[e2e] Re: [Tsvwg] Really End-to-end or CRC vs everything
else?
Hilarie Orman
HORMAN at volera.com
Tue Jun 12 12:32:16 PDT 2001
You could define an IPsec "universal" key for one of the keyed
hash algorithms and define a reserved security association using
that key that all hosts must support. Then you could have strong
error detection on any packet without any key distribution
overhead.
That's a lot of overhead for ACK's, though.
Hilarie
>>> <julian_satran at il.ibm.com> 06/12/01 11:17AM >>>
Christian,
But the point is that any protocol using in-stream check has to do it's own
recovery when TCP has already the whole recovery mechanism in place.
IPsec is offering a protection mechanism at a level that enables the stack
to
throw away offending packets. Should everybody wanting a decent data
integrity check use IPsec? Perhaps - as in a year or two there will be no
substantial penalty in hardware for doing it. But I don't feel like this
is the right answer.
Julo
"Christian Huitema" <huitema at windows.microsoft.com> on 12-06-2001 19:05:38
Please respond to "Christian Huitema" <huitema at windows.microsoft.com>
To: "David P. Reed" <dpreed at reed.com>, "Douglas Otis"
<dotis at sanlight.net>, "Jonathan Stone" <jonathan at DSG.Stanford.EDU>,
"Craig Partridge" <craig at aland.bbn.com>
cc: tsvwg at ietf.org, "end2end" <end2end-interest at postel.org>
Subject: RE: [e2e] Re: [Tsvwg] Really End-to-end or CRC vs everything
else?
> From: David P. Reed [mailto:dpreed at reed.com]
>
> >What is at stake here is whether we want a safety belt or an alarm
bell.
>
> I would argue that the current TCP isn't a very good alarm bell,
because
> it
> doesn't detect too-smart-for-their-own-good, friendly "adversaries"
(such
> as NATs that recompute the entire checksum correctly after making
serious
> changes to the contents) that inadvertently weaken the detection.
> Note that, if you really follow the e2e argument, this
> >is OK: the only way to be certain that the back-up went well is by
> >computing a strong checksum over the whole volume, not by trusting
TCP.
>
> Indeed. But then the IETF ought to spread the gospel to the folks who
are
> responsible for FTP and SMTP, for example. These poor souls typically
> believe that TCP provides a *reliable* stream, where the word reliable
is
> implicitly defined as *perfect*.
As Vernon pointed out, this is exactly what SSL/TLS gives you: a strong
checksum on top of TCP. It is actually commonly used in the
"continuously running applications" that Julo mentioned in his message.
I would expect these applications to do something smart when the SSL/TLS
checksum fails.
> >In fact, it is all a matter of probabilities and arbitrations. The
> >transmission system should be good enough that the backup is OK most
of
> >the time, so that the e2e checksum (volume) only fails rarely, so
that
> >the cost of correction is acceptable...
>
> I assume you mean by transmitting the whole file again.
That, or some form of divide and conquer. It is again a matter of
probabilities and arbitrations, whether or not you want to "optimize the
error cases."
-- Christian Huitema
More information about the end2end-interest
mailing list