IETF Logo Mail Archive

Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt

Joe Touch <touch@isi.edu> Thu, 30 May 2013 16:59 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE89E21F937B for <tcpm@ietfa.amsl.com>; Thu, 30 May 2013 09:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.244
X-Spam-Level:
X-Spam-Status: No, score=-103.244 tagged_above=-999 required=5 tests=[AWL=-0.645, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6MN9I9kqPs7I for <tcpm@ietfa.amsl.com>; Thu, 30 May 2013 09:59:28 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 8025321F8F0A for <tcpm@ietf.org>; Thu, 30 May 2013 09:59:28 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id r4UGxA3K023055 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 30 May 2013 09:59:10 -0700 (PDT)
Message-ID: <51A7855D.7020606@isi.edu>
Date: Thu, 30 May 2013 09:59:09 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Pasi Sarolahti <pasi.sarolahti@iki.fi>
References: <20130518155753.17946.96581.idtracker@ietfa.amsl.com> <CAK6E8=d_LTZgnGAncdWDAi+7ebd3Lo5aevPeGG0=KSbBMeBhcg@mail.gmail.com> <519A8322.6030405@isi.edu> <26034_1369382276_519F1D83_26034_1735_1_519F1D68.604@uclouvain.be> <E220F4B0-EE27-431C-BCBE-0A0C01C8B0EF@iki.fi> <51A38F9F.4000407@isi.edu> <39EDB63B-7FCB-43F5-9355-474D50976005@iki.fi> <51A3A684.5020400@isi.edu> <B3F294F6-8866-4155-98F6-0927B90346E4@iki.fi> <51A3D24F.7050300@isi.edu> <62F28CBC-271E-42C4-9D06-1331CE25DC0E@iki.fi> <51A66002.7050401@isi.edu> <DDB1E5C2-F806-45CF-80F8-AC3774523A5C@iki.fi>
In-Reply-To: <DDB1E5C2-F806-45CF-80F8-AC3774523A5C@iki.fi>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm@ietf.org Extensions" <tcpm@ietf.org>
Subject: Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 16:59:34 -0000

Hi, all,

On 5/30/2013 1:36 AM, Pasi Sarolahti wrote:
> On May 29, 2013, at 11:07 PM, Joe Touch <touch@ISI.EDU> wrote:
...
> Nit: start of section 4.3 uses "REQUIRES" that should not be
> capitalized because it is not a RFC 2119 keyword. How about just saying
> something like "if PAWS algorithm is enabled, the following steps MUST
> be followed", or something. Sorry about splitting hairs, but I think we
> should be pedantic about the keywords.

REQUIRED is a 2119 keyword; I can't see why the present tense shouldn't 
be treated the same way, but MUST is fine too.

>>> " *  If the Timestamps option is removed from the <SYN> or <SYN,ACK>
>>>           segment, high speed connections that need PAWS would not have
>>> that protection. Successful negotiation of Timestamps option
>>> enforces a stricter verification of incoming segments at receiver. If
>>> the Timestamps option was removed from a subsequent data segment
>>> after a successful negotiation (for example, as part of
>>> re-segmentation), the segment is discarded by the receiver without
>>> further processing. Middleboxes should not remove the Timestamps
>>> option. One study found that 6% of measured HTTP connections had the
>>> Timestamps option removed from data segments [Honda11]."
>>
>> The last sentence seems out of place; why are you including that?
>> Ifthere are implications to the 6% drop then you should mention that, but
>> I would expect that elsewhere than the security considerations section.
>
> Because that paragraph talks about removal of timestamps option. But
> I agree that the proposed sentence doesn't sit there very well. How
> about including the reference in the beginning of the Middleboxes
> section of the text:
>
> "Some middleboxes have been known to remove the TCP options
>        described in this document from the TCP segments [Honda11]." (changed <SYN> segment to TCP segments)

Yup - that's better, IMO.

> The main point is that the current text only talks about dropping
> options from SYN segments, but this happens also for data segments, as
> the paper shows. Since we have fairly recent quantified data about this,
> why not include the reference?

That's fine, it was the placement issue.

However, if your point is that they remove options from data segments 
then you might point that out explicitly in the revised text.

Question - is there a reason a midbox would let the option through on a 
SYN and block it on the data segments? Or are you worried about path 
changes whose data segments go through midboxes that the SYN didn't? 
Again, if that's the case, then you might explain that in the text above 
in the midbox section (1-2 sentences).

Joe

v2.8.7 | Report a Bug | By Email