IETF Logo Mail Archive

Re: [tcpm] Flaw in RFC793 (Fwd: New Version Notification for draft-gont-tcpm-tcp-seq-validation-03.txt)

"Scharf, Michael (Nokia - DE/Stuttgart)" <michael.scharf@nokia.com> Sun, 11 March 2018 21:19 UTC

Return-Path: <michael.scharf@nokia.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73E83126D45 for <tcpm@ietfa.amsl.com>; Sun, 11 Mar 2018 14:19:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.001
X-Spam-Level:
X-Spam-Status: No, score=-1.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iczr4eZ_2UDi for <tcpm@ietfa.amsl.com>; Sun, 11 Mar 2018 14:19:04 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0137.outbound.protection.outlook.com [104.47.2.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 007A9126D3F for <tcpm@ietf.org>; Sun, 11 Mar 2018 14:19:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VSxVey7L3fdSTP0Q3FSBsMBjOfF0kmwuDfBeS732kAs=; b=tYsQc8aOrDHN6PS89hzV4SiCxQDNndMclbZH/KjDifrNmWGOwLbpuhUBDW0s9BanM7Jx3deRHJu7fJhIwXZpqPYJRcoTjpqbz3bWo+un8Ys2QqmQfXC7wVebqgszXKbrvbrGz0eZh+1cgtixBQn7K8NEX4ymbkTRimg+EAp9/QU=
Received: from AM5PR0701MB2547.eurprd07.prod.outlook.com (10.173.92.15) by AM5PR0701MB3042.eurprd07.prod.outlook.com (10.168.157.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.7; Sun, 11 Mar 2018 21:19:01 +0000
Received: from AM5PR0701MB2547.eurprd07.prod.outlook.com ([fe80::4935:9288:dcd6:7db0]) by AM5PR0701MB2547.eurprd07.prod.outlook.com ([fe80::4935:9288:dcd6:7db0%5]) with mapi id 15.20.0588.009; Sun, 11 Mar 2018 21:19:01 +0000
From: "Scharf, Michael (Nokia - DE/Stuttgart)" <michael.scharf@nokia.com>
To: Wesley Eddy <wes@mti-systems.com>, "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: [tcpm] Flaw in RFC793 (Fwd: New Version Notification for draft-gont-tcpm-tcp-seq-validation-03.txt)
Thread-Index: AQHTtXphx0+5HDHi7U2B9J+o0ufo7aPDkTiAgAAu4ACAAFq6gIAHckyw
Date: Sun, 11 Mar 2018 21:19:01 +0000
Message-ID: <AM5PR0701MB2547292247EDD22BF9BBF1F793DC0@AM5PR0701MB2547.eurprd07.prod.outlook.com>
References: <152029339529.12825.5038413838558267392.idtracker@ietfa.amsl.com> <3edad22d-d6ed-31ea-cfc8-26b04b10de3e@si6networks.com> <E327115A-F8BC-4954-9635-76427199D295@netapp.com> <CAO249ycn-pv_TCpJEcpuV85RJ9eUqzzF7b6Hhx6S7s-CqwpKsQ@mail.gmail.com> <7ef9427f-3f12-9dd1-3d86-1135ce28c9cf@mti-systems.com>
In-Reply-To: <7ef9427f-3f12-9dd1-3d86-1135ce28c9cf@mti-systems.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [92.203.142.55]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM5PR0701MB3042; 7:WnPeTO+cwFA9UJRqLznXYruhXd9ZIZjwBXuI7KbnHxDoyhzvqSid2UiHwg4xXO3ffsXqkBHSVs8o1oJWhrLs8yOoMKRNW1PxXlJaVzabN2eOOx6lkUQghT9IEuVY36YtTw5UP/oXnCKDzZlO7uPKTV1EjqKCfOjGLXAtcxhEK8YF4bcC6tYNSRA5gd5XgwqVOuPUlAtvh921wDv9pqm7Ub8q6A5v4SN90PEK0lYj5/9BA8meAJJ/v1DIW4h11zJv
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: cbda01fc-b2d7-4249-8401-08d58795b615
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:AM5PR0701MB3042;
x-ms-traffictypediagnostic: AM5PR0701MB3042:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.scharf@nokia.com;
x-microsoft-antispam-prvs: <AM5PR0701MB304221AE669221E81883732F93DC0@AM5PR0701MB3042.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(100405760836317)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(11241501184)(806099)(944501244)(52105095)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:AM5PR0701MB3042; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0701MB3042;
x-forefront-prvs: 0608DEDB67
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39860400002)(346002)(366004)(39380400002)(376002)(396003)(69234005)(199004)(189003)(26005)(316002)(102836004)(106356001)(53936002)(76176011)(3280700002)(6506007)(74316002)(790700001)(93886005)(3846002)(97736004)(7110500001)(229853002)(6116002)(2900100001)(33656002)(53546011)(15650500001)(59450400001)(54896002)(6306002)(8936002)(10710500007)(86362001)(81166006)(81156014)(8676002)(110136005)(6246003)(236005)(186003)(25786009)(2950100002)(68736007)(55016002)(14454004)(6436002)(9686003)(99286004)(2420400007)(5250100002)(5660300001)(7736002)(7696005)(66066001)(3660700001)(2501003)(2906002)(478600001)(105586002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0701MB3042; H:AM5PR0701MB2547.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: o0gTDDz3lx3poy68EOcC7W3oEWz7cp3NOkYvsRyZLok7wF471MoZ4xOy7cIYDUUHW/q6BkwNkkYhJXADHp35QRSnNPiS1NhfxWGf8pf74f3444mauAhVwnWxksJI8uomtZ3BU3KiGphYhdn2z0Ay3gVhb6osWU/SMKuxTLmany2fXmIfpqiP0TDdOkYs83D66Tpjbn2cSkOW0y+yNr90Oe99HBmZIlZFf9tT9tfFKSfJbo9yvFzkXvcikKrAuKUMazb4T2uDcver9ap2CBvcd31U8sywsn2jm22t5maBTs9/himaZcXPjLeJ56tFYoCQ5xaqz3l38rRuFjFGkIBkfNltmxEXminB53ooUoYA8I7rLaT2CeNEslrIYwUv3DDt
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM5PR0701MB2547292247EDD22BF9BBF1F793DC0AM5PR0701MB2547_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cbda01fc-b2d7-4249-8401-08d58795b615
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2018 21:19:01.6012 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB3042
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/q9XOzRuNo4TwRUsIq73UlIiL5dU>
Subject: Re: [tcpm] Flaw in RFC793 (Fwd: New Version Notification for draft-gont-tcpm-tcp-seq-validation-03.txt)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2018 21:19:06 -0000

