On 7/27/2016 8:27 AM, Spencer Dawkins at IETF wrote: > Hi, Joe, > > On Wed, Jul 27, 2016 at 10:18 AM, Joe Touch <[email protected] > <mailto:[email protected]>> wrote: > > Olle, > > On 7/27/2016 5:41 AM, Olle E. Johansson wrote: > > ... > > > > This mess caused me sadly to suggest that we need to discuss > breaking the assumption that TCP delivery is always reliable > > and implement retransmits even over TCP in the STUN protocol. > STUN was designed to discover middleboxes > > with a focus on NAT. This is just another middle box to discover. > None of this is news. One of the "features" of middleboxes is > "transparent" TCP relaying. That device always destroys TCP reliable > delivery semantics. > > This has been known since the mid 90s'. > > > Right. IIRC, you and I were part of a number of conversations about > this in PILC, while working on https://www.ietf.org/rfc/rfc3135.txt.
Yup - I'm just observing that this (mis)behavior has been seen in the wild since the mid 90s. It was the topic of much discussion at the Web Caching Workshops of that era. > > My reason for asking Olle to bring this forward is that we're having a > lot of conversations (starting at the IAB > with https://www.iab.org/activities/workshops/marnew/ and headed > toward IETF working groups) with wireless carriers about encryption > and about UDP-based transports, and I wanted to level-set on what > people are (still) seeing these days. Sure - my point is that the term "transparent proxy" is common, and ALL such animals break TCP semantics *by design*. Yes, it's possible to recover TCP semantics at a higher layer using transaction confirmations, but that just sets up a game of mutual escalation - once you do that, someone will invent a transparent transaction proxy and you'll be back where you started. IMO, transparent proxies should be considered the errors the are, detected, and removed. Joe > Spencer > > > The challenge with STUN has always been that many middleboxes *do not > want to be found*. > > > The bigger picture is even more scary - what happens if our > reliable transport suddenly no longer is reliable? > > > > One developer from a well known mobile system vendor said “well, > I guess that using TLS may help”… > > Ask them *how* they think TLS helps. TLS relies on TCP semantics. > > Joe > >
