Re: [tcpm] Minimum nonce length in draft-touch-tcpm-experimental-options
"SCHARF, Michael" <Michael.Scharf@alcatel-lucent.com> Wed, 29 February 2012 20:29 UTC
Return-Path: <Michael.Scharf@alcatel-lucent.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41CF721F8603 for <tcpm@ietfa.amsl.com>; Wed, 29 Feb 2012 12:29:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.173
X-Spam-Level:
X-Spam-Status: No, score=-6.173 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DRpGnJtS8JO7 for <tcpm@ietfa.amsl.com>; Wed, 29 Feb 2012 12:29:40 -0800 (PST)
Received: from mailrelay2.alcatel.de (mailrelay2.alcatel.de [194.113.59.96]) by ietfa.amsl.com (Postfix) with ESMTP id 831B021F85E0 for <tcpm@ietf.org>; Wed, 29 Feb 2012 12:29:39 -0800 (PST)
Received: from SLFSNX.rcs.alcatel-research.de (slfsn1.rcs.de.alcatel-lucent.com [149.204.60.98]) by mailrelay2.alcatel.de (8.14.3/8.14.3/ICT) with ESMTP id q1TKTXoZ020561; Wed, 29 Feb 2012 21:29:33 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 29 Feb 2012 21:29:09 +0100
Message-ID: <133D9897FB9C5E4E9DF2779DC91E947C06E03465@SLFSNX.rcs.alcatel-research.de>
In-Reply-To: <7CC5FA62-2223-4003-BE21-F9E2F6120D96@iki.fi>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] Minimum nonce length in draft-touch-tcpm-experimental-options
Thread-Index: Acz3He5lqq7N463XSXK9vd9IxFFkBQAAfDSg
References: <133D9897FB9C5E4E9DF2779DC91E947C06C80E75@SLFSNX.rcs.alcatel-research.de> <11225_1330460112_4F4D35D0_11225_4274_1_CAO249ycxh75VETJ6jYScpw-ChCi9As6x6x35RnXHKWY1TVEkYw@mail.gmail.com> <7CC5FA62-2223-4003-BE21-F9E2F6120D96@iki.fi>
From: "SCHARF, Michael" <Michael.Scharf@alcatel-lucent.com>
To: Pasi Sarolahti <pasi.sarolahti@iki.fi>, Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
X-Scanned-By: MIMEDefang 2.69 on 149.204.45.73
Cc: tcpm@ietf.org, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] Minimum nonce length in draft-touch-tcpm-experimental-options
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 20:29:41 -0000
> >> Does that statement intend to say something like "MUST NOT > be shorter > >> than 16 bits long"? Or shall even a nonce of length 0 be allowed, > >> provided that there are additional security mechanism such as > >> checksums or digital signatures? In the latter case, > existing use of > >> the codepoints without nonce could be compliant to the > >> recommendation, provided that there are other means to > detect false positives. > > > > I don't have strong opinion on this yet, but I personally think we > > don't have to mention minimum length specifically in the draft. > > However, I might prefer to put a little bit more stress in > this regards, like, > > o It's implementor's responsibility to find good balance > between the > > overhead of magic number and the overhead to handle false positive. > > o the draft doesn't guarantee anything even if an implementor > > chooses longer magic number > > I agree. Given the scarcity of TCP option space, you do not > want to use any more space for the magic number than > necessary. Maybe one possible option could be to use a 32-bit > magic number in the SYN handshake, to declare that for the > rest of that connection option types 253 and 254 are used > without magic number for feature X (or perhaps with a shorter > magic number, to allow simultaneous experimental features). > This could be useful when the option space is expected to get tight. Option space is particularly scarce in SYNs. Afterwards one could try to piggyback a long option to an empty ACK instead. Thus, this only helps if a rather long option must indeed be present in a data segment, right? Michael
- [tcpm] Minimum nonce length in draft-touch-tcpm-e… SCHARF, Michael
- Re: [tcpm] Minimum nonce length in draft-touch-tc… Yoshifumi Nishida
- Re: [tcpm] Minimum nonce length in draft-touch-tc… Pasi Sarolahti
- Re: [tcpm] Minimum nonce length in draft-touch-tc… SCHARF, Michael
- Re: [tcpm] Minimum nonce length in draft-touch-tc… Joe Touch