[e2e] Re: [Tsvwg] Really End-to-end or CRC vs everything else?

[David P. Reed]

At 09:31 PM 5/24/01 -0700, you wrote:
>As best i follow it, doing checksums "down in some nic" is exactly
>what the iscsi group (and less so sctp) are proposing.

IMO, that would be *very* bad.  Craig Partridge told me that in studying 
sources of checksum errors observed on the Internet, a frequent source was 
in the data transfer between the host memory and the NIC card, where 
synchronization problems caused data to be lost with non-trivial probability.


>But *why* is crc32 thought to be better than a 32-bit mod-2^32
>checksum or a fletcher checksum with two 16-bit halves?
>A citation would be wonderful.

Why seems to be because the types of errors that won't be detected are 
fewer.  But this depends on an "error model", and I'm not convinced that 
any error model really applies to an Internet case, where the channel 
characteristics are not known, and may change as new router and switch 
designs are added (those being the likely source of most errors).


>[... md5 as an error-check function to defeat would-be middleboxers...]
>
>If you put that in the transport layer, won't that makes communication
>without a shared-secret impossible? At least without using some other
>transport protocol, to bootstrap a D-H or SPEKE or other initial key exchange.

An "open secret" could be used when you don't have a shared secret (that 
is, you could use something like a key transmitted in the connection open 
packet, which would still protect you from middleboxers in many cases, 
since they don't necessarily maintain per-connection state).  But the 
details can be worked out on a per-application basis.  This was not 
intended to be a fully baked design, but instead just an aspiration level 
derived from thinking about a larger set of end-to-end data integrity issues.


- David
--------------------------------------------
WWW Page: http://www.reed.com/dpr.html