Breaking Up the Transport Logjam
نویسندگان
چکیده
Current Internet transports conflate transport semantics with endpoint addressing and flow regulation, creating roadblocks to Internet evolution that we propose to address with a new layering model. Factoring endpoint addressing (port numbers) into a separate Endpoint Layer permits incremental rollout of new or improved transports at OS or application level, enables transport-oblivious firewall/NAT traversal, improves transport negotiation efficiency, and simplifies endpoint address space administration. Factoring congestion control into a separate Flow Layer cleanly enables in-path performance optimizations such as on satellite or wireless links, permits incremental rollout of new congestion control schemes within administrative domains, frees congestion control evolution from the yoke of “TCP-friendliness,” and facilitates multihoming and multipath communication. Though this architecture is ambitious, existing protocols can act as starting points for the new layers— UDP or UDP-Lite for the Endpoint Layer, and Congestion Manager or DCCP for the Flow Layer—providing both immediate deployability and a sound basis for long-term evolution.
منابع مشابه
The problem of popular primes: Logjam
This paper will discuss the Logjam attack on TLS. The Logjam attack allows, under certain conditions, to defeat the security provided by TLS. This is done by manipulating server and client into using weak and deprecated export grade crypto, and subsequently breaking the Diffie-Hellman key exchange. We explore how the attack works conceptually and how exactly TLS is vulnerable to this attack. Al...
متن کاملUnordered Delivery in TLS-Encrypted TCP Connections
TCP and UDP offer markedly different transport semantics. However, increasingly, applications robust to the unreliability of UDP choose TCP because it is more likely to successfully navigate today’s Internet full of meddlesome middleboxes (ie. firewalls and NATs). The Transport Next Generation (Tng) project attempts to alleviate the logjam caused by this shifting of the Internet’s narrow-waist ...
متن کاملEmpirical Analysis of SSL/TLS Weaknesses in Real Websites: Who Cares?
As SSL/TLS has become the de facto standard Internet protocol for secure communication in recent years, its security issues have also been intensively studied. Even though several tools have been introduced to help administrators know which SSL/TLS vulnerabilities exist in their network hosts, it is still unclear whether the best security practices are effectively adopted to fix those vulnerabi...
متن کاملBreaking the Logjam: Proposals for Moving Beyond the Equals Approach
Over the last decade, the structure and performance of Canadian financial institutions has undergone a profound transformation. Propelled by both regulatory changes and market innovations, Canadian financial institutions have found their historically protected markets opened to intense competition from a variety of different sources. The most significant regulatory change has been the piecemeal...
متن کاملFLEXTLS A Tool for Testing TLS
We present FLEXTLS, a tool for rapidly prototyping and testing implementations of the Transport Layer Security (TLS) protocol. FLEXTLS is built upon MITLS, a verified implementation of TLS, and hence protocol scenarios written in FLEXTLS can benefit from robust libraries for messaging and cryptography. Conversely, attack scripts in FLEXTLS can be used to evaluate and communicate the impact of n...
متن کامل