HOME

TheInfoList



Click Here for Items Related To - TCP Fast Open
OR:
TCP Fast Open on:   [Wikipedia]   [Google]   [Amazon]

In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive
Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is common ...
(TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic cookie stored on the client and set upon the initial connection with the server. When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, thus skipping a round-trip delay and lowering the latency in the start of data transmission. The cookie is generated by applying a block cipher keyed on a key held secret by the server to the client's, generating an authentication tag that is difficult for third parties to spoof, even if they can forge a source IP address or make two-way connections to the same server from other IP addresses. Although it uses cryptographic techniques to generate the cookie, TFO is not intended to provide more security than the three-way handshake it replaces, and does not give any form of cryptographic protection to the resulting TCP connection, or provide identity assurance about either endpoint. It also is not intended to be resistant to
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
s. If such resistance is required, it may be used in combination with a cryptographic protocol such as TLS or
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
. TFO has been difficult to deploy due to protocol ossification; in 2020, no
Web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
s used it by default. TFO presents privacy challenges; the TFO cookie can allow persistently tracking a client across sessions, even by passive observers.


History

The TFO proposal was originally presented in 2011 and was published as the experimental RFC 7413 in December 2014. TCP Fast Open shares the goal of bypassing the three-way handshake of TCP with an earlier proposal from 1994, called
T/TCP T/TCP (Transactional Transmission Control Protocol) was a variant of the Transmission Control Protocol (TCP). It was an experimental TCP extension for efficient transaction-oriented (request/response) service. It was developed to fill the gap betwe ...
(RFC 1644). In contrast to TCP Fast Open, T/TCP paid no attention to security, opening a path for vulnerabilities and failing to gain traction.


Characteristics

TFO implementations include the following: * IPv4 support for TFO was merged into the
Linux kernel mainline The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU o ...
in kernel versions 3.6 (support for clients) and 3.7 (Dec 2012) (support for servers), and was turned on by default in kernel version 3.13 (Jan 2014). TFO support for
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv ...
servers was merged in kernel version 3.16. * FreeBSD from version 10.3 (support for servers) and 12.0. (support for clients). * Mozilla Firefox from version 58. The support was disabled by default due to network device compatibility issues with TFO and TLS 1.3 and eventually removed in version 87. * Google Chrome and Chromium browsers have support for TFO on
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
, including
ChromeOS ChromeOS, sometimes stylized as chromeOS and formerly styled as Chrome OS, is a Linux-based operating system designed by Google. It is derived from the open-source ChromiumOS and uses the Google Chrome web browser as its principal user interfa ...
and Android. *
Exim Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking ...
mail transfer agent The mail or post is a system for physically transporting postcards, letters, and parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid-19th century, national postal syst ...
(MTA) from version 4.88. * Unbound DNS Resolver from version 1.5.10. *
BIND BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name daemon''), performs both of the main DNS server roles, acting as an authoritative ...
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
(DNS) from version 9.11.0. * Knot DNS from version 2.6.0. *
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, where its wild ancestor, ' ...
's
iOS 9 iOS 9 is the ninth major release of the iOS mobile operating system developed by Apple Inc., being the successor to iOS 8. It was announced at the company's Worldwide Developers Conference on June 8, 2015, and was released on September 16, ...
and OS X 10.11 both support TCP Fast Open, but it is not enabled for individual connections by default. *
Microsoft Edge Microsoft Edge is a proprietary, cross-platform web browser created by Microsoft. It was first released in 2015 as part of Windows 10 and Xbox One and later ported to other platforms as a fork of Google's Chromium open-source project: Android ...
supports TCP Fast Open since
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
Preview build 14352. * PowerDNS Recursor supports TCP Fast Open from version 4.1. * dnsmasq supports TCP-fastopen (RFC-7413) from version 2.81.


See also

*
SPDY SPDY (pronounced "speedy") is an obsolete open-specification communication protocol developed for transporting web content. SPDY became the basis for HTTP/2 specification. However, HTTP/2 diverged from SPDY and eventually HTTP/2 subsumed all u ...
* SYN cookies * TCP Cookie Transactions * 0-RTT * QUIC


References


Bibliography

* *


External links

* {{IETF RFC, 7413 specification Fast Open