Re: [tcpm] 793bis: TCP Quiet Time
Fernando Gont <fgont@si6networks.com> Thu, 23 January 2020 07:22 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83B8A120072 for <tcpm@ietfa.amsl.com>; Wed, 22 Jan 2020 23:22:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKSJPxY-Oa6t for <tcpm@ietfa.amsl.com>; Wed, 22 Jan 2020 23:22:46 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28104120026 for <tcpm@ietf.org>; Wed, 22 Jan 2020 23:22:46 -0800 (PST)
Received: from [192.168.100.103] (unknown [186.183.3.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id B7B8082DC0; Thu, 23 Jan 2020 08:22:42 +0100 (CET)
To: Matt Mathis <mattmathis@google.com>, Joe Touch <touch@strayalpha.com>
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
References: <5D669BDA.3000506@erg.abdn.ac.uk> <5D66A044.3060904@erg.abdn.ac.uk> <5d11289c-0174-8a5e-7f47-b0110564a601@mti-systems.com> <d6d45644-387a-6cee-8087-379c45f36e43@si6networks.com> <4B73D1AE-7901-4F2C-A56F-D4BF6D914050@strayalpha.com> <CAH56bmDx=EoCMhO__5n84cu0ZYDHRs0FvEYqm2KJLuNz+5K=PA@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <42ac39b4-34e0-7b51-cbb1-b158723ab089@si6networks.com>
Date: Thu, 23 Jan 2020 04:20:08 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAH56bmDx=EoCMhO__5n84cu0ZYDHRs0FvEYqm2KJLuNz+5K=PA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/o2ZBJv4bHY1cXqeQJWxP14LfptQ>
Subject: Re: [tcpm] 793bis: TCP Quiet Time
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 07:22:48 -0000
On 23/1/20 03:59, Matt Mathis wrote: > There are two other changes that have largely made this problem moot: > a) ISS and ephemeral port randomization make it extremely unlikely that > segments delayed across a reboot will be in sequence for any connections > (at the time this was written, both ISS and ephemeral ports were > generated by counters starting from fixed integers). FWIW, note in many of the randomization schemes (e.g. RFC6528) the resulting sequence still looks like a counter for each (src, dst). Still, I would expect the problem to be unlikely. > b) Although not reflected in policy, the effective MSL of the internet > has been declining as it gets faster. There are paths and devices that > can delay packets by more than 10 seconds but they don't normally cause > packets to be reordered by that much, so a new SYN can't pass an old > data segment, which is a requirement for triggering the hazard. Agreed. > I would suggest changing the text to say "a theoretical problem.... > that could be fixed by... but for the following reasons it is viewed as > being sufficiently unlikely to ignore. I would agree with this. That aside, one might also consider than as encryption becomes more pervasive, even in the case the problem took place, the connection would be reset, and the application would recover. -- so I guess it would be a hard case to make OSes implement this "quiet time". Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [tcpm] review of rev 14 of RFC 793 bis part 1 of … Gorry Fairhurst
- [tcpm] review of rev 14 of RFC 793 bis part 2 of … Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Joe Touch
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Joe Touch
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Wesley Eddy
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Rodney W. Grimes
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Wesley Eddy
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Jonathan Morton
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Rodney W. Grimes
- [tcpm] 793bis: TCP Quiet Time Wesley Eddy
- Re: [tcpm] 793bis: TCP Quiet Time Yuchung Cheng
- Re: [tcpm] 793bis: TCP Quiet Time Neal Cardwell
- Re: [tcpm] 793bis: TCP Quiet Time Matt Mathis
- Re: [tcpm] 793bis: TCP Quiet Time Joe Touch
- [tcpm] 793bis: variable MTU Wesley Eddy
- [tcpm] 793bis: reset generation section Wesley Eddy
- [tcpm] 793bis: IPv6 jumbograms Wesley Eddy
- [tcpm] 793bis: IP ID Wesley Eddy
- Re: [tcpm] 793bis: IP ID David Borman
- Re: [tcpm] 793bis: variable MTU Gorry Fairhurst
- Re: [tcpm] 793bis: IP ID Gorry Fairhurst
- Re: [tcpm] 793bis: IP ID Michael Tuexen
- Re: [tcpm] 793bis: TCP Quiet Time Matt Mathis
- [tcpm] 793bis: dead gateway detection Wesley Eddy
- [tcpm] 793bis: delayed ACKs Wesley Eddy
- Re: [tcpm] 793bis: IP ID David Borman
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID David Borman
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: delayed ACKs Yuchung Cheng
- Re: [tcpm] 793bis: TCP Quiet Time Fernando Gont
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: TCP Quiet Time Joe Touch
- Re: [tcpm] 793bis: TCP Quiet Time Matt Mathis
- Re: [tcpm] 793bis: TCP Quiet Time Fernando Gont
- Re: [tcpm] 793bis: TCP Quiet Time Fernando Gont
- Re: [tcpm] 793bis: IP ID Gorry Fairhurst
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch