[p2p-hackers] IETF rejects Obfuscated TCP

Eric Rescorla ekr at networkresonance.com
Wed Aug 20 13:31:17 EDT 2008 

At Tue, 19 Aug 2008 20:57:33 -0700,
Alex Pankratov wrote:
> 
> CC'ing cryptography mail list as it may be of some interest to the 
> folks over there.
> 
> > -----Original Message-----
> > From: p2p-hackers-bounces at lists.zooko.com [mailto:p2p-hackers-
> > bounces at lists.zooko.com] On Behalf Of Lars Eggert
> > Sent: August 19, 2008 5:34 PM
> > To: David Barrett; theory and practice of decentralized computer
> > networks
> > Subject: Re: [p2p-hackers] IETF rejects Obfuscated TCP
> > 
> > On 2008-8-19, at 17:20, ext David Barrett wrote:
> > > On Tue, 19 Aug 2008 4:19 pm, Lars Eggert wrote:
> > >> Actually, in 1994, the IETF standardized Transactional TCP (T/TCP)
> > in
> > >> RFC1644, which allows just that. However, there are serious DDoS
> > >> issues with T/TCP which have prevented it seeing significant
> > >> deployment.
> > >
> > > Hm, I'm sorry I don't know the history there -- why is this more
> > > costly
> > > or abusive than SSL over standard TCP?  Is it due to something
> > > specific
> > > to SSL, or due to it a simple lack of congestion control on those
> > > first
> > > payloads?
> > 
> > 
> > The issue is unrelated to a specific kind of SYN payload (SSL or
> > otherwise.) The issue is that a SYN flood of SYNs with data consumes
> > much more memory on the receiver than a regular SYN flood, because the
> > receiver is obligated to cache the data if a T/TCP liveness check
> > fails. You can't use SYN cookies with data SYNs, either.
> 
> This is just a quick thought, but a variation of SYN cookies for TLS
> appears to be quite easy to do. It does require defining new record 
> type, but latter is permitted by TLS spec as per Section 6, RFC 2246.
> 
> The idea, obviously, is to include a copy of ClientHello message in a
> second batch of records sent by the client. This should allow server
> to generate ServerKeyExchange parameters from the original ClientHello
> message (ClientHello.random + IP/port quintet + server "cookie secret"),
> then discard ClientHello and delay creating the state .. exactly the
> same way SYN cookies mechanism does it.

May I ask what you're trying to accomplish? Recall that TLS doesn't
start until a TCP connection has been established, so there's
aready a proof of the round trip.

That said, a mechanism of this type has already been described
for DTLS (RFC 4347), so no new invention would be needed.

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list