On 7/6/2017 1:41 AM, Dragoș Niculescu wrote: > ----- On Jul 5, 2017, at 7:59 PM, Joe Touch [email protected] wrote: > >> On 7/5/2017 9:39 AM, Vladimir Olteanu wrote: >> >> >> It can also be stacked as many times as desired for arbitrarily long proxy >> chains. However: >> * We avoid using the SYN's payload as extra option space (which, I think, >> goes >> against TCP's core philosophy). >> >> [Med] This is also true for MP_CONVERT Information Element which is not a TCP >> option, but a data supplied for proxy purposes in the SYN payload. >> Fair enough, but this is not a purely layer 5+ protocol. It seems that you >> are >> strongly tied to TFO (between the client and the proxy). MP_CONVERT must be >> part of the SYN's payload, because the following SYN+ACK depends on the >> contents of MP_CONVERT and signals that the remote server has accepted your >> connection. >> The biggest impact of including non-data information in the SYN payload area >> is >> that it completely defeats graceful fallback for SYN receivers that don't >> support the option. As you note, it can be *more* safe when tied to >> out-of-band >> context (e.g., prior TFO support), but TCP has NO requirement that such >> context >> is absolutely maintained across different connections. You might be speaking >> to >> a different stack or demuxed off to a different virtual host behind a load >> balancer. >> >> Ultimately, putting any non-data info in the SYN payload violates the >> requirement that TCP options can be ignored by receivers that don't support >> them *without* impacting the ability of *that* connection attempt to succeed. >> >> Joe > SOCKSv6 proposal makes use of extra data in the SYN (SOCKS data, and user > data), but > its correctness and backward compatibility does not depend on TFO, only its > RTT performance. > In fact, when TFO is not available neither between client and proxy, nor > between proxy and > server the SOCKSv6 RTT is still lower than SOCKSv4 and SOCKSv5. But TFO is > likely to be the most > common case in the future - Linux kernel has TFO client side on by default > since 3.12 > (November 2013)[1], and it seems to be the default in all Android phones and > default > Linux installs. What happens with a legacy receiver?
Joe _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
