On 3/11/2015 10:41 AM, Gregory Maxwell wrote:
> On Wed, Mar 11, 2015 at 5:33 PM, Joe Touch <[email protected]> wrote:
>> Tero,
>>
>> Although I can't disagree with your assessment of the direct discussion
>> on protecting TCP headers, the conclusion below seems to ignore the
>> discussion on "Forcing the restart of a TCPINC connection".
>>
>> I wonder how people think their solution will magically protect against
>> forced restarts if the TCP header isn't included.
>
> I agree.
>
> I don't think "don't protect the headers" is an accurate description
> of Honolulu if it also leaves the system exposed to resets, as there
> clearly was a fair amount of concern expressed about spurious resets.
And, FWIW, I posted twice a solution that works (from TCP-AO). That
solution, again:
1) protect the headers
which protects against restarts
during an active connection
this alone leaves stale connections holding up
ports, though - because the other end might not be
able to send a keyed RST after a restart
2) use keep-alive
to force idle connections to be dropped by
both ends without needing a key
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
