IETF Logo Mail Archive

Re: [babel] Babel over DTLS and UDP ports

David Schinazi <dschinazi.ietf@gmail.com> Fri, 31 May 2019 13:25 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B12A51200CD for <babel@ietfa.amsl.com>; Fri, 31 May 2019 06:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8LceNBW5jFs for <babel@ietfa.amsl.com>; Fri, 31 May 2019 06:25:30 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5888D12002E for <babel@ietf.org>; Fri, 31 May 2019 06:25:30 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id m22so9385422ljc.3 for <babel@ietf.org>; Fri, 31 May 2019 06:25:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HsQyAyLTpJ+ls/iOCz7w8BM3Y0mCyn7Ezj1A2SIm00k=; b=K4hHoEEJ3EjJACWETI/2jRn6VrW/8DqMxc95h0STKQMDCMvpY5ZfZeNeJeElqn206c 27EMa2UIcdXNuNa1mGDLZiNwH/1xWZLGwnejjqBzNAQsIK4hd6KJRKLTZVOgSmDg5bmu OUVAj1+4KhBtzxhXOm9dmPcknlDd6RcA4J0PqezTNytd2MHFHirbrf5oLB9C4wymGouX QQyV12a4GZmkbyp/DXGTVyuu5M6EiI/b4xpjlfRof9gE7pDgbqOiQwO4/DWX7rmUNrIC TmofCANs7tnNONmPizrhROOKQeud29FXqLIHCUpeLTcRH43SpeTzZJjyIJHQxq4XmeVb aQyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HsQyAyLTpJ+ls/iOCz7w8BM3Y0mCyn7Ezj1A2SIm00k=; b=kQS9q6wr3wPSwr6Nb1zOz3krmm49OOdGlUb41TjTYtJbwobIf0xZdWupLE9Zpiro4W UCjC7FCt6qTFvDSiok5lctsSimvJaAdaMNlvCWDZ+aHsPcgcxiBI2mdnMK/pXgsVu0Vi zU2NH4DsBmRbiCMRFcGKQHuBBXH7azq5USPj0t6HDWMGs2tFBxNcx3fQQdldbSTA+d6X f4ZKK4PwH+MmtsZbXDXxwQjGh41GZgh8k8BAuDweB87ophWEdX/xQsUnHnMDuKyxv6li Zz8brnP3pTNV7GQ6mB16TEqsl9GQ4YMPAs09wGr1dOA9BwZ0M/TZfNMsfylBCb+lrl5N of6w==
X-Gm-Message-State: APjAAAUBEFiMHVPtwygGVT76ThxEkwOAiNpXa//Qz0nbIYCPsfoOShEj cWU6BaDaNCozaYVoOQaTJkRyF1Quo63nekDEymw=
X-Google-Smtp-Source: APXvYqyJ60aww0fsupkm/PWTisMKgqxlkwv1tc4dhJ2kywMe2OZwK2vbjiULIENVw2+g9JsDM8/8JsMWcJ04RQlYnpU=
X-Received: by 2002:a2e:81d9:: with SMTP id s25mr6050514ljg.139.1559309128595; Fri, 31 May 2019 06:25:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAPDSy+45_gEo=SfLWnODa6jMqnUdC9a10nhL6ZxRLh7EXabxaw@mail.gmail.com> <87tvda7omc.wl-jch@irif.fr>
In-Reply-To: <87tvda7omc.wl-jch@irif.fr>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 31 May 2019 15:25:17 +0200
Message-ID: <CAPDSy+7cy=1x+kqP1EJi6fXMaSZE8mCrJHLr40UDGGO72yH_OA@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Babel at IETF <babel@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b47cfe058a2ef2f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/bbbpaXDbBkZobFUu8w3sHICbWYw>
Subject: Re: [babel] Babel over DTLS and UDP ports
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2019 13:25:33 -0000

Hi Juliusz,

Thanks for your passionate response :-)

To clarify my earlier email, the IANA port expert gave their opinion, and
I've been made aware that as expert they provide knowledgeable opinions but
do not hold power over the final outcome.
The powers that be wanted there to be a new conversation on the Babel
mailing list about the pros and cons of using a new port, given the
expert's opinion.
If it is still the consensus of the Babel WG that allocation of a new port
is critical to some implementations and will facilitate deployment of a
secure version of the protocol, and the IESG agrees that this consensus was
reached, then once the IESG moves the document forward the IANA
considerations section will apply and a new port will be allocated.

Now, speaking as implementor of Babel (as opposed to draft author), I
strongly believe that a new port will make a difference in the success of
this protocol. Juliusz phrased the reasons why quite well.

Thanks,
David


On Fri, May 31, 2019 at 3:14 PM Juliusz Chroboczek <jch@irif.fr> wrote:

> > When the authors requested the new port from IANA, we received some
> pushback.
> > The position of the IANA port expert was that UDP ports are a scarce
> resource
> > and they strongly prefer to not allocate them unless it is necessary.
>
> In a healthy technical organisation, the administration helps the
> technical folks get their stuff done.  An organisation is ossified if the
> bureaucacy feels they have the right to dictate the technical solutions.
>
> If there are technical reasons to use a single port, we should state them.
> Under no circumstances should we agree to change our protocol in order to
> make the bureaucrats happy.
>
> > So the question for the Babel WG is: is the separate port necessary?
>
> Antonin's original implementation implementation used a single port:
>
>
> https://datatracker.ietf.org/meeting/101/materials/slides-101-babel-babel-over-dtls-00
>
> > One possible solution could be for us to have unencrypted packets and
> DTLS
> > packets share the same port. For that we can leverage the fact that all
> Babel
> > packets start with a first byte set to 42, and say that DTLS packets use
> the
> > same port, prefixed with 43 instead of 42.
>
> Yes, that's what I was arguing for back in 2018.  However, I was put in
> the minority by a number of wise people:
>
>   - David argued that the whole point of DTLS is to use a standard DTLS
>     stack, and some DTLS stacks don't support using a single port for both
>     encrypted an cleartext traffic;
>   - David pointed out that Apple's DTLS implementation doesn't support
>     this mode of operation;
>   - Donald added that it is usual for IETF protocols to use separate ports.
>
> If the above points no longer stand, then please explain what has changed
> since 2018.
>
> If these points still stand, then it is our duty to make the right
> technical decision, IANA's impotence notwithstanding.  We have a number of
> options:
>
>   - go speak with IANA again, stating clearly that using distinct ports
>     reflects WG consensus;
>   - should that fail, we could use an ephemeral port for DTLS, announce it
>     as a sub-TLV of multicast Hello (recall that DTLS uses unicast only);
>   - should that be considered to fragile, we can publish the draft with no
>     port assignment, and have implementations squat an unallocated port.
>
> > What are people's thoughts?
>
> None that can be expressed without profanity.
>
> (Please have a look at the IANA UDP port registry -- thousands of ports
> have been allocated to completely undocumented obscure protocols, and
> they're refusing to allocate a single port for a standards track document?)
>
> -- Juliusz
>

v2.23.0 | Report a Bug | By Email