idnits 2.17.1 

draft-gont-tcpm-tcp-auto-option-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3667, Section 5.1 on line 15.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 304.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 280.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 287.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 293.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     311), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 37.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        By submitting this Internet-Draft, I certify that any applicable patent
        or other IPR claims of which I am aware have been disclosed, or
        will be disclosed, and any of which I become aware will be
        disclosed, in accordance with RFC 3668.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack a Security Considerations section.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

     The document has an RFC 3978 Section 5.2(a) Derivative Works Limitation
     clause.
  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (May 19, 2004) is 7279 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC  793 (ref. '1') (Obsoleted by RFC 9293)

  ** Obsolete normative reference: RFC 2434 (ref. '4') (Obsoleted by RFC 5226)


     Summary: 9 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Network Working Group                                            F. Gont
2	Internet-Draft                                                   UTN FRH
3	Expires: November 19, 2004                                  May 19, 2004

5	               TCP Adaptive User TimeOut (AUTO) Option
6	                draft-gont-tcpm-tcp-auto-option-00.txt

8	Status of this memo

10	   By submitting this Internet-Draft, I certify that any applicable
11	   patent or other IPR claims of which I am aware have been disclosed,
12	   and any of which I become aware will be disclosed, in accordance with
13	   RFC 3668. This document may not be modified, and derivative works of
14	   it may not be created, except to publish it as an RFC and to
15	   translate it into languages other than English.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups.  Note that
19	   other groups may also distribute working documents as
20	   Internet-Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time.  It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at
28	   http://www.ietf.org/1id-abstracts.html.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on November 19, 2004.

35	Copyright Notice

37	      Copyright (C) The Internet Society (2004). All Rights Reserved.

39	Abstract

41	   The original TCP specification (RFC 793) defines a "USER TIMEOUT"
42	   parameter that sets the policy as to when a user connection should be
43	   aborted. However, TCP provides no means of letting users suggest an
44	   abort policy to a remote peer dynamically. Even though a fixed policy
45	   may work well in many cases, there are a number of scenarios where a
46	   fixed USER TIMEOUT value may be inappropriate, and some means of
47	   setting the abort policy dynamically may be necessary for TCP to be
48	   used effectively in such scenarios. This document defines a new TCP
49	   option, which lets a TCP peer suggest a USER TIMEOUT value to a
50	   remote TCP during the connection-establishment phase, and modify it
51	   during the life of a connection, thus adapting TCP's connection-abort
52	   policy as necessary.

54	1. Introduction

56	   The original TCP specification [1] defines a USER TIMEOUT parameter,
57	   which sets the policy as to when a connection should be aborted. This
58	   parameter is usually set on a per-system basis, and there is no way
59	   for a TCP to suggest a value of USER TIMEOUT to be used for a
60	   connection by a remote peer.

62	   Even though having such a fixed policy may work well in many cases,
63	   there are scenarios in which the default USER TIMEOUT may be
64	   inappropriate. For example, a mobile host connected to a network by
65	   means of a wireless link may experience transient periods of
66	   disconnection that may be longer than the USER TIMEOUT selected by
67	   the remote peer. Another possible scenario is the development of
68	   high levels of congestion during the life of a connection.
69	   In such cases, valid connections may be aborted due to an incorrect
70	   abort policy.

72	   This document defines a new TCP option that lets TCP implementations
73	   suggest a USER TIMEOUT value during the connection-establishment
74	   phase, and modify it during the life of a connection, thus adapting
75	   TCP's connection-abort policy as necessary.

77	2. Conventions

79	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
80	   NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
81	   "OPTIONAL" in this document are to be interpreted as described in
82	   RFC 2119 [2].

84	3. Option Format

86	    0                   1                   2                     3
87	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
88	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
89	   |     Kind = X  |   Length = 4  |G|        User Timeout         |
90	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

92	        Note that one tick mark represents one bit position

94	           Figure 1: Adaptive User Timeout Option Format

96	   Each field is to be interpreted as follows:

98	   Kind: 8 bits
99	      This is the "Kind" field as specified in [1]. The "X" in Figure 1
100	      is an option number to be assigned by IANA upon publication of
101	      this document (see Section 7)

103	   Length: 8 bits
104	      This is the "Length" field as specified in [1]. Its value is 4
105	      (the option length).

107	   G: 1 bit
108	      This is the "Granularity" bit. It indicates the granularity of the
109	      "User Timeout" field. When set, the time interval in the "User
110	      Timeout" field MUST be interpreted as being specified in minutes.
111	      Otherwise, the time interval in the "User Timeout" field MUST be
112	      interpreted as being specified in seconds.

114	   User Timeout: 15 bits
115	      This field, together with the Granularity bit, specifies the USER
116	      TIMEOUT suggested by the remote peer for this connection. It MUST
117	      be interpreted as a 15-bit unsigned integer. The units of this
118	      field are specified by the "G" bit.

120	3. Operation

122	   TCP implementations supporting the Adaptive User TimeOut (AUTO)
123	   Option MUST set this option during the connection-establishment phase
124	   (in segments with the SYN control bit set) to indicate the suggested
125	   USER TIMEOUT value to be used for the connection.

127	   A TCP MAY also use this option during the life of a connection, to
128	   suggest an a new value for the USER TIMEOUT parameter, thus adapting
129	   it to the current network conditions. For example, this option could
130	   be set by a TCP peer that is notified of congestion by means of
131	   ECN [5].

133	   The setting of this option means "I suggest we use a USER TIMEOUT
134	   of X". The value of "X" may be larger or smaller than the default
135	   USER TIMEOUT (see Section 4).

137	   Hosts SHOULD impose upper and lower limits on the USER TIMEOUT. A
138	   discussion of these limits can be found in Section 5.

140	   Each TCP will adopt a USER TIMEOUT as defined by equation (1):

142	   USER_TIMEOUT = min( ULimit, max(localAUTO, remoteAUTO, LLimit))   (1)

144	   USER_TIMEOUT:
145	      USER TIMEOUT value to be adopted by the local TCP for this
146	      connection.

148	   Ulimit:
149	      The upper limit imposed by this host for the USER TIMEOUT.

151	   Llimit:
152	      The lower limit imposed by this host for the USER TIMEOUT.

154	   localAUTO:
155	      The "USER TIMEOUT" value suggested by the local TCP by means of
156	      the AUTO Option.

158	   remoteAUTO:
159	      The "USER TIMEOUT" value suggested by the remote TCP peer by means
160	      of the AUTO Option.

162	   The adopted USER TIMEOUT SHOULD be used only for connections that are
163	   in one of the synchronized states (ESTABLISHED, FIN-WAIT-1,
164	   FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK or TIME-WAIT).

166	   Note that the USER TIMEOUT is not negotiated in any way. Each peer
167	   just "suggests" what USER TIMEOUT should be adopted for the
168	   connection. As can be inferred from the equation above, each peer may
169	   end up adopting a different timeout value.

171	4. Range of valid values

173	   The User Timeout Option allows a TCP peer to suggest USER TIMEOUT
174	   values ranging, in principle, from 0 seconds to about 22.76 days.
175	   However, implementations SHOULD impose limits on the USER TIMEOUT
176	   values actually adopted. A discussion of these limits can be found
177	   in Section 5.

179	5. System limits on the USER TIMEOUT

181	   Implementations SHOULD impose an upper limit (Ulimit) and a lower
182	   limit (Llimit) on the value of the USER TIMEOUT. These limits could,
183	   for example, be set on a per-host or per-user basis.

185	   Furthermore, these limits need not be fixed. For example, they MAY
186	   be a function of the system resources that are available when the
187	   USER TIMEOUT is to be selected for a connection.

189	   The Host Requirements RFC [3] does not impose any limits for the USER
190	   TIMEOUT. However, a time interval of at least 100 seconds is
191	   RECOMMENDED. Thus, the lower limit (LLimit) should be set to at least
192	   100 seconds. As for the upper limit (ULimit), note that setting it to
193	   low values may reduce the functionality of the AUTO Option.

195	6. Interoperability issues

197	6.1 Firewalls

199	   Stateful firewalls are known to reset connections after some fixed
200	   period of inactivity is detected. In case there is such a firewall
201	   between the TCP peers, then, regardless of the use of the AUTO
202	   Option, connections may be lost due to the firewall policy.

204	6.2 TCP Keep-alive mechanism

206	   In case a TCP peer enables the TCP Keep-alive mechanism for a
207	   connection that is using the AUTO Option, then the Keep-alive timer
208	   MUST be set to a value larger than that of the adopted USER
209	   TIMEOUT (specified by Equation 1).

211	7. IANA Considerations

213	   This section is to be interpreted according to [4].

215	   This document does not define any new namespaces. It uses an 8-bit
216	   TCP option number maintained by IANA at
217	   http://www.iana.org/assignments/tcp-parameters.

219	8. Security Implications

221	   Use of the AUTO Option implies that the adopted USER TIMEOUT be
222	   larger than the default USER TIMEOUT. This could cause a host to
223	   maintain state for a connection for a longer period of time than if
224	   the default USER TIMEOUT were used. An attacker could try to exhaust
225	   resources on the target host by establishing lots of connections
226	   and aborting them without signalling this to the attacked host's TCP.
227	   However, it must be noted that the same type of attack could be
228	   performed even if the default "USER TIMEOUT" is being used, since TCP
229	   requires no message exchange in order to keep a connection open.
230	   In any case, the system limits discussed in Section 5 would serve
231	   as a counter-measure against attackers trying to exploit the AUTO
232	   option for this type of attack.

234	9. Author's address

236	   Fernando Gont
237	   Evaristo Carriego 2644
238	   1706, Haedo
239	   Provincia de Buenos Aires
240	   ARGENTINA

242	   Phone:  +54 011 4650 8472
243	   E-Mail: fernando@gont.com.ar

245	10. Acknowledgements

247	   The author wishes to thank Michael Kerrisk for contributing many
248	   valuable comments.

250	11. References

252	11.1 Normative References

254	   [1] Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
255	       September 1981.

257	   [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
258	       Levels", BCP 14, RFC 2119, March 1997.

260	   [3] Braden, R., "Requirements for Internet Hosts - Communication
261	       Layers", STD 3, RFC 1122, October 1989.

263	   [4] Narten, T., Alvestrand, H., "Guidelines for Writing an IANA
264	       Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

266	11.2 Informative References

268	   [5] Ramakrishnan, K., Floyd, S., Black, D., "The Addition of Explicit
269	       Network Notification (ECN) to IP", RFC 3168, September 2001.

271	Intellectual Property Statement

273	   The IETF takes no position regarding the validity or scope of any
274	   Intellectual Property Rights or other rights that might be claimed
275	   to pertain to the implementation or use of the technology
276	   described in this document or the extent to which any license
277	   under such rights might or might not be available; nor does it
278	   represent that it has made any independent effort to identify any
279	   such rights. Information on the procedures with respect to
280	   rights in RFC documents can be found in BCP 78 and BCP 79.

282	   Copies of IPR disclosures made to the IETF Secretariat and any
283	   assurances of licenses to be made available, or the result of an
284	   attempt made to obtain a general license or permission for the use
285	   of such proprietary rights by implementers or users of this
286	   specification can be obtained from the IETF on-line IPR repository
287	   at http://www.ietf.org/ipr.

289	   The IETF invites any interested party to bring to its attention
290	   any copyrights, patents or patent applications, or other
291	   proprietary rights that may cover technology that may be required
292	   to implement this standard. Please address the information to the
293	   IETF at ietf-ipr@ietf.org.

295	Disclaimer of Validity

297	   This document and the information contained herein are provided
298	   on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
299	   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
300	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
301	   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
302	   THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
303	   ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
304	   PARTICULAR PURPOSE.

306	Copyright Statement

308	   Copyright (C) The Internet Society (2004). This document is
309	   subject to the rights, licenses and restrictions contained in BCP
310	   78, and except as set forth therein, the authors retain all their
311	   rights.