summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc9401.txt
blob: 903f6a15e5da0f15043d06ae587b152e59c156f9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
Independent Submission                                       S. Toyosawa
Request for Comments: 9401                                   Independent
Category: Informational                                     1 April 2023
ISSN: 2070-1721


              The Addition of the Death (DTH) Flag to TCP

Abstract

   This memo specifies the incorporation of Death (DTH) flag to TCP,
   including DTH's use of one bit in the TCP header.  The flag is
   designed to make TCP session narratives smooth and attractive.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not candidates for any level of Internet Standard;
   see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc9401.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction
   2.  Requirements Language
   3.  Specification
     3.1.  TCP Packet Format
     3.2.  When to Send
     3.3.  When Not to Send
     3.4.  Use with the IP Evil Bit
   4.  Security Considerations
   5.  IANA Considerations
   6.  References
     6.1.  Normative References
     6.2.  Informative References
   Author's Address

1.  Introduction

   The proposed Death flag, or DTH for short, uses the fourth flag bit
   in the TCP header to indicate likely termination of the TCP session.

   The flag allows applications to prepare for abrupt session
   terminations.  Network engineers find this feature helpful in
   identifying the one or more root causes of TCP RSTs.  Critical end
   users can use the information to better understand TCP narratives.

   The flag name is adapted from the custom of anime, manga, or light
   novels [NOVEL].  "Death Flags" refer to hints that a character will
   die soon [CBR-FLAG].

   For example, the DTH flag of an evil scientist is set when they
   express too much confidence in their deadly invention.  The scientist
   is often killed by their own invention.  This type of narrative is
   also common in conventional films.  A notable example is a solider in
   a trench.  The soldier's flag is set to 1 immediately after they
   share a photograph of their fiancé and tell about the upcoming
   marriage that will take place after returning from battle.  Another
   example is setting the flag for a couple sneaking out from an
   isolated cabin for a late-night excursion.  Commonly, the excursion
   is violently terminated by an individual with a chainsaw.

2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Specification

3.1.  TCP Packet Format

   The DTH flag uses the fourth bit in the Control bits field in TCP
   header as depicted in Figure 1 [RFC9293].  The fourth bit was
   intentionally selected because "four" in Chinese is Sì; it has a
   similar sound to Sǐ, which means "die".

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Source Port          |       Destination Port        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                        Sequence Number                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                    Acknowledgment Number                      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Data |D|     |C|E|U|A|P|R|S|F|                               |
      | Offset|T| Rsr |W|C|R|C|S|S|Y|I|            Window             |
      |       |H| vd  |R|E|G|K|H|T|N|N|                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |           Checksum            |         Urgent Pointer        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                           [Options]                           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               :
      :                             Data                              :
      :                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

             Note that one tick mark represents one bit position.

                 Figure 1: TCP Header with the DTH Flag Bit

   A TCP session peer SHOULD transmit a DTH segment when the TCP session
   will likely be terminated soon.  It can be sent from both the server
   and client.  The application or TCP stack MAY elect not to send DTH
   segments, even if it knows that the session will be terminated.  This
   results in a dramatic surprise for the peer; however, the end users
   may perceive the end too convenient or overly simplistic.  Use of the
   DTH segment that is not associated with the session termination is
   not encouraged but it is permitted.  (This is often referred to as
   "teasing" or a false-positive DTH flag.)

   The DTH flag is informational.  TCP software that does not implement
   this feature can safely ignore this flag.  However, to fully
   appreciate the session, users should be aware of the subtle signs of
   the session narratives.

   The DTH flag itself does not change the sequence or acknowledgment
   number.  It does not require any acknowledgement.

   The recipient of the flag is not required to act differently upon
   reception; however, it is RECOMMENDED that information be conveyed to
   the application layer, so the end user can be notified of the
   incident.  The recipient of a DTH segment SHOULD NOT close the socket
   immediately upon reception; it SHOULD wait for a RST or FIN segment.

   This specification does not stipulate the maximum number of DTH
   segments permitted in one TCP session; however, limiting them to a
   few is RECOMMENDED to maximize the dramatic effect.

3.2.  When to Send

   DTH can be used any time the sender considers it important to signal
   its inevitable end to the TCP peer.  The example scenarios below
   illustrate when to send DTH segments.

   A malicious actor can send the flag when it suddenly repents; for
   example, when a sender suddenly regrets their part in a DDoS attack
   and unexpectedly ceases the attack.  The archvillain generally
   terminates the sender cruelly and mercilessly soon after the change
   in behavior (or they are killed for protecting the hero).  The timing
   of DTH transmission is implementation dependent.  It can be sent
   anytime from the early signs of betrayal to just prior to the
   behavioral change.

