TCP User Timeout Option
draft-ietf-tcpm-tcp-uto-11

[Ballot comment]
In the security considerations section, where the document mentions MD5, it should also mention TCP-AO as another option (with an informative reference to TCP-AO).

[Ballot discuss]
This may be a very short-lived discuss. In the security section, you recommend the use of IPSEC or TCP-MD5. AFAIK, TCP-MD5 is rarely implemented on boxes that aren't routers. Wouldn't you be better off recommending TCP-AO?

[Ballot discuss]
This may be a very short-lived discuss. In the security section, you recommend the use of IPSEC or TCP-MD5. AFAIK, TCP-MD5 is rarely implemented on boxes that aren't routers. Wouldn't you be better off recommending TCP-AO?

[Ballot comment]
I think this is great (as long as it works through firewalls and nats - and support that part of Pasi discuss) but I think that it has to be exposed to apps and support that parts of Chris' discuss.

[Ballot comment]
I support Chris's and Pasi's discusses.  The failure rate with middleboxes could present a significant problem unless the TCP stack is clever enough to establish new connections
without using uto after failure.  The onus is clearly on the TCP stack to adjust since the
"communication of timeout information between the TCP stack and application software
has been so poor in the past" to quote Chris's discuss.

[Ballot discuss]
The document is missing any manageability or operational considerations. Although section 3 mentions that the UTO can be enabled either on a per-connection basis, or controlled by a system-wide setting there is no further indication what this means from the point of view of system opertors. There is also no indication about performance measurement, especially on the light of the fact that reliability issues are a concern and are discussed. Last would the MIB modules defined in RFC 4022 or RFC 4898 need to be extended to cover this new option?

[Ballot discuss]
I have reviewed draft-ietf-tcpm-tcp-uto-10. Overall, the document
looks good, but I have one concern that I'd like to discuss before
recommending approval of the document:

If the data cited in Section 4.1 is a reasonable approximation of
reality -- and 3% of TCP connections would fail -- doesn't this mean
that either (a) no popular OS or popular application (such as email,
IM, or SSH client -- all of which would potentially benefit from
longer timeouts) can enable this by default, or (b) it has to
implement some kind of recovery logic (if using UTO fails, disable it
and establish new connection without UTO). (Totally failing for 3% of
users does not sound like a realistic option for things intended
to be used by "ordinary users" -- instead of, say, network engineers
for interplanetary stuff.)

If this is the case, it should be mentioned in e.g. Section 4.1,
possibly sketching how the recovery logic would work (so each app
doesn't have to reinvent it, possible badly).

[Ballot discuss]
Is the intention to have this be used only by operating system software?
Or should this be made visible to applications?  If the latter is the
case, is there work in progress to define the identifiers and
structures that would be used with setsockopt() so this would have a
chance of deploying?

Applications sometimes have information about the desirability of long
lived connections.  For example, HTTP wouldn't benefit from longer user
timeouts, IMAP+TLS benefits quite a bit, while SSH could benefit a
great deal (especially if the user has spent time setting up multiple
data tunnels).  But as we've seen with the IPv6 mess prior to
getaddrinfo, if the socket extension identifiers/structures aren't
nailed down early deployment is slowed greatly when communication
between the transport and application layers is needed.

Also, because communication of timeout information between the TCP
stack and application software has been so poor in the past, quality
server applications will put sockets in non-blocking mode and
implement their own timeouts with select/poll or equivalent and shut
down the socket.  If applications have no way to communicate this to
the TCP stack, the stack could negotiate a timeout longer than the
application timeout and thus create a false expectation for connection
retention.

[Ballot discuss]
In the Gen-ART Review from Scott Brim, a significant question was
  raised, and the WG has not provided an answer.  Scott asked:
  >
  > Since a UTO can apparently be sent at any time, what happens
  > if a UTO is received that shortens the timeout and there are
  > unacknowledged packets that are already beyond the new timeout
  > value?

IANA Last Call comments:

Upon approval of this document, the IANA will make the following
assignment in the "Transmission Control Protocol (TCP) Option
Numbers" registry at
http://www.iana.org/assignments/tcp-parameters/

Kind Length Meaning Reference
------ ------ ------------------------------------- ---------
[tbd] 4 User Timeout Option [RFC-tcpm-tcp-uto-09]

draft-ietf-tcpm-tcp-uto-08.txt

> >    (1.a)  Who is the Document Shepherd for this document?  Has the
> >          Document Shepherd personally reviewed this version of
> >          the document and, in particular, does he or she believe
> >          this version is ready for forwarding to the IESG for
> >          publication?

Mark Allman (mallman@icir.org) (TCPM co-chair)

I have read the document and believe it is ready for publication.

> >    (1.b)  Has the document had adequate review both from key WG members
> >          and from key non-WG members?  Does the Document Shepherd have
> >          any concerns about the depth or breadth of the reviews that
> >          have been performed?

The document has enjoyed much review from the TCPM WG.

> >    (1.c)  Does the Document Shepherd have concerns that the document
> >          needs more review from a particular or broader perspective,
> >          e.g., security, operational complexity, someone familiar with
> >          AAA, internationalization or XML?

