TCP Fast Open

From Infogalactic: the planetary knowledge core
Jump to: navigation, search

In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie (a TCP option), which is a cryptographic cookie stored on the client side and set upon the initial connection with the server.[1] When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, skipping that way a round-trip delay and lowering the latency in the start of data transmission.

The cookie is generated by applying a block cipher keyed on a key held secret by the server to the client's IP address, generating an authentication tag that is difficult for third parties to spoof, even if they can forge a source IP address or make two-way connections to the same server from other IP addresses. Although it uses cryptographic techniques to generate the cookie, TFO is not intended to provide more security that the three-way handshake it replaces, and does not give any form of cryptographic protection to the resulting TCP connection, or provide identity assurance about either endpoint. It also is not intended to be resistant to man-in-the-middle attacks.

History

The proposal was originally presented in 2011[2] and was, as of February 2012, an IETF Internet Draft.[3] The specification was published as RFC 7413 in December 2014.[4] TCP Fast Open shares the goal of bypassing the three-way handshake of TCP with an earlier proposal from 1994, called T/TCP (RFC 1644). In contrast to TCP Fast Open, T/TCP paid no attention to security,[4] opening a path for vulnerabilities and failing to gain traction.

Implementations

IPv4 support for TFO was merged into the Linux kernel mainline in versions 3.6 (support for clients) and 3.7 (support for servers),[5][6] and was turned on by default in version 3.13.[7] TFO support for IPv6 servers was merged in version 3.16.[8] Google Chrome and Chromium browsers have support for TFO on Linux, including Chrome OS and Android. As of 2015, Apple Inc. has announced that iOS 9 and OS X 10.11, their next operating system versions, will both support TCP Fast Open, but it will not be enabled for individual connections by default.[9] Microsoft Edge supports TCP Fast Open since Windows 10 Preview build 14352, but it is disabled by default, and can be enabled in about:flags.[10]

See also

References

  1. Lua error in package.lua at line 80: module 'strict' not found.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Cheng Y, Chu J, Radhakrishnan S, Jain A (2013-01-26). TCP Fast Open. IETF. I-D draft-ietf-tcpm-fastopen-06. https://tools.ietf.org/html/draft-ietf-tcpm-fastopen-06. 
  4. 4.0 4.1 Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.

External links

Retrieved from "https://infogalactic.com/w/index.php?title=TCP_Fast_Open&oldid=722300501"