IETF Logo Mail Archive

Re: [core] Martin Stiemerling's Discuss on draft-ietf-core-coap-15: (with DISCUSS and COMMENT)

Carsten Bormann <cabo@tzi.org> Sat, 18 May 2013 09:05 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B881421F93BF; Sat, 18 May 2013 02:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.437
X-Spam-Level:
X-Spam-Status: No, score=-106.437 tagged_above=-999 required=5 tests=[AWL=-0.188, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAaNMhottFA7; Sat, 18 May 2013 02:05:20 -0700 (PDT)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) by ietfa.amsl.com (Postfix) with ESMTP id 8856B21F93B9; Sat, 18 May 2013 02:05:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.4/8.14.4) with ESMTP id r4I95Hla017013; Sat, 18 May 2013 11:05:17 +0200 (CEST)
Received: from [192.168.217.105] (p548920D6.dip0.t-ipconnect.de [84.137.32.214]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id DCB1736B9; Sat, 18 May 2013 11:05:16 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
Content-Type: text/plain; charset="windows-1252"
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <5193E302.7010101@neclab.eu>
Date: Sat, 18 May 2013 11:05:15 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <E62F7F82-99B2-491D-BE0D-EA87303439EA@tzi.org>
References: <20130424092228.10345.76059.idtracker@ietfa.amsl.com> <8C88F8A7-9B07-4D82-8EA8-89794BD32EFC@tzi.org> <5193E302.7010101@neclab.eu>
To: Martin Stiemerling <martin.stiemerling@neclab.eu>
X-Mailer: Apple Mail (2.1503)
Cc: draft-ietf-core-coap@tools.ietf.org, core-chairs@tools.ietf.org, The IESG <iesg@ietf.org>, core@ietf.org
Subject: Re: [core] Martin Stiemerling's Discuss on draft-ietf-core-coap-15: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 May 2013 09:05:26 -0000

Hi Martin,

thanks for the update.

We probably need to think about ICMP processing (beyond packet too big) some more.
We certainly want to heed the lessons learned from TCP, e.g. as documented in RFC 5927.
(We also have to account for the abysmal platform support for ICMP errors in UDP implementations; 
I remember having had to fork the platform for my own CoAP implementation to handle those properly).

Do you have a specific example of ICMP processing rules in a UDP-based protocol specification that we could use as a model?
(E.g., of RFC 1035, RFC 2865, RFC 3530, none mention ICMP at all.
It is easy, but maybe not very useful, to add something like section 18.4 of RFC 3261.)

Some more detailed responses below.

Grüße, Carsten


        This means UDP-lite and UDP zero should not be used for COAP.
        How about adding this clarifying text to Section 1.1.  "Features":
        OLD
          o  UDP [RFC0768] binding with optional reliability supporting unicast
             and multicast requests.
        NEW
          o  UDP [RFC0768] binding with optional reliability supporting unicast
             and multicast requests. UDP-lite [RFC3828] and UDP zero checksum
             [RFC 6936] are not supported by COAP.

At this rate, we probably should be saying that we don't support SCTP
and DCCP, too :-) (We actually do say this about SCTP in the initial
paragraph of 3.  I've added UDP-lite/UDP-zero as a parenthesis to
this). [1371]


        It worries me that IPv4 has not received a lot of attention. It is a general issue of the draft or just in this single place?

IPv4 just isn't in the focus of much of CoAP's implementer community.
So, yes, I would expect IPv4-specific issues to have received less
attention than IPv6-specific issues.  Fortunately, above UDP there
isn't that much difference apart from the address format (covered by
RFC 3986) and the MTU issues discussed here, so I don't expect the
limited attention by implementers to be a big problem.

            CoAP is meant to be operable without persistent state between
            exchanges.  Normal operation of CoAP in constrained implementations
            (if they even implement IPv4) will not use DF.  More advanced
            implementations may be able to keep state about peers; it should be
            pretty obvious how to do this (and will generally be combined with
            establishing congestion control state).  I have added a reference to
            RFC 4821 to the discussion of path MTU discovery [1310].

        Is there a particular reason why DF is not used in COAP?

Keeping PMTUD state is hard in a very constrained implementation, and
there may be no obvious way for an application to react to it.  And,
before adding state for MTU info, you would probably try to keep RTT
information around.  For constrained networks I would also probably
implement something like ALFI before looking at the IP-layer
fragmentation information.