   The flag can be sent when the sender stops using cryptographic
   protections and reveals its plain-text content, for example, a
   mysterious character with a mask that often dies after they expose
   their face.  In this example, the DTH segment would be sent just
   before sending the redirect (30x) from HTTPS to HTTP [RFC9110].
   Similarly, the flag can be set when the forged User-Agent or Server
   HTTP header field is changed to the actual value, when their true
   identity would be revealed (for example, "I am your long-lost twin",
   "I am a spy", etc.).  This occasionally leads to the death of the
   character.

   The TCP peer is RECOMMENDED to send the flag when it notices resource
   issues, e.g., diminishing memory space or bandwidth.  An AI bot,
   cyborg, sorcerer application with forbidden protocols, etc., SHOULD
   consider sending the flag when it starts to heavily cough error
   messages.

   An application less capable of performing its task MAY send the flag
   from time to time.  It will be killed by the OS (the archvillain) or
   CTRL-C (the end user) sooner or later due to its inefficiency.  The
   same is likely to occur with a memory-hogging application, for
   example, an unscrupulous character that attempts to take all the
   treasure often dies accidentally (e.g., falls from a cliff).

   An application SHOULD really think twice before accessing a
   "honeypot" or haunted server.  If your choices are limited (e.g.,
   your favorite server breaks down in the middle of nowhere and the
   dark server that is not on the DNS is the only place you can
   shelter), sending the flag periodically is a good idea.  The session
   is most likely cursed.

3.3.  When Not to Send

   The DTH flag SHOULD NOT be piggybacked on the FIN flag.  If present,
   the recipient SHOULD silently ignore DTH flag.  The only exception is
   when the recipient is an expert at Hokuto-Shinken ("Big Dipper Divine
   Fist") [WIKI-FNS].  In that circumstance, the sender is already dead
   but remains active for a few seconds (which is unofficially called
   the "half-zombie open" state).

   The DTH flag SHOULD NOT be sent with the URG flag [RFC6093].  The use
   of the URG flag is not recommended in new implementations [RFC9293].

   Use of the flag in the early state of a TCP session is NOT
   RECOMMENDED.  Characters that die in the early stage are considered
   nonessential, hence their death does not contribute to the quality of
   the session.  (Obviously, there are exceptions.)

3.4.  Use with the IP Evil Bit

   Some experimental implementations use the Evil bit [RFC3514] of the
   IP header to indicate if the session portrays an evil character.  The
   DTH flag is not designed to characterize a TCP session.  It is
   intended to show the fate of the session irrespective of the nature
   of the session.  When both Evil bit and DTH flag are present, they
   MUST be interpreted independently.

4.  Security Considerations

   Precursors to the inevitable death (often violent) of a TCP session
   are useful for upper-layer applications and end users; however, the
   security vs. usability balance should also be considered.  Since DTH
   flags may expose the internal state of the TCP session, they can be
   exploited by attackers (e.g., naming the murderer before the
   detective points out the suspect).  Spoilers are an act of evil.
   Those who wish to keep the story secret should use the flag mildly.

5.  IANA Considerations

   This document defines the behavior of the one of the currently
   reserved (Rsrvd) control bits in the TCP header.  It is used as an
   informative indicator of the fate of a TCP session.  The fourth bit
   (counting from the beginning of the thirteenth octet in a TCP header)
   is intentionally selected to signify its meaning; however, a change
   in the bit position does not cause any functional deterioration.

   This feature may already be implemented in different manners in
   Hollywood and/or Japanese animation studio networks; however, to the
   author's knowledge, the technology is not yet patented.

6.  References

6.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC3514]  Bellovin, S., "The Security Flag in the IPv4 Header",
              RFC 3514, DOI 10.17487/RFC3514, April 2003,
              <https://www.rfc-editor.org/info/rfc3514>.

   [RFC6093]  Gont, F. and A. Yourtchenko, "On the Implementation of the
              TCP Urgent Mechanism", RFC 6093, DOI 10.17487/RFC6093,
              January 2011, <https://www.rfc-editor.org/info/rfc6093>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC9293]  Eddy, W., Ed., "Transmission Control Protocol (TCP)",
              STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022,
              <https://www.rfc-editor.org/info/rfc9293>.

6.2.  Informative References

   [CBR-FLAG] Stalberg, A., "10 Death Flags That Mean An Anime Character
              is Probably Going To Die", 2023,
              <https://www.cbr.com/anime-death-hints-signs/>.

   [NOVEL]    Wikipedia, "Light novel", February 2023,
              <https://en.wikipedia.org/w/
              index.php?title=Light_novel&oldid=1136814877>.

   [RFC9110]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "HTTP Semantics", STD 97, RFC 9110,
              DOI 10.17487/RFC9110, June 2022,
              <https://www.rfc-editor.org/info/rfc9110>.

   [WIKI-FNS] Wikipedia, "List of Fist of the North Star characters",
              March 2023, <https://en.wikipedia.org/w/index.php?title=Li
              st_of_Fist_of_the_North_Star_characters&oldid=1145633265>.

Author's Address

   Satoshi Toyosawa
   Independent
   Email: s2.toyosawa@gmail.com