RE: [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-cheat-00
<toby.moncaster@bt.com> Wed, 21 February 2007 15:46 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJtfi-0001w9-W7; Wed, 21 Feb 2007 10:46:22 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJtfh-0001w4-SE for tcpm@ietf.org; Wed, 21 Feb 2007 10:46:21 -0500
Received: from smtp2.smtp.bt.com ([217.32.164.150]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HJtfc-0003dT-6c for tcpm@ietf.org; Wed, 21 Feb 2007 10:46:21 -0500
Received: from i2kc07-ukbr.domain1.systemhost.net ([193.113.197.14]) by smtp2.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 21 Feb 2007 15:46:15 +0000
Received: from E03MVZ4-UKDY.domain1.systemhost.net ([193.113.30.65]) by i2kc07-ukbr.domain1.systemhost.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 21 Feb 2007 15:46:12 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-cheat-00
Date: Wed, 21 Feb 2007 15:46:10 -0000
Message-ID: <BAB4DC0CD5148948A86BD047A85CE2A70233A148@E03MVZ4-UKDY.domain1.systemhost.net>
In-Reply-To: <20070220193652.GZ20215@loompa.cs.umd.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-cheat-00
Thread-Index: AcdVKkqHb5mcZeOwQQuhseJdgbNsewApMjOg
From: toby.moncaster@bt.com
To: capveg@cs.umd.edu
X-OriginalArrivalTime: 21 Feb 2007 15:46:12.0022 (UTC) FILETIME=[69845560:01C755CF]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 093efd19b5f651b2707595638f6c4003
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Hi Rob, We were under the impression that you were keen that the skipped segments solution be implemented with SACK enabled as otherwise there is a risk that it could delay the notification of congestion by up to 1 RTT more. Apologies if we have got this wrong. The condition we give in 6.2.4 that "Periodically and randomly, any heavily loaded TCP sender SHOULD check the honesty of its receivers using the probabilistic test." wasn't meant to imply that this was the ONLY time a sender should test its receivers. It might be better in a future draft to change it to something wider like: "Any TCP sender SHOULD check the honesty of its receivers using the probabilistic test periodically and randomly. In particular, it would be advantageous for any sender that is heavily loaded to identify if it is taken advantage of by an attack by a dishonest receiver". We would hope that senders would check at other times as well, hence the second bullet point in section 6.2.4. Final point, as Gavin McCullagh has already pointed out, apart from legacy Tahoe TCP implementations a receiver can be reasonably safe if it sends less than 3 duplicate ACKs for a missing segment as this will not trigger fast re-transmit. Consequently we have specified that the displacement should be at least this large. Toby ________________________________________________________________________ ____ Toby Moncaster, <toby.moncaster@bt.com> Networks Research Centre, BT Research B54/70 Adastral Park, Martlesham Heath, Ipswich, IP53RE, UK. +44 1473 648734 -----Original Message----- From: Rob Sherwood [mailto:capveg@cs.umd.edu] Sent: 20 February 2007 19:37 To: Moncaster,T,Toby,CXR9 R Cc: tcpm@ietf.org Subject: Re: [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-cheat-00 On Tue, Feb 20, 2007 at 05:27:03PM -0000, toby.moncaster@bt.com wrote: > All, > > As you will shortly see we have just posted a new ID called "A TCP > Test To Allow Senders to Identify Receiver Cheating" > draft-moncaster-tcpm-rcv-cheat-00. This draft was written as a result > of a request made to Bob Briscoe at IETF 67. There he mentioned to > TVWG that we would be happy to produce a transport layer nonce to > protect against receivers concealing lost packets. This suggestion was > broadly welcomed by the WG and this draft is our response. Initially > we intended to submit this to TSVWG as they requested it. However > after checking with the co-chairs of both TCPM and TSVWG it was agreed > that TCPM would be the best forum for the draft. The draft is > available in various formats at > http://www.cs.ucl.ac.uk/staff/B.Briscoe/pubs.html#tcp-rcv-cheat. Hi Toby, I gave a quick read through the draft on your website, and have a few comments. Section 5.1) I think there might be some confusion here, but the skipped segment solution that we proposed in our paper does not require the receiver supports SACK. Trivially, our paper presents performance results for receivers that do and do not support SACK. If the sender skips segment N, any ACK > N indicates misbehavior; SACK is simply not involved for correctness. If SACK is not supported in the connection, then the standard performance penalties for not implementing SACK apply, i.e., the receiver has to duplicate ACK each loss in turn. Am I missing something here? Section 6.2.4) "Periodically and randomly, any heavily loaded TCP sender SHOULD check the honesty of its receivers using the probabilistic test." I don't think it is sufficient that only heavily loaded TCP senders perform this test. Attackers can simply draw a small amount of traffic from many ("jillions" to quote Mark :-) of servers, not loading any one, but still have a large aggregate amount of traffic. In other words, if the solution is only applied to loaded servers, then the attack still exists. At a high level, I like the proposed two phase test in that it is slightly more efficient then the randomly skipped segment test alone, i.e., instead of honest receivers being penalized 1 RTT every test, they are only penalized the buffer time and 1 RTT if network reordering (pathologically?) undoes the reordering test. It is not clear, to me at least, how the efficiency gain weighs against the additional complexity of code, but presumably others can comment on that. However, my understanding of the concern raised on this list (if I can summarize other's opinions) was that there was a philosophical objection to mucking up[1] the TCP code for an attack which is not being actively exploited. In other words, it wasn't the efficiency of the solution that was at issue, but whether is should be applied at all. Should people decide that this two phases approach is preferable, it might be possible to simplify the first phase test as follows. Rather then reordering segments N-1,N,N+1,..,N+D to N-1,N+1,..,N+D,N as Toby et. al suggest, it might be better to more frequently perform this test with D=1, (i.e., simply swap the order of two sequential segments) and after some threshold number K failures, apply the second phase randomly skipped segment test. I only suggest this as the analysis is probably slightly simpler in that the reordering rate of pairs of packets have been previously measured, where as the probability that the N-1,N,N+1,..,N+D to N-1,N+1,..,N+D,N reordering would be undone is less well studied. - Rob . [1] "mucking up" is clearly a technical term :-) _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-… toby.moncaster
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… Rob Sherwood
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… Michael Welzl
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… Gavin McCullagh
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… toby.moncaster
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… toby.moncaster
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… Michael Welzl
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… Anantha Ramaiah (ananth)
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… Rob Sherwood
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… Caitlin Bestler
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… Rob Sherwood
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… John Heffner
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… Anantha Ramaiah (ananth)
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… Michael Welzl
- RE: [tcpm] New I-D posted : draft-moncaster-tcpm-… toby.moncaster
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… John Heffner
- AW: [tcpm] New I-D posted : draft-moncaster-tcpm-… Michael Welzl
- Re: [tcpm] New I-D posted : draft-moncaster-tcpm-… Gorry Fairhurst