On Fri, Aug 28, 2015 at 11:56 AM, David Mazieres < [email protected]> wrote:
> Eric Rescorla <[email protected]> writes: > > >> With RFC6544, could the controlling/controlled roles be used to break > >> ties? E.g., with TCP-ENO, could the controlling peer just always set > >> b=1? > > > > > > The problem is that there are situations where each side thinks it is > > controlling > > ("role conflicts"). RFC 5245 has the tiebreaker field to resolve this. > > But isn't the tie broken before probing the candidate addresses? I > thought the tie breaker was something that went in an SDP message or > something? No. The tiebreaker goes in the STUN checks. The issue is that it's possible to be in a situation where after the SDP exchange each side thinks it is controlling. > With respect to figure 12 in RFC5245, I was assuming the tie > breaker was sent in SDP1 or SDP2, which would occur before the TCP-SO. > But I admit I'm not very knowledgeable about ICE. > > Anyway, it's entirely possible that ICE could make setting the b bit a > pain, where a revised protocol could solve this problem (e.g., the > controller that causes this role conflict in the first place could just > assign the b bit). But since as you say, ICE itself doesn't want > TCPINC, this isn't a big deal. > I think we're finally getting to the place where we have been misunderstanding each other. We have some mechanism in the signaling which attempts to break the symmetry and assign one side as A and one as B. If that mechanism works, then no signaling in TCP is necessary. However, if that mechanism does not work, then you have three main choices: 1. Allow things to just fail. 2. Have a mechanism to detect failure and then fall back to ordinary TCP. This is what the "b" bit primarily does. You could also do this by having the negotiated security protocol detect that both sides thought they were (A) or (B) and then discard the handshake and fall back to ordinary TCP. 3. Have a mechanism to resolve the conflict. This is what a larger tiebreaker like the one in TCP-use-TLS or the one in ICE does. Does that seem like a fair summary of the situation? -Ekr Really, the goal of the "b" bit was just that if an application cares > enough to break the tie out of band, it should be able to use TCPINC > with TCP-SO. In this sense, TCP-ENO is shooting for a pretty minimal > goal, but at a pretty minimal cost as well (namely one bit). At a > higher level, we both agree "don't worry too much about SO". > > David >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