        I agree to your points and also the difficulties in using, or even receiving, ICMP error messages, but a recommendation to take them into account when handling network errors would be beneficial for the protocol. This part looks underspecified, especially since the a larger than 1280 byte MTU can also cause issues in IPv6 networks.
        Not documenting it all looks rather incomplete.

        An incomplete text proposal:
        "COAP implementations should take ICMP error messages into account when handling error conditions in the transmission of COAP messages."

Indeed, this would need some of the usual exhortations about how ICMP
messages are insecure etc.

        I'm not sure where this would fit best in the draft.

4.6 would be the right place for packet too big (and it is kind of
covered by the reference to 4821 already), but the other ICMP
messages are harder to react to.  (E.g., a client may not want to give
up on a single routing error.)  Hmm.

-> Ticket

                        8) Flow Control/Receiver Buffer
                        The protocol does not have any real means for the receiver to control the
                        amount of data that is being sent to it. I can understand the attempt to
                        provide a simple protocol, but adding a very basic flow control mechanism
                        will not prohibitively increase the complexity of the protocol, while
                        improving robustness.
                        According to Section 2.1, a node can always return a RST if the message
                        cannot be process for whatever reason.
                        I propose to add an option to the RST message that allows the message
                        receiver to state how much data it is willing to accept from a particular
                        sender or in general (up to the implementation).

                (RST messages are empty messages and cannot have options.)  CoAP
                servers currently perform load shedding by not reacting to an incoming
                message at all.  Note that an 5.03 error can also set the Max-Age
                option in place of the "Retry-After" known from HTTP (section
                5.9.3.4).  There has been discussion on more explicit feedback for
                load shedding, e.g.,
                draft-greevenbosch-core-minimum-request-interval-00; currently, the WG
                feels that finding a good solution (or even understanding the problem
                space) for this requires more study (see minutes from Orlando, where
                we discussed Bert's draft).

        This is a huge issue, as the message receiver does not have
        any means to reduce the message size to an degree where it can
        process it.

Ah.  We do have 4.13 "Request Entity Too Large".

            Indeed, the onus is on the sender to ensure that the Message ID does
            not wrap around within EXCHANGE_LIFETIME.  In contrast to, say, the
            IPv4 IP ID, the potential problem of Message ID reuse has been
            well-highlighted, and it is receiving additional attention in the LWIG
            drafts that are starting to provide guidance on CoAP implementation.
            Implementations that need more than ~ 250 messages per second (per
            peer endpoint) may need to use multiple source endpoints.

        Is this limitation documented in the draft?

Done in [1372] (based on Stephen Farrell's comment.)

                ----------------------------------------------------------------------
                COMMENT:
                ----------------------------------------------------------------------


                3) Short messages
                Section 3., paragraph 1:

                  CoAP is based on the exchange of short messages which, by default,
                  are transported over UDP (i.e. each CoAP message occupies the data
                  section of one UDP datagram).  CoAP may also be used over Datagram

                What are short messages in terms of bytes? Is this a hidden protocol
                requirement?

        Section 4.6 discusses message sizes and should leave the implementer
        with a pretty good idea what message sizes are a good fit for CoAP.
        I don't think forward-referencing to 4.6 from section 3 is necessary.

        FWIW: Section 4.6 discusses MTUs and I am not sure where short messages are discussed over there. Short can be anything, even 500 bytes might be considered short.

Spencer Dawkins also didn't like the "short messages" (because it can
be confused with SMS).  So I changed it into "compact messages". [1373]
(I do still think the discussion of what we expect with respect to
message sizes in 4.6 is comprehensive.)

                4) randomization of message IDs

            [...]

        Yes.  We are trying to avoid RFC 2119 language in the implementation notes.
        Since this is about a variable that only exists in a specific
        implementation strategy, a SHOULD wouldn't work very well, anyway.

        Ok, but I would add a statement why randomized message IDs are need to make a secure protocol. E.g. "It is strongly recommended that the initial variable value is randomized, in order to make off path attacks to the protocol less likely."

Good point. [1370]

        Generally, we would expect applications to handle this in similar ways
        they are handling other application-layer timeouts.  E.g., many e-mail
        and web applications timeout requests after a time on the order of a
        minute.  We think this is another issue best left for discussion after
        some operational experience is available.

        Fine with me.
        However, do you have a document where the WG lists the open issues to be explored? That would be awesome to have in order to revisit the open issues after a while.

The CoRE roadmap (draft-bormann-core-roadmap) is trying to be this
document, but it needs more work to fully meet this role.

v2.23.0 | Report a Bug | By Email