Re: [tcpm] New version of tcp-secure draft
"Agarwal, Anil" <Anil.Agarwal@viasat.com> Tue, 25 September 2007 14:25 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaBME-0000ZX-VZ; Tue, 25 Sep 2007 10:25:50 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaBMD-0000ZM-NU for tcpm@ietf.org; Tue, 25 Sep 2007 10:25:49 -0400
Received: from harrier.viasat.com ([12.198.241.131] helo=VGAEXCH02.hq.corp.viasat.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IaBMD-00015y-CM for tcpm@ietf.org; Tue, 25 Sep 2007 10:25:49 -0400
Received: from VGAEXCH01.hq.corp.viasat.com ([172.31.1.20]) by VGAEXCH02.hq.corp.viasat.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Sep 2007 10:26:12 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [tcpm] New version of tcp-secure draft
Date: Tue, 25 Sep 2007 10:26:12 -0400
Message-ID: <0B0A20D0B3ECD742AA2514C8DDA3B0658B756B@VGAEXCH01.hq.corp.viasat.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Re: [tcpm] New version of tcp-secure draft
Thread-Index: Acf/gAYVoeSglGPBQ8eMYee5LtL8wA==
From: "Agarwal, Anil" <Anil.Agarwal@viasat.com>
To: ananth@cisco.com
X-OriginalArrivalTime: 25 Sep 2007 14:26:12.0814 (UTC) FILETIME=[06314EE0:01C7FF80]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Ananth, Here are some (late) comments on draft-ietf-tcpm-tcpsecure-08 - 1. Section 1.1 states - "Most modern operating systems have a default window size which usually is applied to most connections. Some applications however may change the window size to better suit the needs of the application". Would be useful to mention that some modern operating systems (Linux) dynamically adapt the receive window size. This somewhat reduces the vulnerability of these attacks. 2. In the first two mitigation techniques, if an attacker injects 3 quick successive RST or SYN packets, it may result in the receiver generating 3 identical ACKs, which in turn may cause the transmitter to perform fast retransmission and reduce cwnd. This is not as bad as a connection reset, but nevertheless it can be quite disruptive, especially for LFNs. Do we need a mechanism to prevent this? An ACK throttling value of 2 per second would be one way to address this Anil Anil Agarwal ViaSat Inc. 20511 Seneca Meadows Parkway, Suite 200 Germantown, MD 20876 Anil.Agarwal@viasat.com <mailto:Anil.Agarwal@viasat.com> ViaSat Brings your Network to Life _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] New version of tcp-secure draft Agarwal, Anil