Re: [dtn] Martin Duke's Discuss on draft-ietf-dtn-tcpclv4-22: (with DISCUSS and COMMENT)

Brian Sipos <BSipos@rkf-eng.com> Mon, 09 November 2020 01:49 UTC

Return-Path: <BSipos@rkf-eng.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16B1C3A0F2E; Sun, 8 Nov 2020 17:49:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rkf-eng.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1DBTuqmEk1BM; Sun, 8 Nov 2020 17:49:34 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2053.outbound.protection.outlook.com [40.107.223.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 799AB3A0A81; Sun, 8 Nov 2020 17:49:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AtDhIstBTw82swG3Rl8nrabN/M8JFQnOBaxsnQXUZVhzyfuQHIIcBUmsiweMR5yq7LhSHogUFr2kXdEE0X1lUHagrWTe9wdQkp733MJwT9STIYC1KII9ngYMM7LC9Z1AYmaL053FrFwBqSCsftm7LyEhm+QQntc06vEumy5lWIGntLXFq3Jp2yLBay4MpY70cFnGPAOORPRaQ5GmEPuZmKT/tGHV30DwSKEIGvZd18Fho5h70h6PZPoDcNrRj3SyRuooLTnHr1qVsiPHt9xtVaHp7qM+fsOMsccMqiftgApraUTmBj7NauLgSYsKDMjjiy3fkDFTbga+/s9ffE9lVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2hwohqp9BRWjkSee7V2ZT3gTrbyTbUbfOfwE8EzDdqA=; b=NtAKmXG3tUBlal/LY8qsNd22V+PixnnZR8ADsKqT+Gd7t+6jV5uEPfWg2XwR4MHf4p/NuSNqJhfMHPPV8kHjpQGYNBQuIJvfcv7xAeAPp/CsrkGD44zITwCfZyCiVPZg6xwcC2wz8mmYEYK+VUgWTabkIv6ETb2BJ/bb/Cc8yqELMNdX4elFgl0zAeYfOUrPkoqrb7ISxRdA6jrux28iCk2849snVOLlhOm8WD3WxBxbLNhz5bnHORrJFbxDZbdPb8V1NvD0PaxCW54wuhbV3dmjoiaMKlv6ghJ0FgsiE4IgY/3p4U/Tzt+uQxtvd8UH4RBt2tUVT6g/6tr6aVlTzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkf-eng.com; dmarc=pass action=none header.from=rkf-eng.com; dkim=pass header.d=rkf-eng.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rkf-eng.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2hwohqp9BRWjkSee7V2ZT3gTrbyTbUbfOfwE8EzDdqA=; b=Xk80u54J9xm6Rn3KGOsIJO9T6jU7ijvZAC3qIMaM5xTh29+qe/2sLjzyGvoNi5BEwuJpbyXAYL7oVuPFvcjUKa/RBPvYLas2EDfgborIwf5LrbEu6Zu6FvMU26AtRCardEDp1ohR91WlLX+7aa65S26Cgt1Hskn9WiSfCyDBK0k=
Received: from MN2PR13MB3567.namprd13.prod.outlook.com (2603:10b6:208:168::10) by MN2PR13MB2688.namprd13.prod.outlook.com (2603:10b6:208:ef::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.13; Mon, 9 Nov 2020 01:49:30 +0000
Received: from MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::b90b:cb8:82cb:7d1a]) by MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::b90b:cb8:82cb:7d1a%3]) with mapi id 15.20.3541.025; Mon, 9 Nov 2020 01:49:29 +0000
From: Brian Sipos <BSipos@rkf-eng.com>
To: "martin.h.duke@gmail.com" <martin.h.duke@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>
CC: "dtn-chairs@ietf.org" <dtn-chairs@ietf.org>, "draft-ietf-dtn-tcpclv4@ietf.org" <draft-ietf-dtn-tcpclv4@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>, "edward.birrane@jhuapl.edu" <edward.birrane@jhuapl.edu>
Thread-Topic: Martin Duke's Discuss on draft-ietf-dtn-tcpclv4-22: (with DISCUSS and COMMENT)
Thread-Index: AQHWtWfzgXKYe2o4cUC4psquQl8WX6m/Ck2A
Date: Mon, 9 Nov 2020 01:49:28 +0000
Message-ID: <d7b8cefdb52977bfbb99bf2608083a2f281dc807.camel@rkf-eng.com>
