Disabling PAWS When Other Protections Are Available
draft-nishida-tcpm-disabling-paws-00

Document Type Expired Internet-Draft (individual)
Last updated 2018-12-22 (latest revision 2018-06-20)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-nishida-tcpm-disabling-paws-00.txt

Abstract

PAWS provides protection against old duplicated segments caused by wrapped sequence or earlier incarnated connections. One drawback of PAWS is that it requires to place timestamp option in all segments, which consumes 10-12 bytes in the option space of TCP. In addition, since PAWS just checks if timestamps is older or not, the protection logic is not very strong against malicious attacks or cannot work properly in some situations. On the other hand, some other technologies which can provide stronger protections than PAWS are becoming available these days. In this document, we propose to utilize other protection mechanisms as replacements of PAWS when they are available.

Authors

Yoshifumi Nishida (nishida@wide.ad.jp)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)