Re: [tcpm] Faster application handshakes with SYN/ACK payloads

Stefanos Harhalakis <v13@v13.gr> Sun, 21 September 2008 18:49 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0720C3A6A7F; Sun, 21 Sep 2008 11:49:43 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 474993A6A7F for <tcpm@core3.amsl.com>; Sun, 21 Sep 2008 11:49:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.35
X-Spam-Level:
X-Spam-Status: No, score=-2.35 tagged_above=-999 required=5 tests=[AWL=0.249, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qgcLl4MNOxof for <tcpm@core3.amsl.com>; Sun, 21 Sep 2008 11:49:40 -0700 (PDT)
Received: from mx-out.forthnet.gr (mx-out.forthnet.gr [193.92.150.104]) by core3.amsl.com (Postfix) with ESMTP id DE9D73A68D6 for <tcpm@ietf.org>; Sun, 21 Sep 2008 11:49:39 -0700 (PDT)
Received: from mx-av-05.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-03.forthnet.gr (8.14.3/8.14.3) with ESMTP id m8LIoRPU027986; Sun, 21 Sep 2008 21:50:27 +0300
Received: from MX-IN-05.forthnet.gr (mx-in-05.forthnet.gr [193.92.150.32]) by mx-av-05.forthnet.gr (8.14.3/8.14.3) with ESMTP id m8LInuYH030966; Sun, 21 Sep 2008 21:49:56 +0300
Received: from hell.hell.gr (adsl70-48.lsf.forthnet.gr [79.103.197.48]) by MX-IN-05.forthnet.gr (8.14.3/8.14.3) with ESMTP id m8LIntuM022757; Sun, 21 Sep 2008 21:49:55 +0300
Authentication-Results: MX-IN-05.forthnet.gr smtp.mail=v13@v13.gr; spf=neutral
Authentication-Results: MX-IN-05.forthnet.gr header.from=v13@v13.gr; sender-id=neutral
From: Stefanos Harhalakis <v13@v13.gr>
To: "Adam Langley" <agl@imperialviolet.org>
Date: Sun, 21 Sep 2008 21:49:54 +0300
User-Agent: KMail/1.9.9
References: <396556a20807311252j67b1ab26mf6511dbdae780fdd@mail.gmail.com> <200809211244.30186.v13@v13.gr> <396556a20809210708k714f3218hed50a44b74189e84@mail.gmail.com>
In-Reply-To: <396556a20809210708k714f3218hed50a44b74189e84@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200809212149.54848.v13@v13.gr>
Cc: tcpm@ietf.org, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] Faster application handshakes with SYN/ACK payloads
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

On Sunday 21 September 2008, Adam Langley wrote:
> On Sun, Sep 21, 2008 at 2:44 AM, Stefanos Harhalakis <v13@v13.gr> wrote:
> > Also, this is not exactly "data" as there is space for a very small
> > amount of information (some bits). Considering the possibilities of this,
> > it can be used in many situations such as:
> > * HTTP or other protocols that use a well-known-port, to negotiate
> > different behavior without introducing a new port number (SSL over port
> > 80?). * Cryptographic applications
> > * Anything that someone out there can think of. 8 bits (or a little more)
> > of information can be used for many things.
>
> Firstly, one counterargument that several have used in the past is
> that a round-trip-time is unimportant and any such scheme can be
> achieved without TCP changes by burning an RTT. I disagree with this,
> but I can't release any data to back up that assertion, so it's still
> a reasonable counterargument.

I don't believe that this is always possible when trying to keep backwards 
compatibility. Some (stupid ?) examples that just passed from my mind:
* (generic) Early protocol selection
* SSL over port 80, 25, etc
* Early virtualhost selection (with cooperation from the DNS)
* Hidden backdoors :P
* A kind of tunneling
* Anything that someone out there can imagine

> I also wonder how much of an advantage 8 bits, as opposed to a single
> bit, gives you. Although, once you have defined an option, 8 bits is
> almost as cheap as a single bit, so 'why not' is a reasonable
> position.

That's a good question that I don't have an answer for :-)
Indeed, everything that 8 bits can do can also be done with 1 bit and 
everything else in the data part. The only exception I can think of that of 
an intermediate firewall/NAT-box that may make a decision based on that 
field.

> Just from a personal point of view. I'm now using information from DNS
> and from previous connections to the same host to achieve this "early"
> information entirely within userspace. However, I still needed a new
> port because "transparent" proxies aren't very transparent when you
> stop speaking HTTP over port 80.

I don't see how transparent proxies will be affected by this. If they don't 
(want to) support the USER_DATA option then they will not reply to it and 
there will be no harm at all.
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm