Hi Jacob, I've read the draft. My concern is some middlebox update ISN (due to ISN randomizations or transparent proxy, etc). When ISN is modified, I don't know how TCP Stealth server can fall back to normal TCP.
According to ( http://dl.acm.org/citation.cfm?id=2068834 ), you might run into ISN modification around over 4%. In case of port 80, you'll see more modifications, which is over 15%. I'm not very sure if this ratio is too small to ignore. Also, I am hesitant to say that this draft is compatible with other standard RFCs. Please see RFC6528. Also, It is not compatible what RFC793 mentions on ISN. Thanks, -- Yoshi On Mon, Aug 18, 2014 at 5:50 AM, Jacob Appelbaum <[email protected]> wrote: > On 8/15/14, Scheffenegger, Richard <[email protected]> wrote: > > Hi, > > > > I just learned about an individual submission, which is probably of > interest > > not only to the members of these two WGs; > > > > http://tools.ietf.org/html/draft-kirsch-ietf-tcp-stealth-00 > > > > Hi, > > I'm one of the authors of the draft and I've cc'ed Christian who has > been one of the driving forces behind the draft. > > > > > On a first, casual glance, I am wondering if the authors have realized > all > > the implications of their suggestion; > > > > This article we wrote may be of interest to you: > > > http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-Internet-Colonization-2292681.html > (English) > > http://www.heise.de/ct/artikel/NSA-GCHQ-Das-HACIENDA-Programm-zur-Kolonisierung-des-Internet-2292574.html > (German) > > > There seem to be at least two or three major issues that compromise > either > > the working and stability of TCP, or work against the intended > > "stealthieness" of this modification (making it easy for an attacker to > > identify such sessions, provided he is able to actively interfere with > > segments in transit (ie. cause certain segments to be dropped). > > Could you expand on these thoughts a bit? > > > Nevertheless, it might be beneficial to discuss the generic idea in a > wider > > forum, among brighter minds than me. > > Thanks for bringing it up! > > All the best, > Jacob > > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