References: <160479610567.30934.2651041608307943087@ietfa.amsl.com>
In-Reply-To: <160479610567.30934.2651041608307943087@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Evolution 3.38.1 (3.38.1-1.module_f33+10288+0a1d8bbf)
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=rkf-eng.com;
x-originating-ip: [170.249.178.82]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dcd81b98-3cb2-4db1-8950-08d88451b2a7
x-ms-traffictypediagnostic: MN2PR13MB2688:
x-microsoft-antispam-prvs: <MN2PR13MB2688DB115D2F7F86E2FD64F29FEA0@MN2PR13MB2688.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: I6PzYFxvQf7SfMCkOOl1qaBiaaVg7jBhdBjrVYVD6v3YWCnxPHRAzaanwbslzPZv7fC/Ii9pThsEiTdTltnOpU4Ohim3RZzs0GJDRt35gbsQphDRBDH+StkpoWlSoYxXzBejZ0ZgC0fZAlF2grOjpbMHem62B7mGIiCPtd2ugvo0njSYZ9W7URsaJvO6Dd6EbbEfUjr9fjLz7fQT/faZ2w/UIEZy52lDkX+J9QlKkselSkyUX8/vyiP3q4ib/hMFGJ7JVo/gv3T3Sm+2uQ5VwWGwEVo0EgA0tItEJERUVHmL6O/rLt++H/bLMJsBYT0R
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB3567.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(39830400003)(136003)(396003)(346002)(186003)(26005)(6506007)(478600001)(4326008)(2616005)(71200400001)(83380400001)(6512007)(2906002)(36756003)(66556008)(66476007)(66446008)(64756008)(91956017)(76116006)(66946007)(6486002)(8676002)(8936002)(5660300002)(54906003)(86362001)(316002)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: aRcx7AmEj8YhP0Z9NbEa1zBw/APudbSwvWpNa7tcUxZOT8elE6Uz6gVWHrS+Wc8jmClxHwGKs/4XarSeWPa7wv6Jzmk5Uwzfzu1mYhj4KhanIm+5s5ACVAjqlELMWTyVjgXaNH8mMF6oaexBz+abdnYl7GO6ylRm+/QeLZ6HM4QCtXTq8jf/7KDUhz4vYA1LuddAIpKH2WJEY6JblTriXD7vrI3m4h4n2/CRshsnnhFDz4nzS5OvYtWKhqJ1+dc8LeTXEeVJNhCQPfZONASwDSL06zlINqQ8TwO26ZHF7JgFzfzrwFX2gWGng74ulPtR70Kgthl/z78Elyf+ybIUN5PQ58CBB7UYFVVVCuFzHzqD58S5pJTHAQGbeUbkHliNEyarJpt/jVPtAm4Z45GtJSqiyWIDwE+SZqhEYU4XBy6JYktmzEIZXHRFrtsa6Jc6O+y+BKlwYxkNLuwlRs2Y38XEiKw5u3lm5bLpHJ7b+k0x8KqGzQr5fZAue3Df0aV1c8hgj/VOk5ZdqY4IshSjxLVgIunaz5h2B7M/GQPWa4cDf940EuvL0tgaYnYHAaXXYCK39VFaZiWZQYUbvhqX4WxJck5fret7zpOcj+BkRABW7e2pjT5NppsDYKRh1+dKKOl9BEwSiDlEixjOyiIRqg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <ECC9A7B37BA5A943B8DD1C5BB19588FC@namprd13.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rkf-eng.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB3567.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dcd81b98-3cb2-4db1-8950-08d88451b2a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2020 01:49:29.3229 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4ed8b15b-911f-42bc-8524-d89148858535
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /YqTSR9EUayzZWko9jwmnzzEgjmJjD02cgrAf9LDbUlGECa4fmjvsWipQnQSC1BpyP1Qqaq50Me42IBOeuW4Lw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB2688
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/OQP9Vh2B9aIKNbNcGePgBzE0S0k>
Subject: Re: [dtn] Martin Duke's Discuss on draft-ietf-dtn-tcpclv4-22: (with DISCUSS and COMMENT)
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2020 01:49:36 -0000

Martin,
My responses are in-line below with prefix "BS1".

