Re: [Tsvwg] Re: Last Call: Robust ECN Signaling with Nonces to Experimental

[Mark Allman <mallman@grc.nasa.gov>]

> > > A cheating TCP receiver is a malicious user (if not a third
> > > party), and 1 bit nounce can only protect in 50% of the cases.
> > > That's why I said the security is weak--it's weak even for the
> > > problem it's trying to solve--not because it cannot protect
> > > TCP from all possible attacks. I know people have difficulty
> > > getting good security with even 2048 bits or more...
> > 
> > This is FUD.  The nonce is *much* better than 50%.  You have a 50%
> > shot at guessing the nonce right on every ACK.  But, if you guess
> > wrong once then the sender is on to you -- so, the probability of
> > guessing right is 0.5^N (where N is the number of ACKs
> > transmitted).  So, clearly as the connection progresses and N
> > grows large the probability of keeping your game going gets pretty
> > small pretty quickly.
> 
> This is just half of the story. 

I have requoted the statement you made (at the top) that I responded
to.  I was considering only the case when we were considering
*receivers* (not third parties) lying.

I stick by the above argument.  The case of someone snooping traffic
and hosing the data rate by lying is as you outlined (not quoted).
But, that was not the comment I responded to.  We agree that
eavesdroppers can exploit ECN and the ECN nonce as a mechanism for
DoS.  I simply wanted to apply pushback to your statement that the
nonce does not offer good protection for the problem it purports to
solve.  In my opinion, it offers good protection for its intent.

allman


--
Mark Allman -- BBN/NASA GRC -- http://roland.grc.nasa.gov/~mallman/