[e2e] Inappropriate TCP Resets Considered Harmful

[Alex C. Snoeren]

Sally -

  I whole-heartedly agree with the spirit of the draft.  I wonder about
a particular suggestion, however:

   For firewalls that for some reason are required to reject traffic or
   options that they do not understand, this could be done without
   hindering the global deployment of new functionality in the Internet.
   For example, for firewalls that do not want to permit the use of
   Reserved flags in the TCP header, one possibility would be simply to
   clear these Reserved flags, without sending a reset [HPK01].

Depending on the semantics of the proposed use of the reserved flags
(which, of course, the firewall has no hope of knowing), this may be a
very dangerous operation.  It may be the case that these flags are not
idempotent, but instead interact with other portions of the packet.

While, for the particular case of ECN this has no negative impact, it
may for other extensions.  One could imagine, for example, negotiating a
TCP option which would allow the signaling of an important condition
using the reserved bits.  A firewall that selectively edits a packet,
possibly including non-SYN packets, (in this case, zeroing the reserved
bits, but passing through unknown options) could wreck havoc.  The end
points would successfully negotiate the new option, unaware any attempt
to use the bits to signal would silently be suppressed by the firewall.

Hence, while I know of no particular proposed extension that this would
break, I am loath to recommend the silent editing of packets in
flight--this seems equally non-compliant.

- Alex

-- 
NMS / PDOS Groups
MIT Laboratory for Computer Science
545 Technology Square, NE43-512, Cambridge, Massachusetts 02139
                                     http://nms.lcs.mit.edu/~snoeren