On Sat, 2020-11-07 at 16:41 -0800, Martin Duke via Datatracker wrote:
> Martin Duke has entered the following ballot position for
> draft-ietf-dtn-tcpclv4-22: Discuss
> 
> 
> ---------------------------------------------------------------------
> -
> DISCUSS:
> ---------------------------------------------------------------------
> -
> 
> Sec 6.1. I read this sentence several times and could not figure out
> what it is
> saying, and fear there could be interoperability problems. "When
> performing an
> unclean termination, a
>    transmitting node SHALL treat either sending or receiving a
> SESS_TERM
>    message (i.e., before the final acknowledgment) as a failure of
> the
>    transfer.  Any delay between request to close the TCP connection
> and
>    actual closing of the connection (a "half-closed" state) MAY be
>    ignored by the TCPCL entity."
> 
> First of all, "failure of the transfer" is ambiguous because there
> may be two
> transfers going on, one in each direction.
> 
BS1: This phrasing is a bit unclear because the statement applies to
the transfer itself. Instead of "a transmitting node" it should be "a
node transmitting a transfer" so the subject of the statement becomes
the outgoing transfer.

> Second, I would like further clarity on what it means that nodes
> "SHALL"
> consider it "a failure of the transfer". What is actionable if it's a
> failure?
> If nothing is actionable, it shouldn't be a SHALL. Does this mean
> that in
> subsequent sessions I must resend the whole bundle?
> 
BS1: There are requirements about how a CLA interacts with its
overlaying BPA, and this requirement applies to what will be indicated
to the BPA about the formerly-in-progress transfer. Section 3.1
explains that CLA--BPA interface.

> Can you list some reasons why an endpoint would choose to close
> uncleanly? Some
> motivation might provide helpful context.
> 
BS1: The motivation here is that there are some reasons why the CLA
will know that it's about to lose connectivity and send a positive
indication of "I'm about to go away and cannot finish a transfer (in
either direction)" instead of waiting (potentially a long time) for a
CLA timeout or a TCP timeout. For example, a low battery starting into
a power saving mode and stopping a data link. This is as opposed to a
clean termination, which is not time-critical and more of a "I don't
want to start any more transfers, so don't attempt any new ones."

> Moreover the "sending or receiving" bit is confusing.
> - So one option is that I'm a session that has decided to do an
> unclean
> termination rather than a clean one. So I send SESS_TERM and then
> close (FIN?
> RST?) the TCP connection. So if it's a FIN, I might very well get the
> last
> XFER_ACK.  If I RST or don't get that ACK, then I do think it's clear
> that the
> transfer is a failure, whatever that means.
> 
BS1: I can add a top-level requirement that closing a TCP connection
always means using a FIN. 

> - But as a receiver, how do I know that the termination is unclean?
> Have I made
> an independent decision to close uncleanly? Am I to take the receipt
> of a
> SESS_TERM without my having sent XFER_ACK as an unclean close? If I
> sent
> XFER_ACK, how do I know that the sender sent it? And what does it
> mean, as a
> receiver, that the transfer "failed" if I have all the data?
> 
BS1: Some of these requirements may be trying to overspecify behavior
and just get confusing. There is always the potential for the TCP
connection to close for some other reason outside the CLA's control.
Maybe a better set of requirements is to mention that a peer MAY close
the connection before a transfer is finished, and that a closed
connection before receiving the final XFER_ACK SHALL be treated as a
failed transfer (even outside of an unclean termination, because at
that point there is no possibility of ever receving that final ACK).