Having a small document that precisely describes the issue and solutions seems useful to me. I think it is easier to discuss and review a dedicated document than adding changes only in 793bis.

So, in my personal view, even an (informational) document that just describes the problem and known solutions would be better than having to sort this out in 793bis without a good reference. If the TCPM community agrees to a wording in a PS, that would even be a cleaner solution.

In any case, it would really help if TCP implementers could have a look at this short document.

Michael



From: tcpm [mailto:tcpm-bounces@ietf.org] On Behalf Of Wesley Eddy
Sent: Wednesday, March 07, 2018 4:18 AM
To: tcpm@ietf.org
Subject: Re: [tcpm] Flaw in RFC793 (Fwd: New Version Notification for draft-gont-tcpm-tcp-seq-validation-03.txt)

On 3/6/2018 4:53 PM, Yoshifumi Nishida wrote:

Hello,

On Tue, Mar 6, 2018 at 11:05 AM, Eggert, Lars <lars@netapp.com<mailto:lars@netapp.com>> wrote:
Hi,

isn't this something that could simply go into 793bis, after there is consensus that something needs to be fixed?

I think the observation of the bug can go into 793bis (which has been done in the current version).
However, I think the solution for it needs to be reviewed and discussed.



FYI - there is a paragraph on the issue in Appendix A of the current revision, which was added after discussion around the Chicago meeting (IIRC).  I think if no solution is blessed by the working group, that this warning about a "known bug" would be the best we can do in 793bis, but is certainly far less desirable than having an actual solution in the body of the document.  To work that solution out, discuss the options, etc., I'm in favor of advancing it via the draft Fernando and David have put together.  They already briefly discuss the Linux approach, for instance.



It will be really great if some implementers speak up if the solution in the draft looks good or they take different approach to address the issue.

Agreed; feedback is useful, though I do think this bug is evident and we at least can see what has evidently been done about it already in open source stacks, as examples.

v2.23.0 | Report a Bug | By Email