IETF Logo Mail Archive

Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt

Joe Touch <touch@isi.edu> Mon, 27 May 2013 18:32 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 821BF21F9473 for <tcpm@ietfa.amsl.com>; Mon, 27 May 2013 11:32:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.599
X-Spam-Level:
X-Spam-Status: No, score=-104.599 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RwItkvxYabMf for <tcpm@ietfa.amsl.com>; Mon, 27 May 2013 11:32:00 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id A7D3D21F9418 for <tcpm@ietf.org>; Mon, 27 May 2013 11:32:00 -0700 (PDT)
Received: from [192.168.1.97] (pool-71-105-87-221.lsanca.dsl-w.verizon.net [71.105.87.221]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id r4RIVTil018884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 27 May 2013 11:31:39 -0700 (PDT)
Message-ID: <51A3A684.5020400@isi.edu>
Date: Mon, 27 May 2013 11:31:32 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Pasi Sarolahti <pasi.sarolahti@iki.fi>
References: <20130518155753.17946.96581.idtracker@ietfa.amsl.com> <CAK6E8=d_LTZgnGAncdWDAi+7ebd3Lo5aevPeGG0=KSbBMeBhcg@mail.gmail.com> <519A8322.6030405@isi.edu> <26034_1369382276_519F1D83_26034_1735_1_519F1D68.604@uclouvain.be> <E220F4B0-EE27-431C-BCBE-0A0C01C8B0EF@iki.fi> <51A38F9F.4000407@isi.edu> <39EDB63B-7FCB-43F5-9355-474D50976005@iki.fi>
In-Reply-To: <39EDB63B-7FCB-43F5-9355-474D50976005@iki.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm@ietf.org Extensions" <tcpm@ietf.org>
Subject: Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2013 18:32:06 -0000

On 5/27/2013 11:10 AM, Pasi Sarolahti wrote:
> On May 27, 2013, at 7:53 PM, Joe Touch <touch@isi.edu> wrote:
>
>> On 5/27/2013 3:19 AM, Pasi Sarolahti wrote:
>> ...
>>> MUST drop all (non-RST) segments without timestamp seems indeed
>>> In the worst case this might discourage enabling timestamps at all,
>>> if an implementation wants to be safe against middleboxes as
>>> described.
>>
> [...]
>> That's why RSTs MUST NEVER require anything - even, IMO, a handshake (as per RFC 5691).
>
> Fine, but my (and Olivier's) comment was about normal segments that
> do not carry RST flag.

Sorry - I misread your post. However:

> Why MUST those be dropped at the receiver if
> they are missing TSopt for some reason? This is a new requirement
> compared to earlier versions of the draft and RFC1323, and I don't
> think current implementations drop such segments either.

The original requirement was here in -13:

    Once TSopt has been successfully negotiated (sent and received)
    during the <SYN>, <SYN,ACK> exchange, TSopt MUST be sent in every
    non-<RST> segment for the duration of the connection, and SHOULD be
    sent in a <RST> segment (see Section 4.2 for details).  If a non-
    <RST> segment is received without a TSopt, a TCP MAY drop the segment
    and send an <ACK> for the last in-sequence segment.  A TCP MUST NOT
    abort a TCP connection if a non-<RST> segment is received without a
    TSopt.

Regarding handling of non-RSTs lacking TSopt, we did discuss this on the 
list; you even cited this within the past day or so:

---
> Always including TSopt seems to represent the rough consensus of the
> WG, even if it might not be a uniform agreement. This was discussed
> quite extensively some time ago. (Though judging rough consensus from
> Emails is difficult... we'd need some sort of electronic hum tool
---

Once you indicate a sender-side MUST, you need to describe how the 
receiver handles exceptions. IMO, there's little point to claiming PAWS 
protection if you're going to react *in any way* to a non-RST segment 
lacking TSopt.

I.e., a sender MUST include implies - IMO - a receiver MUST silently 
discard when the 'must' isn't there.

Joe

v2.23.0 | Report a Bug | By Email