On 7/28/2014 6:52 AM, Eggert, Lars wrote:
On 2014-7-28, at 15:28, Eric Rescorla <[email protected]> wrote:
On Mon, Jul 28, 2014 at 6:08 AM, Derek Fawcus
<[email protected]> wrote:
Yes. At least the RST flag.
Unfortunately RST is precisely the situation that's most problematic,
because it's also how the other side behaves when it has lost state,
perhaps due to a reboot.
+1
Protecting the RST is therefore probably impossible.
I disagree. There are at least two viable approaches:
1) require TCP keepalive and block unprotected RSTs
this is TCP-AO's approach
2) block unprotected RSTs *unless* the connection is active
i.e., any correct TCP packet resets a short timer,
so that the connection allows RSTs only when the
timer expires
FWIW, that timer can be a few seconds - i.e., the time it would take for
a reboot.
#1 requires idle connections to be active and blocks all unprotected
RSTs, but cuts a connection (and cleans up state) whenever a connection
goes completely cold
#2 allows connections to go cold, but makes them susceptible to
middlebox RSTs during that time
I think #1 makes more sense for things like BGP and #2 is more useful in
the common case, but an implementation can easily allow #2 as the
default and #1 to be a configuration option.
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