No concerns.

> >    (1.d)  Does the Document Shepherd have any specific concerns or
> >          issues with this document that the Responsible Area Director
> >          and/or the IESG should be aware of?  For example, perhaps he
> >          or she is uncomfortable with certain parts of the document, or
> >          has concerns whether there really is a need for it.  In any
> >          event, if the WG has discussed those issues and has indicated
> >          that it still wishes to advance the document, detail those
> >          concerns here.  Has an IPR disclosure related to this document
> >          been filed?  If so, please include a reference to the
> >          disclosure and summarize the WG discussion and conclusion on
> >          this issue.

This document involves no IPR disclosure.

The document shepherd has no specific concerns about the document.

> >    (1.e)  How solid is the WG consensus behind this document?  Does it
> >          represent the strong concurrence of a few individuals, with
> >          others being silent, or does the WG as a whole understand and
> >          agree with it?

The WG consensus on this document is broad and solid.

> >    (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
> >          discontent?  If so, please summarise the areas of conflict in
> >          separate email messages to the Responsible Area Director.  (It
> >          should be in a separate email because this questionnaire is
> >          entered into the ID Tracker.)

We are aware of no reasons this document would be appealed or anyone
who is overly unhappy with it.

> >    (1.g)  Has the Document Shepherd personally verified that the
> >          document satisfies all ID nits?  (See
> >          http://www.ietf.org/ID-Checklist.html and
> >          http://tools.ietf.org/tools/idnits/).  Boilerplate checks are
> >          not enough; this check needs to be thorough.  Has the document
> >          met all formal review criteria it needs to, such as the MIB
> >          Doctor, media type and URI type reviews?

This document does not need MIB or URI reviews.

The document passes 'idnits'.

> >    (1.h)  Has the document split its references into normative and
> >          informative?  Are there normative references to documents that
> >          are not ready for advancement or are otherwise in an unclear
> >          state?  If such normative references exist, what is the
> >          strategy for their completion?  Are there normative references
> >          that are downward references, as described in [RFC3967]?  If
> >          so, list these downward references to support the Area
> >          Director in the Last Call procedure for them [RFC3967].

The references have been split into 'normative' and 'non-normative'.

The normative references are all published RFCs.

> >    (1.i)  Has the Document Shepherd verified that the document IANA
> >          consideration section exists and is consistent with the body
> >          of the document?  If the document specifies protocol
> >          extensions, are reservations requested in appropriate IANA
> >          registries?  Are the IANA registries clearly identified?  If
> >          the document creates a new registry, does it define the
> >          proposed initial contents of the registry and an allocation
> >          procedure for future registrations?  Does it suggest a
> >          reasonable name for the new registry?  See [RFC2434].  If the
> >          document describes an Expert Review process has Shepherd
> >          conferred with the Responsible Area Director so that the IESG
> >          can appoint the needed Expert during the IESG Evaluation?

The document requests a new TCP option number from IANA and includes
this in an IANA considerations section (which is consistent with the
rest of the document).

> >    (1.j)  Has the Document Shepherd verified that sections of the
> >          document that are written in a formal language, such as XML
> >          code, BNF rules, MIB definitions, etc., validate correctly in
> >          an automated checker?

N/A

> >    (1.k)  The IESG approval announcement includes a Document
> >          Announcement Write-Up.  Please provide such a Document
> >          Announcement Write-Up?  Recent examples can be found in the
> >          "Action" announcements for approved documents.  The approval
> >          announcement contains the following sections:
> >
> >          Technical Summary
> >              Relevant content can frequently be found in the abstract
> >              and/or introduction of the document.  If not, this may be
> >              an indication that there are deficiencies in the abstract
> >              or introduction.
> >
> >          Working Group Summary
> >              Was there anything in WG process that is worth noting?  For
> >              example, was there controversy about particular points or
> >              were there decisions where the consensus was particularly
> >              rough?
> >
> >          Document Quality
> >              Are there existing implementations of the protocol?  Have a
> >              significant number of vendors indicated their plan to
> >              implement the specification?  Are there any reviewers that
> >              merit special mention as having done a thorough review,
> >              e.g., one that resulted in important changes or a
> >              conclusion that the document had no substantive issues?  If
> >              there was a MIB Doctor, Media Type or other expert review,
> >              what was its course (briefly)?  In the case of a Media Type
> >              review, on what date was the request posted?

Technical Summary:

    This document calls for an option to all TCP endpoints to
    request peers to set the user-timeout to a particular value.
    The motivation behind this option is hosts that understand that
    they will be unavailable for a lengthy period of time and can
    thus inform their peer of this phenomenon such that the peer can
    prevent the normal connection aborting procedures from reaping
    the connection.  The information is advisory and therefore the
    peer is still able to abort the connection (e.g., in times of
    resource contention).

Working Group Summary

    Given that the information exchanged is advisory, the TCPM WG
    has consensus that this option is perfectly reasonable.

Document Quality

    The document was reviewed for quality by a large number of TCPM
    WG members.