> 
> ---------------------------------------------------------------------
> -
> COMMENT:
> ---------------------------------------------------------------------
> -
> 
> Thanks for this document. I have numerous minor concerns:
> 
> Sec 4.3. "the TCP connection SHALL be closed." Can you clarify if
> this is a
> clean close (FIN) or abort (RST)? In fact, if you always mean FIN, it
> might be
> good to clarify that in the terminology section to indicate that
> there are no
> RSTs anywhere.
> 
BS1: as mentioned above, I will add a requirement that FIN is the
correct method.

> Sec 4.3. VERSION_MISMATCH would benefit from being split into
> VERSION_TOO_HIGH
> and VERSION_TOO_LOW. For example, if the passive is at v4 only and
> the active
> supports v1, v2, and v3, it will take three tries to figure out that
> there is
> no way for these nodes to communicate. Even better would be a QUIC-
> style
> Version Negotiation message that would communicate the options in 1
> RTT.
> 
BS1: This had been discussed in the WG somewhat and this is a carry-
over from the behavior of the TCPCLv3.
The current requirements on the actie entity are to start at the
highest supported version and on the passive entity are to begin
TLS/session negotiation on *any* acceptable TCPCL version, which
assumes that a later version will be more acceptable to an arbitrary
passive entity.
Adding a "supported versions set" to the Contact Header is possible,
but there needs to be WG discussion on whether this is a worthwile late
addition.

> There are few items that seem to be artifacts of TLS happening after
> session
> negotiation in v3:
> 
> Sec 4.4.3. "If certificate validation
>    fails or if security policy disallows a certificate for any
> reason,
>    the entity SHALL terminate the session"
> 
> I don't understand this; certificate validation generally occurs
> during the TLS
> handshake, where there is no session?
> 
BS1: There is a bit of gray area when the TLS handshake is involved,
because it can either succeed or fail but after the handshake it is
possible to send TCPCL messages regardless of handshake success. I
suppose that if the TLS stack fails within the TLS handshake that there
will be a TLS-level message indicating this fact and the TCPCL-level
message is redundant. Using the SESS_TERM regardless of whether the TLS
stack rejected the handshake or the CLA rejected the peer certificate
guarantees that there is some over-the-wire indication of what went
wrong (as opposed to the connection just being closed after a seemingly
valid TLS handshake).

> Sec 4.4.3
> "the active
>    entity SHALL authenticate the DNS name (of the passive entity)
> used
>    to initiate the TCP connection"
> s/TCP Connection/TLS session. TCP connections don't consider DNS at
> all.
> 
BS1: This may be a phrasing issue, maybe instead:
   Either during or immediately after the TLS handshake if the active 
   entity resolved a DNS name (of the passive entity) in order to 
   initiate the TCP connection, the active
   entity SHALL authenticate that DNS name using any DNS-ID of the peer
   certificate.

> Sec 4.5.
> "After the initial exchange of a Contact Header, all messages
>    transmitted over the session are identified by a one-octet header
>    with the following structure:"
> 
> Obviously, TLS handshake messages are after the Contact Header and
> are not
> prepended by these headers. Perhaps this is an artifact from v3?
> 
BS1: This is an artifact, it should be clarified as:
    After the initial exchange of a Contact Header and any TLS 
    handshake exchanges, ...

> Sec 4.7
> "Once this process of parameter negotiation is completed (which
>    includes a possible completed TLS handshake of the connection to
> use
>    TLS),"
> 
> The TLS handshake occurs before parameter negotiation.
> 
BS1: This is a vestigal behavior and needs to be rephrased to remove
that parenthetical.

> Sec 5.2.4 I find it odd that each CL would have its own set of reason
> codes
> that it will simply pass to the bundle layer. Far better for it to be
> a common
> set of CL-agnostic errors that the bundle layer implements, as they
> literally
> do not matter to the CL at all.
> 
BS1: There had been earlier WG discussion about a standardized CLA--BPA
interface and nomenclature, but the CLA capabilities are incredibly
link-layer dependent and not at all consistent, especially ways in
which a transfer can fail (some link layers are even unidirectional and
don't provide any feedback at all to the CLA).
This could be discussed in the WG to see if the consensus has evolved
in any way in the meanwhile.