC continues:
>> 
>> "For transmitted segments, SND.SNE can be implemented by extending TCP's sequence number to 64 bits; SND.SNE would be the top (high-order) 32 bits of that number.  For received segments, TCP-AO needs to emulate the use of a 64-bit number space and correctly infer the appropriate high-order 32-bits of that number as RCV.SNE from the received 32-bit sequence number and the current connection context.
>> 
>> The implementation of SNEs is not specified in this document, but one possible way is described here that can be used for either RCV.SNE, SND.SNE, or both."
>> 
>> Regardless of how SNEs are implemented, SND.SNE and RCV.SNE must be equal. Otherwise, a legitimate segment fails to authenticate and the TCP session hangs.
>> 
>> We test a scenario where:
>> 
>> RCV.SNE is implemented by the pseudocode provided in Section 6.2
>> The following TCP Sequence numbers were processed: 
>> 0xF7358299   >>>>>RCV.SNE = 0
>> 0xF735A57B  >>>>>RCV.SNE = 0
>> 0xC                   >>>>>RCV.SNE = 1
>> 0xF7358299 >>>>>RCV.SNE = 0
>> 0xC                  >>>>>RCV.SNE = 2
>> 
>> The final RCV.SNE is 2. It should be 1.
>> 
>> If SND.SNE were implemented by extending TCP's sequence number to 64 bits,  authentication would fail and the TCP session would hang.
>> 
>> How do we address this problem without creating larger backwards compatibility problems?
>> 
>>                                                                                                Ron
>> 
>> P.S. Thanks to Ping Chen for finding this problem
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> tcpm mailing list -- tcpm@ietf.org <mailto:tcpm@ietf.org>
>> To unsubscribe send an email to tcpm-leave@ietf.org <mailto:tcpm-leave@ietf.org>

v2.43.4 | Report a Bug | By Email | System Status