idnits 2.17.1 draft-simpson-tcpct-api-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- -- The document has an IETF Trust Provisions (28 Dec 2009) Section 6.c(i) Publication Limitation clause. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 15 instances of too long lines in the document, the longest one being 2 characters in excess of 72. ** The abstract seems to contain references ([RFC6013]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (7 April 2011) is 4766 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 6013 (Obsoleted by RFC 7805) -- Obsolete informational reference (is this intentional?): RFC 5077 (Obsoleted by RFC 8446) Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT W A Simpson 3 DayDreamer 4 Intended status: Informational 7 April 2011 6 TCP Cookie Transactions (TCPCT) 7 Sockets Application Program Interface (API) 8 draft-simpson-tcpct-api-04 10 Abstract 12 TCP Cookie Transactions (TCPCT) [RFC6013] deter spoofing of | 13 connections and prevent resource exhaustion, eliminating Responder 14 (server) state during the initial handshake. The Initiator (client) 15 has sole responsibility for ensuring required delays between 16 connections. The cookie exchange may carry data, limited to inhibit 17 amplification and reflection denial of service attacks. 19 This document provides a sockets Application Program Interface (API) 20 to support "basic" and "advanced" TCPCT applications. TCP/IP 21 applications written using the sockets API have enjoyed a high degree 22 of portability. 24 Copyright Notice 26 Copyright (c) 2011 IETF Trust and the persons identified as the 27 document authors. All rights reserved. 29 This document is subject to BCP 78 and the IETF Trust's Legal 30 Provisions Relating to IETF Documents 31 (http://trustee.ietf.org/license-info) in effect on the date of 32 publication of this document. Please review these documents 33 carefully, as they describe your rights and restrictions with respect 34 to this document. 36 This document may not be modified, and derivative works of it may not 37 be created, except to format it for publication as an RFC or to 38 translate it into languages other than English. 40 Status of this Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute working 47 documents as Internet-Drafts. The list of current Internet-Drafts is 48 at http://datatracker.ietf.org/drafts/current. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . 1 58 1.1 Terminology . . . . . . . . . . . . . . . . . . . 1 59 2. sysctl . . . . . . . . . . . . . . . . . . . . . . . . . 1 60 3. Socket Option . . . . . . . . . . . . . . . . . . . . . 2 61 3.1 struct tcp_cookie_transactions . . . . . . . . . . 2 62 3.2 struct tcpct_full and struct tcpct_half . . . . . 5 63 3.3 more ... . . . . . . . . . . . . . . . . . . . . 6 64 ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . 6 65 IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . 6 66 SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . 6 67 NORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . . . . 7 68 INFORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . . . 7 69 CONTACTS . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 71 1. Introduction 73 This specification is based upon prior work product by the author for 74 a Linux implementation, and previous internal documents Copyright (C) 75 William Allen Simpson (2009-2011). 77 1.1. Terminology 79 The key words "MAY", "MUST, "MUST NOT", "OPTIONAL", "RECOMMENDED", 80 "REQUIRED", "SHOULD", and "SHOULD NOT" in this document are to be 81 interpreted as described in [RFC2119]. 83 2. sysctl 85 tcp_cookie_size - INTEGER 86 Default: 16. Maximum: 16. System default size of TCP Cookie 87 Transactions (TCPCT) option, that may be overridden by the TCPCT 88 socket option. Values greater than the maximum (16) are 89 interpreted as the maximum. Values greater than zero and less 90 than the minimum (8) are interpreted as the minimum. Odd values 91 are interpreted as the next even value. 