Re: [tcpm] SYN/ACK Payloads, draft 01

"Adam Langley" <agl@imperialviolet.org> Thu, 14 August 2008 21:43 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F2BA3A6A5A; Thu, 14 Aug 2008 14:43:23 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FB883A68F4 for <tcpm@core3.amsl.com>; Thu, 14 Aug 2008 14:43:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.98
X-Spam-Level:
X-Spam-Status: No, score=-0.98 tagged_above=-999 required=5 tests=[AWL=0.997, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6ASJswBHOxk for <tcpm@core3.amsl.com>; Thu, 14 Aug 2008 14:43:19 -0700 (PDT)
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by core3.amsl.com (Postfix) with ESMTP id B93343A684C for <tcpm@ietf.org>; Thu, 14 Aug 2008 14:43:19 -0700 (PDT)
Received: by py-out-1112.google.com with SMTP id x19so521135pyg.24 for <tcpm@ietf.org>; Thu, 14 Aug 2008 14:43:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=HxVLniJvEVi5P/aQlDFVmJm9gXrSMzZOI+VySgywfxs=; b=CKWhgPc9MIwgoLXVX8oKpRBAHI50aDs9STga02zWqUcXyajevFHIg8andsJeDEXhHw V/Zo5PxGyCVkP53SlRBFSlAI8SEHNbKkupx3tjec2OVP3quC9gQMkDwURA4o7v7fKY5G +kyNMVlcJrP2+m3Gxzc90yECCaDTddtcyWm94=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=kYmk6PTKHOw6DvRoOxOKYvMbyRxm5mBoq9gpTBaCl/zZ8vtuliVarWTzvwEZBFb6zS FCUNpNI+6IKD1Fei0xorAjdwb5sSUeifzzLI/bsmTW82GSuOdd27H5ba81xulndRfz0x sPtqUZbP7YtZSNGkrS9lsKguRZchuasLGJXTM=
Received: by 10.140.135.19 with SMTP id i19mr1046391rvd.169.1218750183711; Thu, 14 Aug 2008 14:43:03 -0700 (PDT)
Received: by 10.141.37.3 with HTTP; Thu, 14 Aug 2008 14:43:03 -0700 (PDT)
Message-ID: <396556a20808141443y4524c5b7y35b5ce707db3b628@mail.gmail.com>
Date: Thu, 14 Aug 2008 14:43:03 -0700
From: "Adam Langley" <agl@imperialviolet.org>
To: "Joe Touch" <touch@isi.edu>
In-Reply-To: <48A4A2DE.3090400@isi.edu>
MIME-Version: 1.0
Content-Disposition: inline
References: <396556a20808111035s2b974233o1e9d3671e82e3350@mail.gmail.com> <48A465CC.8000402@isi.edu> <396556a20808141023s3abddc96u43b9e6e7898033ed@mail.gmail.com> <48A46BD3.4030408@isi.edu> <396556a20808141303k341599wfeef32d0841e9f76@mail.gmail.com> <48A491B9.3000209@isi.edu> <396556a20808141325u1e67c93co595eadeb3341539@mail.gmail.com> <48A4975D.3070303@isi.edu> <396556a20808141401of8ad149w5850e8dc552a9948@mail.gmail.com> <48A4A2DE.3090400@isi.edu>
X-Google-Sender-Auth: 3df826af29fe241e
Cc: tcpm@ietf.org
Subject: Re: [tcpm] SYN/ACK Payloads, draft 01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

On Thu, Aug 14, 2008 at 2:25 PM, Joe Touch <touch@isi.edu> wrote:
> So let's consider secure HTTP. That could have been done with a TCP
> option, but instead it was done in exactly the way you don't think works
> - - a new port, and a new URI prefix (https:). Initially, users needed to
> know what to type; eventually, that ended up being embedded in URLs on
> web pages people click anyway (e.g., search engine results).

HTTPS was slightly different because it had to be resistant to
downgrade attacks - it couldn't have been done as an option for that
reason.

However, I'd cite HTTPS as an example that new uri schemes don't work.
Despite widespread support, far too few people use it. There are other
user interaction problems with TLS (and all other secure protocols) to
be sure (user's will click past invalid certificate warnings etc), but
having to know what "https" is certainly one of them. (One's mother is
the canonical example here, but you can confirm this by asking random,
non-technical people)

> What you're *really* asking for is a way to send data from client to
> server BEFORE the TWHS completes. You talk about server-talks-first, but
> it's really the client speaking - by sending the option.

Hmm, yea. That's a fair view of matters. I'm sending a single bit from
the client in the SYN.

> I don't support the idea that doing this in TCP is appropriate just to
> get around deployment issues.

Ok. You've certainly understood the issues, so that's reasonable. If
others feel the same way I shall withdrawl the options request and
figure out another path.

Thanks for all your time, Joe.


AGL

-- 
Adam Langley agl@imperialviolet.org http://www.imperialviolet.org
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm