IETF Logo Mail Archive

Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG

Hagen Paul Pfeifer <hagen@jauu.net> Tue, 19 August 2014 19:00 UTC

Return-Path: <hagen@jauu.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22FB31A070B for <tcpm@ietfa.amsl.com>; Tue, 19 Aug 2014 12:00:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9rl0_yYgsH7 for <tcpm@ietfa.amsl.com>; Tue, 19 Aug 2014 12:00:10 -0700 (PDT)
Received: from mail-la0-f52.google.com (mail-la0-f52.google.com [209.85.215.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6079A1A06FB for <tcpm@ietf.org>; Tue, 19 Aug 2014 12:00:01 -0700 (PDT)
Received: by mail-la0-f52.google.com with SMTP id b17so6218879lan.39 for <tcpm@ietf.org>; Tue, 19 Aug 2014 11:59:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=c3tVvZG8aMiNCzlOp2Jd/spZx4C7J+NRfjXvPmbitq8=; b=KF/Vol5aClRw8sRc5lHw9sLG84wrdMlkyjN4IoF+hy6H4UoDWnI1yVc4F+coQQ+JLW pjX/jud+91WIUnuvjddqWI93fQCSiL9TrUYma/OJU24KorchzOjZVtMmogGI5a8JCHNn 1gfzjlNx4DuBV9CYHHStLdWy3/KPYaj0GfzVXZtnaujx46sP9Igh5AOKtMrR+nZdMOex U+P6519cPYsD5ihUaw5zv06fPeqPwicVLAk5CBUxEKk2wxNSy5TEHgP9I3ooEGTQN0bI GUVBL0FPHvZx7myESENs5KBDwiwb+Wut6sTrfNIZbJn86EmBVNt1Kp7Dr2m40iNVyPUT CKNA==
X-Gm-Message-State: ALoCoQmHU4ZTzTjSVT+XvojnnGXN6z35i8aKjgQ8H28pOgy2ISk0GgxlzA8J+EX43zFuDGQ2qJD8
MIME-Version: 1.0
X-Received: by 10.112.25.102 with SMTP id b6mr35797923lbg.17.1408474798532; Tue, 19 Aug 2014 11:59:58 -0700 (PDT)
Received: by 10.152.242.42 with HTTP; Tue, 19 Aug 2014 11:59:58 -0700 (PDT)
X-Originating-IP: [2a02:810d:740:57c:6a05:caff:fe03:ab31]
In-Reply-To: <53F3970D.5080906@grothoff.org>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com> <CAFggDF2jhQPz0Eez=AU9M-k862wD_=VSyVpXtRAjT4zC6H4tgA@mail.gmail.com> <1408397675.299896.154112109.6F69043F@webmail.messagingengine.com> <8c5f6a1e9f2340e48e25dd151406b7d3@hioexcmbx05-prd.hq.netapp.com> <1408401991.317123.154137701.0A30F30C@webmail.messagingengine.com> <CAPh34meB=EtgNu=_eBS6ekB20fRccAqXFWydkCWG+6VKSa98rg@mail.gmail.com> <CAFggDF39L+kLQLmiWJR3q6suPOtYmKJiJUqp0kBv7GjUtNVOjA@mail.gmail.com> <CAPh34mdPtKvVJ2FfshPFwrwRDOw9CxxHT4ZTFYZZEVSoKOEq0A@mail.gmail.com> <53F3970D.5080906@grothoff.org>
Date: Tue, 19 Aug 2014 20:59:58 +0200
Message-ID: <CAPh34mf2rnNuM=YZ1uin1_PtkB8buOskMtf3NAJMOwdFeMe9MQ@mail.gmail.com>
From: Hagen Paul Pfeifer <hagen@jauu.net>
To: Christian Grothoff <christian@grothoff.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/nVNCGMrnikFbAzxJWc5EHf3d7_k
Cc: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>, alfiej@fastmail.fm
Subject: Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2014 19:00:18 -0000

On 19 August 2014 20:27, Christian Grothoff <christian@grothoff.org> wrote:

> You clearly also deliberately missunderstand the difference between
> design / specification / mechanism, and the reality of an implementation.

No, I don't. But you are right, we should talk about implementation issues.

> Prove is a strong word.  Now, I would not mind if the standard included
> some strong wording on using a random TSval in combination with TCP
> Stealth by default.  But, as was pointed out, due to some NATs messing
> with TSvals, we decided to keep it optional, as opposed to mandatory.
> But I think that is a point I would be open to discuss, as it is really
> a trade-off.

TSvals *are* optional, you propose TCP stealth should depend on an
"optional option"? I clearly see problems here because they can be
filtered, disabled or simple the limited option space is exhausted by
other options. What about PAWS? What about ISN duplicates and how are
these handled (and differentiated)?

Hagen

v2.23.0 | Report a Bug | By Email