IETF Logo Mail Archive

Re: [tcpm] draft-anumita-tcpm-stronger-checksum

"Biswas, Anumita" <Anumita.Biswas@netapp.com> Thu, 10 June 2010 18:36 UTC

Return-Path: <Anumita.Biswas@netapp.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3810328C162 for <tcpm@core3.amsl.com>; Thu, 10 Jun 2010 11:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.299
X-Spam-Level:
X-Spam-Status: No, score=-5.299 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FB6LcpUFj7PK for <tcpm@core3.amsl.com>; Thu, 10 Jun 2010 11:36:46 -0700 (PDT)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by core3.amsl.com (Postfix) with ESMTP id CFE4728C12A for <tcpm@ietf.org>; Thu, 10 Jun 2010 11:36:36 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.53,399,1272870000"; d="scan'208";a="379347625"
Received: from smtp2.corp.netapp.com ([10.57.159.114]) by mx2-out.netapp.com with ESMTP; 10 Jun 2010 11:35:56 -0700
Received: from sacrsexc2-prd.hq.netapp.com (sacrsexc2-prd.hq.netapp.com [10.99.115.28]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id o5AIZlg2023298; Thu, 10 Jun 2010 11:35:56 -0700 (PDT)
Received: from SACMVEXC2-PRD.hq.netapp.com ([10.99.115.18]) by sacrsexc2-prd.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 10 Jun 2010 11:35:47 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 10 Jun 2010 11:35:20 -0700
Message-ID: <A3D02FB7C6883741952C425A59E261A5097324A2@SACMVEXC2-PRD.hq.netapp.com>
In-Reply-To: <4C10EE60.4010402@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] draft-anumita-tcpm-stronger-checksum
Thread-Index: AcsIpKDbUcjCAATNTAK2WmplBcpLrAAJsZSQ
From: "Biswas, Anumita" <Anumita.Biswas@netapp.com>
To: Joe Touch <touch@isi.edu>, "Scheffenegger, Richard" <rs@netapp.com>
X-OriginalArrivalTime: 10 Jun 2010 18:35:47.0248 (UTC) FILETIME=[BE315B00:01CB08CB]
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] draft-anumita-tcpm-stronger-checksum
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2010 18:36:47 -0000

> -----Original Message-----
> From: Joe Touch [mailto:touch@isi.edu] 
> Sent: Thursday, June 10, 2010 6:54 AM
> To: Scheffenegger, Richard
> Cc: tcpm@ietf.org; Anantha Ramaiah (ananth)
> Subject: Re: [tcpm] draft-anumita-tcpm-stronger-checksum
> 
> 
> Hi, Richard,
> 
> Scheffenegger, Richard wrote:
> > Hi Joe,
> > 
> > I think you mentioned that a checksum violation in TLS will 
> cause the 
> > connection to be aborted - rather than the corrupted packet to be 
> > resent...
> 
> Yes - TLS operates at the application layer, not in 
> conjunction with TCP.
> 
> > If keeping the standard TCP CRC intact (and covering TCP header & 
> > data) and having an RFC1146 alternate checksum that works 
> differently 
> > than defined therein, perhaps it would be better to make it 
> a new TCP 
> > option then.
> 
> Defined therein where? 
http://datatracker.ietf.org/doc/draft-anumita-tcpm-stronger-checksum/

Section 3 - "Negotiating the use of CRC 32C"

The alternate checksum isn't TLS; TLS 
> is an application-layer security protocol.
> 
> > During handshake, the CRC-32C capable sender would need to do the 
> > proper think (retry one or two times with all options, and 
> then retry 
> > with the minimum options); For agnostic middleboxes (and NAT/PAT 
> > routers currently deployed), not covering the pseudo-header 
> seems to 
> > me to be the only option, to make this feature work with existing 
> > gear...
> 
> RFC1146 defines a handshake behavior, during which only a 
> short label is exchanged and confirmed, and the conventional 
> TCP checksum is used. This is more appropriate for TCP; 
> options in the SYN should not render the rest of the SYN 
> unintelligible to parties that don't support the option.
> 
> As to retry with or without options, that is not typically 
> defined at the level of a TCP option. That too is application 
> behavior - i.e., to try to open a TCP connection with certain 
> parameters, and to try a different attempt if the first 
> fails. Having an option redefine core TCP protocol behavior 
> (such as timeouts, retries, etc.) seems more than just an 
> option. Options should extend, not redefine, that core behavior.
> 
> ...
> > As there exist HW that implements SCTP checksum offloading 
> (as well as
> > segmentation) nowadays, new appliactions could probably make use of 
> > that. However, applications would have to revert back to TCP (with 
> > small segments), if the other side wouldn't support SCTP.
> 
> Yes. But that's what you've described above when the TCP 
> handshake fails - i.e., that's no different. It's worth 
> thinking further about that, as a result.
> 
> Joe
> 
>

v2.14.0 | Report a Bug | By Email