93 When tcp_cookie_size is 0, the TCP stack will not send the Cookie 94 Option, and any incoming Cookie Option will be silently discarded. 96 When tcp_cookie_size is greater than 0, the TCP stack will always 97 send the Cookie Option, and any incoming Cookie Option will be 98 processed. This is most useful for single purpose systems, such as 99 DNS or HTTP servers. 101 Either case may be modified for each socket or connection. 103 tcp_syn_data_limit - INTEGER 104 Default: 496. Maximum: 496. System maximum amount of data 105 transmitted with the . 107 tcp_syn_ack_data_limit - INTEGER 108 Default: 80. Maximum: 1220. System maximum amount of data 109 transmitted with the . As a matter of security 110 policy, keep the initial setting small for most systems to avoid | 111 their use in amplification denial of service attacks. 113 Note that usage of -data requires the socket option. 115 As a matter of policy, these limits MAY be considerably smaller. 117 3. Socket Option 119 #define TCP_COOKIE_TRANSACTIONS 121 When this symbol is defined, the TCP Cookie Transactions (TCPCT) | 122 socket option is available. 124 3.1. struct tcp_cookie_transactions 126 /* for TCP_COOKIE_TRANSACTIONS (TCPCT) socket option */ 127 #define TCP_COOKIE_MIN 8 /* 64-bits */ 128 #define TCP_COOKIE_MAX 16 /* 128-bits */ 129 #define TCP_COOKIE_PAIR_SIZE (2*TCP_COOKIE_MAX) 131 /* Flags for both getsockopt and setsockopt */ 132 #define TCPCT_IN_ALWAYS (1 << 0) 133 #define TCPCT_OUT_NEVER (1 << 1) 135 #define TCPCT_IN_DATA (1 << 2) 136 #define TCPCT_OUT_DATA (1 << 3) 137 /* reserved for future use: bits 4 .. 6 */ 139 #define TCPCT_EXTEND (1 << 7) 140 #define TCPCT_RETAIN (1 << 15) + 142 /* Extended Option flags for both getsockopt and setsockopt */ 143 #define TCPCT_EXTEND_SIZE (0x7) /* mask */ 144 #define TCPCT_EXTEND_TS32 (0x1) /* default */ 145 #define TCPCT_EXTEND_TS64 (0x2) 146 #define TCPCT_EXTEND_TS128 (0x4) 148 /* TCP_COOKIE_TRANSACTIONS socket option header */ 149 struct tcp_cookie_transactions { 150 uint16_t tcpct_flags; 151 uint8_t tcpct_extended; 152 uint8_t tcpct_cookie_desired; 153 uint16_t tcpct_s_data_desired; 154 uint16_t tcpct_used; 155 }; 157 The structure is 64 bits. 159 tcpct_flags 161 TCPCT_IN_ALWAYS 162 Default: 0 (off). Silently discard any incoming or 163 that is missing the Cookie option. 165 TCPCT_OUT_NEVER 166 Default: 0 (off). Refuse to send (override) the Cookie option. 167 This supercedes any other settings to the contrary. 169 TCPCT_IN_DATA 171 getsockopt() 172 Indicates or data has been received. 174 setsockopt() 175 Ignored. 177 TCPCT_OUT_DATA 179 getsockopt() 180 Indicates or data has been sent on the 181 connection. 183 When tcpct_s_data_desired is zero, constant data was sent. 185 setsockopt() 186 Indicates or constant data MAY be sent; 187 tcpct_used contains the total number of bytes. 189 Do not wait for additional data before sending; 190 tcpct_s_data_desired MUST be zero. 192 Setting the data value only has utility for a Responder. + 193 Initiators MUST use tcpct_s_data_desired instead. 195 TCPCT_EXTEND 196 Indicates tcpct_extended field contains a non-default value. 198 TCPCT_RETAIN + 199 When this symbol is defined, the optional TCPCT Rapid Restart + 200 [TCPCTRR] feature is available. + 202 Default: 0 (off). Indicates TCPCT TCB SHOULD be retained for + 203 rapid restart. 205 Unused bits MUST be zero. 207 tcpct_extended 209 TCPCT_EXTEND_SIZE 210 Mask for Size field in Extended Option. If Size is set to an 211 unrecognized value (or zero), the TCP Timestamps Extended 212 Option MUST NOT be sent, and MUST be ignored upon receipt. 214 TCPCT_EXTEND_TS32 215 Use 32-bit timestamps extension (default). 217 TCPCT_EXTEND_TS64 218 Use 64-bit timestamps extension. 220 TCPCT_EXTEND_TS128 221 Use 128-bit timestamps extension. 