Re: [tcpinc] Selective protection of services provided by TCP headers

* Deadlock freedom and buffer space control. TCP implementations provide control over buffer space via socket options such as SO_SNDBUF and SO_RCVBUF. Applications should be able to send data simultaneously in both directions without deadlocking if the data fits in the specified

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On Tue, Nov 18, 2014 at 02:33:46AM +, Bob Briscoe wrote: I think the point Ekr (and Nico) are making is that TLS is really a control channel within the TCP Data, so if an app understands that distinction, it can preempt the handshake. Therefore it /can/ read and process such control

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On 11/18/2014 9:59 AM, Nico Williams wrote: On Tue, Nov 18, 2014 at 02:33:46AM +, Bob Briscoe wrote: I think the point Ekr (and Nico) are making is that TLS is really a control channel within the TCP Data, so if an app understands that distinction, it can preempt the handshake.

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On Tue, Nov 18, 2014 at 10:16:50AM -0800, Joe Touch wrote: On 11/18/2014 9:59 AM, Nico Williams wrote: On Tue, Nov 18, 2014 at 02:33:46AM +, Bob Briscoe wrote: I think the point Ekr (and Nico) are making is that TLS is really a control channel within the TCP Data, so if an app

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On 11/18/2014 10:46 AM, Nico Williams wrote: AFAICT that would require the specification of a new API over TCP; otherwise, you have to translate TLS's expectation of a reliable, byte-ordered stream into what TCP provides within TCP (which is neither). Not in the design I gave, which could

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On Tue, Nov 18, 2014 at 03:10:58PM -0800, Joe Touch wrote: I'm speaking of the private interface. Yes, it could be implementation-specific, but if you are intending to define a complete spec for using SSL over raw TCP segments you first have to explain what you expect from raw TCP segments.

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On Tue, Nov 18, 2014 at 04:02:32PM -0800, Joe Touch wrote: On 11/18/2014 3:51 PM, Nico Williams wrote: On Tue, Nov 18, 2014 at 03:10:58PM -0800, Joe Touch wrote: I'm speaking of the private interface. Yes, it could be implementation-specific, but if you are intending to define a complete

Re: [tcpinc] Selective protection of services provided by TCP headers

Scharf, Michael (Michael) michael.sch...@alcatel-lucent.com writes: * Deadlock freedom and buffer space control. TCP implementations provide control over buffer space via socket options such as SO_SNDBUF and SO_RCVBUF. Applications should be able to send data simultaneously in both

Re: [tcpinc] TCP-TLS latency SYN floods: kernel vs user-space

On Tue, Nov 18, 2014 at 05:31:54PM -0800, Joe Touch wrote: I think we're agreeing, but my concern is how much the early data handling by the system needs to be spec'd out, not just left to the implementation. Joe, No one is disagreeing with this.