Re: [tcpm] [Fwd: I-D ACTION:draft-eggert-tcpm-tcp-abort-timeout-option-00.txt]
Fernando Gont <fernando@gont.com.ar> Thu, 06 May 2004 05:53 UTC
Received: from optimus.ietf.org (www.iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA06479 for <tcpm-archive@odin.ietf.org>; Thu, 6 May 2004 01:53:23 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BLbkE-0004SP-3X for tcpm-archive@odin.ietf.org; Thu, 06 May 2004 01:48:30 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i465mUiL017133 for tcpm-archive@odin.ietf.org; Thu, 6 May 2004 01:48:30 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BLbjM-00046L-PN for tcpm-web-archive@optimus.ietf.org; Thu, 06 May 2004 01:47:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA05962 for <tcpm-web-archive@ietf.org>; Thu, 6 May 2004 01:47:34 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BLbjJ-0001Su-Jk for tcpm-web-archive@ietf.org; Thu, 06 May 2004 01:47:33 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BLbiF-00016V-00 for tcpm-web-archive@ietf.org; Thu, 06 May 2004 01:46:29 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BLbho-0000lu-00 for tcpm-web-archive@ietf.org; Thu, 06 May 2004 01:46:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BLbc2-0001Ws-HD; Thu, 06 May 2004 01:40:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BLbaa-0000oU-Pf for tcpm@optimus.ietf.org; Thu, 06 May 2004 01:38:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA05669 for <tcpm@ietf.org>; Thu, 6 May 2004 01:38:30 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BLbaX-0006Ch-KX for tcpm@ietf.org; Thu, 06 May 2004 01:38:29 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BLbZk-0005rr-00 for tcpm@ietf.org; Thu, 06 May 2004 01:37:41 -0400
Received: from [170.210.17.130] (helo=libertad.frh.utn.edu.ar) by ietf-mx with esmtp (Exim 4.12) id 1BLbYx-0005NI-00 for tcpm@ietf.org; Thu, 06 May 2004 01:36:51 -0400
Received: from fernando.gont.com.ar ([200.68.238.98]) by libertad.frh.utn.edu.ar (8.9.3/8.8.7) with ESMTP id DAA26397; Thu, 6 May 2004 03:09:21 -0400
Message-Id: <4.3.2.7.2.20040505094658.00c22240@mail.daleclick.com>
X-Sender: fgont@mail.daleclick.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 06 May 2004 02:36:10 -0300
To: Lars Eggert <lars.eggert@netlab.nec.de>, tcpm@ietf.org
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] [Fwd: I-D ACTION:draft-eggert-tcpm-tcp-abort-timeout-option-00.txt]
In-Reply-To: <40861F36.2050304@netlab.nec.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: tcpm-admin@ietf.org
Errors-To: tcpm-admin@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
At 09:13 21/04/2004 +0200, Lars Eggert wrote: >this announcement doesn't seem to have made it onto the list. I'd >appreciate some group feedback on the ID. Here's my feedback on your draft. Note that some of my comments are some "eitorial" notes, while others are technical stuff. Page 2, first para: It says "In between connected periods, mobile hosts may experience disconnected periods during which no network service is available." I'd probably re-phrase it as "Mobile hosts may experience periods of time during which no network service is available." Page 2, first para: It says "....their established TCP connections can abort during periods of disconnection." I'd write it as "....their established connections may be aborted during periods of disconnection." Page 2, second para: It says "If a disconnection lasts longer than the user timeout, the TCP connection will abort". I'd say "....will be aborted", instead. Page 2, third para: It says "Instead of a single user timeout, some TCP implementations offer finer-grained mechanisms" IMHO, it should say "policies" instead of "mechanisms". Page 2, third para: It says "The Host Requirements document". I'd say "RFC" instead of "document". Page 2, fourth para: It says "This document specifies a new TCP option - the Abort Timeout Option". IMHO, "Abort timeout" is a misnomer. I'd call it "Connection Timeout", instead. (I would also change all instances of "abort timeout" to "connection timeout"). Page 3, first para: It says "A host wishing to negotiate a specific abort timeout for a connection MAY include the TCP Abort Timeout Option". As you say "A host wishing to negotiate a specific abort timeout", I'm not sure whether I'd say "MAY" (i.e., I'd probably say "MUST"). (I would do say "MAY" if you just said "A host MAY include the TCP Abort Timeout Option"). Page 3, first para: It says "It MUST NOT include an Abort Timeout Option in any other segment." Note that the ATO is included in segments other than those with the SYN bit set. See Figure 2, the one on the right: The ATO is included in a pure-ACK segment (i.e., the SYN bit is not set). Page 3, second para: It says "Connections use abort timeouts negotiated with Abort Timeout Options during the ESTABLISHED state only." I'd write it as "The negotiated timeout is meant to be used only during the ESTABLISHED state." Page 3, fourth para: It says "Upon receipt of a segment with the Abort Timeout Option, the receiving host decides whether to accept, shorten, or reject its peer's proposed abort timeout." Why shouldn't the receiving host be able to *enlarge* the proposed abort timeout? Page 3, fifth para: It says "This will either be the SYN-ACK, if it received the peer's Timeout Abort Option...." It should say "Abort Timeout Option" instead of "Timeout Abort Option". Page 3, fifth para: It says: " When a receiving host accepts or shortens the offered abort timeout, it MUST include an Abort Timeout Option with the corresponding timeout value in the next segment it sends. This will either be the SYN-ACK, if it received the peer's Timeout Abort Option in the SYN segment, or the first ACK if it received the option in the SYN-ACK segment." Consider the following scenario: Host A receives the peer's ATO in the SYN-ACK segment, and thus includes the ATO in the first ACK. This ACK is lost. Before the peer timouts and retransmits the SYN-ACK segment, A sends some data to the peer. In this scenario, the peer will think A does not support the ATO, when it *does* support it. Page 4: Have you considered using the "TCP Abort Timeout Option" in a similar fashion to TCP's MSS option? I mean, rather than "negotiating" a timeout, I'd just make the end-points "suggest" a timeout. The option would be sent in the SYN segment, in the same way as the MSS option. The timout wouldn't need to be symmetrical, either. How to deal with the option would be a policy of each system. However, I'd probably suggest that the larger of both values (in case both end-points included the ATO) is chosen, provided it's not larger than a per-system defined limit (that means, if one of the endpoints specifies a timeout period of, say, 60 minutes, but the system limit is 40 minutes, then *40* minutes would be chosen for the timeout period). Page 4, second para: It says "It MUST then also use its default timeout value for the connection." I'd probably remove the word "also". Page 4, fourth para: It says "If it does, the connection MUST use the abort timeout contained inside the Abort Timeout Option." I'd say "TCP" instead of "the connection". Page 4, fourth para: It says "If it does, the connection MUST use the abort timeout contained inside the Abort Timeout Option." I'd say "TCP" instead of "the connection". Page 4, fifth para: It says "This causes the connection to use the default abort timeout, thus ensuring interoperability." I'd say "TCP" instead of "the connection". Page 5, first para: "The TCP specification [1] does not define a range for permitted abort timeouts." Shouldn't it say "of" instead of "for"? Page 5, second para: It says "Very short timeout values can affect TCP retransmissions over high-delay paths." I'm not sure what you mean here. Page 6, first para: It says "Connections could default to starting with shorter timeouts and only negotiate longer timeouts when disconnection was imminent." I'd probably say "short" instead of "shorter". Page 6, first para: It says "Connections could default to starting with shorter timeouts and only negotiate longer timeouts when disconnection was imminent." What do you mean by "when disconnection was imminent"? Page 6, first para: It says "This may reduce the amount of state held during times of disconnection." I'm not sure what you mean here. Page 6, third para: It says "It may be useful to permit finer-grained timeouts, e.g., milliseconds instead of seconds." What would you use such a timeout period for? Page 6, third para: "For example, a 16-bit timeout value with a granularity of seconds allows timeout values up to 18.2 hours, whereas a 32-bit timestamp with millisecond granularity allows timeout values up to 49.7 days." I'd stick to a granularity of seconds. Regarding the length of the timeout field, I'm not sure there's a real use for a timeout of, say 49.7 days. So I'd probably stick to a 16-bit field. Page 7, second para: It says " However, when an attacker completes the three-way handshakes of its throw-away connections it can amplify the effects of resource exhaustion attacks, because the attacked server must maintain the connection state associated with the throw-away connections for longer durations." If the attacker was able to complete the three-way handshake, then it's likely he will also be able to ACK whatever the victim is sending over the connection, so that the connection is not aborted. OTOH, note that, in principle, the throw-away connections will be aborted only if the victim sends data on the connection. If that's not the case then there's no reason for the connection to timeout. If you're thinking about TCP's Keepalive mechanism, I'd say that given the large timeout values it usually has, it would not stop the attack. Page 7, third para: It says "Although this is arguably the most complete solution, it depends on external mechanisms to establish trust." I'd probably say "the trust relationship", instead of "trust". Page 8, it says: ' [6] Moskowitz, R., "Host Identity Protocol Architecture", draft-moskowitz-hip-arch-05 (work in progress), October 2003.' I think there should be a new version of this draft. Just my two cents, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] [Fwd: I-D ACTION:draft-eggert-tcpm-tcp-abo… Lars Eggert
- Re: [tcpm] [Fwd: I-D ACTION:draft-eggert-tcpm-tcp… Fernando Gont