On 11/6/2015 10:28 AM, David Mazieres wrote:
> Wednesday, Tero brought up the prospect of middleboxes reordering
> back-to-back unknown options.
You can be certain of three things:
- death
- taxes
- that middleboxes will do X, for all X
Someone, somewhere will come up with a justification for sorting,
reordering, reinserting, or otherwise messing things up.
IMO, there are two solutions to this:
1) run TCP as an application layer protocol inside vanilla
UDP or TCP (i.e., TCP with options inside TCP without)
this is basically where MPTCP went, burying some
signal info inside TCP's application data stream
2) use security that protects the TCP header
e.g., IPsec, TCP-AO, etc.
There is no third option. Putting mechanisms inside TCP options to
detect whether middleboxes alter them in unknown ways would be turning
TCP into a "network alteration probing" mechanism, which it is not.
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
