lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1424977824.5565.175.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Thu, 26 Feb 2015 11:10:24 -0800
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Rick Jones <rick.jones2@...com>
Cc:	Stephen Hemminger <stephen@...workplumber.org>,
	netdev@...r.kernel.org, Yuchung Cheng <ycheng@...gle.com>,
	rueth@...sys.rwth-aachen.de
Subject: Re: Fw: [Bug 93901] New: TCP Fast Open uses

On Thu, 2015-02-26 at 09:58 -0800, Rick Jones wrote:
> On 02/26/2015 08:13 AM, Eric Dumazet wrote:
> > This is work in progress at Google, of course.
> >
> > Classic chicken and egg problem ;)
> 
> Does it need to be any more complicated than a sysctl which enables 
> accepting an alternate (the experimental) option value in addition to 
> the assigned, to be enabled (perhaps by default for a release or three) 
> for the server side, and then just switching the active connection 
> establishment side to the assigned number?
> 
> If the server is "old" and using the experimental version, the only 
> thing that will happen is the clients using the standardized version 
> will end-up falling back on the classic three-way handshake.  That 
> doesn't seem so bad.  Particularly since that option value was 
> "experimental" after all and presumably then not really meant for 
> "production" purposes :)

Really, if you are eager to see this coming, you could send a patch.

Or simply wait for the work being done by a Googler ;)

<quote Google-Bug-Id: 19264158 >

Add support to use RFC7413 option (34) for TCP Fast open while
supporting the old/current experimental option format. The idea is
a new client will request fast open cookie using option 34 
if the SYN-ACK contains TFO cookie with option 34. everything works out.
otherwise, the client retries the cookie request with the exp option in
the subsequent TFO connection attempt. if the server grants the cookie,
records the destination is an old server for the next (30?) days.
a new  server will respond TFO cookie based on the option number used in
cookie request.

</quote>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