Re: [tcpm] Faster application handshakes with SYN/ACK payloads

"Adam Langley" <> Thu, 31 July 2008 21:19 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id E4D2228C21A; Thu, 31 Jul 2008 14:19:17 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1AFCC28C2BF for <>; Thu, 31 Jul 2008 14:19:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Egzx2UJuTZ8t for <>; Thu, 31 Jul 2008 14:19:16 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5751F28C15E for <>; Thu, 31 Jul 2008 14:19:16 -0700 (PDT)
Received: by with SMTP id b25so654901rvf.49 for <>; Thu, 31 Jul 2008 14:19:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=JnulgKJC5vGOfx7koCz7V8NXYj/D9qfOL1MQa0i29Ao=; b=dbd0t/w1TTAaKAnJleTzs0j6MyPpAllb4Y9ES5l8sOEIeKXmYChV04VWGNvl1VvIRI KXhnRbljcMUe9ZFulfjW9Mj+ASdTqKFfb7VaU7hq2F1TeVr518ORFItbYbCp1KD5iq2j GgSIrsPUAnPRf/fGsUZj+iysB20IEdijRTlDU=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=ltDYeDqWQgP8iPZ4n+H33cCSdE2VBD0dK1zBpyxDCk0OwITwQexX0UTF1EX+VL4ZCA OhIg9zIuQVwFR/f2E7YF8ZD415o4/NnMh18muxRhF4xoH0xlvx4LHqChB7yyZ0gkZkiu xcCO5vknB3nPxgb6NRNm1IWqWSdkuI3f60Q24=
Received: by with SMTP id m3mr5542885rvp.40.1217539174716; Thu, 31 Jul 2008 14:19:34 -0700 (PDT)
Received: by with HTTP; Thu, 31 Jul 2008 14:19:34 -0700 (PDT)
Message-ID: <>
Date: Thu, 31 Jul 2008 14:19:34 -0700
From: Adam Langley <>
To: Murali Bashyam <>
In-Reply-To: <>
MIME-Version: 1.0
Content-Disposition: inline
References: <> <>
X-Google-Sender-Auth: c93527cc8089a800
Subject: Re: [tcpm] Faster application handshakes with SYN/ACK payloads
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Thu, Jul 31, 2008 at 2:07 PM, Murali Bashyam <> wrote:
> There are firewalls that drop SYN packets carrying payload, since it's
> considered anomalous behaviour (rightly so given today's end-user
> behaviour). Doesn't that defeat the purpose here? I suppose TCP options have
> been explored and ruled out for some reason?

See the section "Can't you fit the client's public value in the SYN?"
for a discussion about using options space for this.

Middleware is a quotidian worry for these sorts of proposals. I'm not
proposing that a payload be carried in the SYN packet, but rather the
SYN/ACK packet. However, you may have meant all packets with a SYN
flag set.

The spec talks about how to back off in the face of such middleware,
and I believe that's the best that can be done. Since this is an
opportunistic protocol, detection and downgrade at the client is fine.
My current implementation doesn't do it yet, but will if there's any
call for it.



Adam Langley
tcpm mailing list