223 If the TCPCT_EXTEND flag is not set (default), this field MUST be 224 ignored, but SHOULD be set to either the default value or zero. 226 tcpct_cookie_desired 227 Values: 0 (default), 8, 10, 12, 14, 16. Send the Cookie option 228 with the or . 230 Whenever this field is zero, use tcp_cookie_size instead. 232 tcpct_s_data_desired 233 Default: 0. The maximum amount of data transmitted with the 234 (up to tcp_syn_data_limit) or the (up to 235 tcp_syn_ack_data_limit). 237 Whenever this field is non-zero, wait for data before sending. 238 Unlike tcpct_cookie_desired, this field MUST be set explicitly; 239 there is no system value. 241 tcpct_used 242 Default: 0. Number of bytes used in the variable length data 243 value. 245 This header is optionally followed by variable length data. 247 3.2. struct tcpct_full and struct tcpct_half 249 /* TCP_COOKIE_TRANSACTIONS cookie values */ 250 struct tcpct_full { 251 struct tcp_cookie_transactions soh; 252 uint8_t tcpct_value[TCP_COOKIE_PAIR_SIZE]; 253 }; 255 struct tcpct_half { 256 struct tcp_cookie_transactions soh; 257 uint8_t tcpct_value[TCP_COOKIE_MAX]; 258 }; 260 The structures are a multiple of 64 bits. These are provided for 261 convenience, such as stack allocation. 263 tcpct_value 265 getsockopt() 266 The current cookie or cookie pair value; tcpct_used contains 267 the total number of bytes. Use tcpct_full. 269 For an established connection, tcpct_cookie_desired will 270 contain the cookie size. 272 setsockopt() 273 The constant cookie or cookie pair value; tcpct_used contains 274 the total number of bytes. Use tcpct_full or tcpct_half as 275 appropriate. 277 TCPCT_OUT_DATA is not set (MUST be zero). Any previously | 278 specified constant data is discarded. 280 To distinguish a maximal cookie from a minimal cookie pair, 281 tcpct_cookie_desired MUST equal tcpct_used or half of 282 tcpct_used. 284 Setting the cookie value only has utility for an Initiator, as 285 receipt of an Initiator cookie and calculation of the response 286 will replace the cookie pair in the Responder socket. 288 Unused bytes MUST be zero. 290 3.3. more ... 292 Acknowledgments 294 Andre Broido informally described utilizing cookies for Transport | 295 Layer Security (TLS) session identifiers, in place of the [RFC5077] 296 ticket. Rapid TLS session resumption would improve both latency and 297 privacy, but is beyond the scope of this specification. 299 IANA Considerations 301 This specification registers two new TCP options. These (previously 302 unpublished) options were specifically selected to avoid conflicts, 303 and IANA was advised in advance. 305 TCP Cookie Option 306 Kind: 31 307 Length: variable. 309 TCP Timestamps Extended Option 310 Kind: 32 311 Length: 4. 313 Notes: Kind 31 is a prime number, particularly appropriate for a 314 security enhancement. Kind 32 is a multiple of TCP Timestamps Option 315 (Kind 8); Kind 16 was already registered. 317 Security Considerations 319 First and foremost, the cookie exchange improves operational security 320 for vulnerable servers against flooding attacks. All other semantics 321 are subordinate. 323 TCPCT provides a number of new security mechanisms that need to be 324 accessible to applications. 326 Normative References 328 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 329 Requirement Levels", BCP 14, March 1997. | 331 [RFC6013] Simpson, W. A., "TCP Cookie Transactions (TCPCT)", | 332 January 2011. | 334 [TCPCTRR] Simpson, W. A., "TCPCT Rapid Restart", March 2011. | 335 http://tools.ietf.org/html/draft-simpson-tcpct-rr 337 Informative References 339 [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, 340 "Transport Layer Security (TLS) Session Resumption 341 without Server-Side State", January 2008. 343 Author's Address 345 Questions about this document can be directed to: 347 William Allen Simpson 348 DayDreamer 349 Computer Systems Consulting Services 350 1384 Fontaine 351 Madison Heights, Michigan 48071 353 William.Allen.Simpson@Gmail.com