[Tsvwg] Port Randomization issues summary
Joe Touch <touch@ISI.EDU> Thu, 28 May 2009 14:33 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E062F3A6D91 for <tsvwg@core3.amsl.com>; Thu, 28 May 2009 07:33:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.531
X-Spam-Level:
X-Spam-Status: No, score=-2.531 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOi1QLjeobSV for <tsvwg@core3.amsl.com>; Thu, 28 May 2009 07:32:56 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 7D5A23A6884 for <tsvwg@ietf.org>; Thu, 28 May 2009 07:32:56 -0700 (PDT)
Received: from [192.168.1.46] (pool-71-106-86-44.lsanca.dsl-w.verizon.net [71.106.86.44]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n4SEYGQm017461; Thu, 28 May 2009 07:34:17 -0700 (PDT)
Message-ID: <4A1EA0E7.4050309@isi.edu>
Date: Thu, 28 May 2009 07:34:15 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Joe Touch <touch@ISI.EDU>
References: <20090415033307.F00C0CD585E@lawyers.icir.org> <4A037030.6040107@isi.edu> <0C53DCFB700D144284A584F54711EC58074EEED6@xmb-sjc-21c.amer.cisco.com> <4A1AB6EE.5080900@gont.com.ar> <0C53DCFB700D144284A584F54711EC58074EEF11@xmb-sjc-21c.amer.cisco.com> <4A1BF56D.3020709@isi.edu> <0C53DCFB700D144284A584F54711EC58074EF74C@xmb-sjc-21c.amer.cisco.com> <4A1D6F4E.2080005@isi.edu> <0C53DCFB700D144284A584F54711EC58075636B3@xmb-sjc-21c.amer.cisco.com> <4A1E10B9.3040408@isi.edu> <0C53DCFB700D144284A584F54711EC5807563761@xmb-sjc-21c.amer.cisco.com> <4A1E9922.2080007@isi.edu>
In-Reply-To: <4A1E9922.2080007@isi.edu>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tsvwg <tsvwg@ietf.org>, "James Polk (jmpolk)" <jmpolk@cisco.com>, "Anantha Ramaiah (ananth)" <ananth@cisco.com>, Fernando Gont <fernando@gont.com.ar>, mallman@icir.org
Subject: [Tsvwg] Port Randomization issues summary
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2009 14:33:02 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Taking a step back, I thought it would be useful to summarize the key issues of this discussion (IMO): 1) randomizing connection IDs helps protect against blind attacks - but ultimately the only way to avoid old segments from interfering with new connections is to keep state - randomness requires keeping more state at the endpoints than sequential use of the ID space 2) keeping state at the endpoints is costly - large ID space helps with #1, but can end up amplifying storage costs when IDs have no lifetime of "no reuse" 3) randomness is costly as SCTP demonstrated, asserting randomness may be better done by referring to existing separate definitions Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoeoOcACgkQE5f5cImnZrubKACg4TCe/eVcV7eSQGQtBJoKLJrb SCoAoOjKlOofslmobQFgWp1ynokIJXgN =jzbM -----END PGP SIGNATURE-----
- [Tsvwg] WGLC for Port Randomization starts now (A… James M. Polk
- Re: [Tsvwg] WGLC for Port Randomization starts no… Mark Allman
- Re: [Tsvwg] WGLC for Port Randomization starts no… Lars Eggert
- Re: [Tsvwg] WGLC for Port Randomization starts no… Lars Eggert
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- [Tsvwg] Fwd: WGLC for Port Randomization starts n… Lars Eggert
- Re: [Tsvwg] Fwd: WGLC for Port Randomization star… Anantha Ramaiah (ananth)
- Re: [Tsvwg] Fwd: WGLC for Port Randomization star… Fernando Gont
- Re: [Tsvwg] WGLC for Port Randomization starts no… Fernando Gont
- Re: [Tsvwg] Fwd: WGLC for Port Randomization star… Mark Allman
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Fernando Gont
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Mark Allman
- Re: [Tsvwg] WGLC for Port Randomization starts no… Fernando Gont
- Re: [Tsvwg] WGLC for Port Randomization starts no… Mark Allman
- [Tsvwg] title (was Re: WGLC for Port Randomizatio… Mark Allman
- [Tsvwg] table size (was Re: WGLC for Port Randomi… Mark Allman
- [Tsvwg] NATs (etc.) (was Re: WGLC for Port Random… Mark Allman
- [Tsvwg] interoperability (was Re: WGLC for Port R… Mark Allman
- [Tsvwg] algorithm 5 (was Re: WGLC for Port Random… Mark Allman
- [Tsvwg] lookup time (was Re: WGLC for Port Random… Mark Allman
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randall Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] title (was Re: WGLC for Port Randomiz… Fernando Gont
- Re: [Tsvwg] NATs (etc.) (was Re: WGLC for Port Ra… Fernando Gont
- Re: [Tsvwg] NATs (etc.) (was Re: WGLC for Port Ra… Mark Allman
- Re: [Tsvwg] interoperability (was Re: WGLC for Po… Fernando Gont
- Re: [Tsvwg] interoperability (was Re: WGLC for Po… Mark Allman
- Re: [Tsvwg] table size (was Re: WGLC for Port Ran… Fernando Gont
- Re: [Tsvwg] NATs (etc.) (was Re: WGLC for Port Ra… Fernando Gont
- Re: [Tsvwg] table size (was Re: WGLC for Port Ran… Mark Allman
- Re: [Tsvwg] interoperability (was Re: WGLC for Po… Fernando Gont
- Re: [Tsvwg] table size (was Re: WGLC for Port Ran… Fernando Gont
- Re: [Tsvwg] algorithm 5 (was Re: WGLC for Port Ra… Fernando Gont
- Re: [Tsvwg] lookup time (was Re: WGLC for Port Ra… Fernando Gont
- Re: [Tsvwg] WGLC for Port Randomization starts no… Brian F. G. Bidulock
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Fernando Gont
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- [Tsvwg] Port Randomization issues summary Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Brian F. G. Bidulock
- Re: [Tsvwg] WGLC for Port Randomization starts no… Brian F. G. Bidulock
- Re: [Tsvwg] algorithm 5 (was Re: WGLC for Port Ra… Mark Allman
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] WGLC for Port Randomization starts no… Michael Tüxen
- Re: [Tsvwg] WGLC for Port Randomization starts no… Anantha Ramaiah (ananth)
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Michael Tüxen
- Re: [Tsvwg] WGLC for Port Randomization starts no… Brian F. G. Bidulock
- Re: [Tsvwg] Port Randomization issues summary Fernando Gont
- Re: [Tsvwg] WGLC for Port Randomization starts no… Joe Touch
- Re: [Tsvwg] Port Randomization issues summary Joe Touch
- Re: [Tsvwg] WGLC for Port Randomization starts no… Randy Stewart
- Re: [Tsvwg] algorithm 5 (was Re: WGLC for Port Ra… Fernando Gont
- Re: [Tsvwg] Port Randomization issues summary Fernando Gont
- Re: [Tsvwg] Port Randomization issues summary Joe Touch
- Re: [Tsvwg] algorithm 5 (was Re: WGLC for Port Ra… Mark Allman
- Re: [tsvwg] [Tsvwg] lookup time (was Re: WGLC for… Mark Allman
- Re: [tsvwg] [Tsvwg] lookup time (was Re: WGLC for… Fernando Gont