lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1e41a3230811071038p58a55cc6g9103b891ca15a1df@mail.gmail.com>
Date:	Fri, 7 Nov 2008 10:38:26 -0800
From:	"John Heffner" <johnwheffner@...il.com>
To:	"David Newall" <davidn@...idnewall.com>
Cc:	"Alan Cox" <alan@...rguk.ukuu.org.uk>,
	"Dave Hudson" <linux-kernel@...eteddy.net>,
	"Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi>,
	"Mikael Abrahamsson" <swmike@....pp.se>,
	"David Miller" <davem@...emloft.net>, daniel.blueman@...il.com,
	LKML <linux-kernel@...r.kernel.org>,
	Netdev <netdev@...r.kernel.org>, linux-net@...r.kernel.org
Subject: Re: time for TCP ECN defaulting to on?

The IETF has provided a spec, and additional documents on deployment
issues.  They have provided all the guidance they are going to.  It's
now up to implementers to weigh the trade-offs.

My own observations and opinions, for what they're worth:

Turning on ECN doesn't hurt as much as it used to.  Back in the early
'00s, there were a lot of devices sold especially to financial
institutions to "protect" their web sites.  These devices dropped any
packets with (previously) reserved header bits set, because some
people used these as a covert information channel.  I believe these
devices are not as common as they once were, but there are still a few
big sites that black hole these packets.  (I know that southwest.com
is still an offender.)

I have not actually heard of any issues with consumer-grade stuff, but
that may be because ECN has been disabled by default for so long.

Almost no network operators turn on ECN marking in their routers.  In
fact, almost none care to do any sort of AQM.  The practical benefits
of ECN are still somewhat unclear for most people.  For example, it
can help with latency-sensitive applications, but mostly requires a
big queue to work well, so doesn't help as much as you would hope.
There are some interesting ideas on how to better use ECN information,
but these are mostly still research.

ECN black hole detection is pretty simple, and I don't see much reason
not to do it.

  -John


On Fri, Nov 7, 2008 at 6:45 AM, David Newall <davidn@...idnewall.com> wrote:
> Isn't this a question for the IETF to answer?  Are they saying turn on
> ECN now?
> --
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