Re: [dtn] BPv7 compliance and handling of unknown EID schemes
Erik Kline <ek.ietf@gmail.com> Wed, 06 March 2024 03:14 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1B7DC14F736 for <dtn@ietfa.amsl.com>; Tue, 5 Mar 2024 19:14:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V70wuDUwbvcS for <dtn@ietfa.amsl.com>; Tue, 5 Mar 2024 19:14:47 -0800 (PST)
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4680C14F6BD for <dtn@ietf.org>; Tue, 5 Mar 2024 19:14:47 -0800 (PST)
Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-29a2545a1e7so4380717a91.2 for <dtn@ietf.org>; Tue, 05 Mar 2024 19:14:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709694887; x=1710299687; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=CyoGjJTz3CcAjYlJoWhMhmcQW+lU4xj1/X8vVsOdNiA=; b=aVMOHVo7XojThxcKqWlANyfBbcKFQPoVV0Jamipfy01hrFAT7oSsDDeVtTRF/bf7cN lPFIoItVEz1sVQOXNwnm3ROZope0yMs09udla7Iq8bMoaMz5uLYKVFkUpcmqMs8NNLMC LVsT12SwWPaEV3gpX3ZADthE5u8i9x+S0QbD11UEUR5WNigCoC91i4Qxm3nR9lsM+IJ+ k+9W0eLdCiXBnbE6ZQzsDYd2U2lSNdS9vdcbb1foIuHHWPkg2v43TFGKwKBs3OIQe6pm b6ziEqltUu41Ly+t6Jz0IIke7oH1cDlT8fltc0Any7cZAInQ198mVx8w0Fs9Ok20b6n4 8gvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709694887; x=1710299687; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CyoGjJTz3CcAjYlJoWhMhmcQW+lU4xj1/X8vVsOdNiA=; b=SJVfUV/qCejly24ClGNtQy3vZTIAXTgPh6M4lPnS38HVphmI1jqtx6DChm5UmlqVIy orvVjeyJcvosr1CAjhscKwfC1guzfQFkVXWP4FzRW2Fsi1a0iXcG/5m9OD8l0Xjx6KEU c0FrFykodm4JhmCVdy5+vHH0axsX+JbxZN/6RcxhRTxeuM9Ht1ZkOUbRelQ1kISJ0pVL BUwl52WUMH8MZEWn7bMabCY/SeSzLOqes0agTCgkOvQ1m5YjPvmy4TaWElWIPN+WCVwB R995wQJWows4LaH4TjSRp/uBDFpmTJzahOiP6kzNsMVVGx+PGNqwHu01j/ffXXG8mm+5 DjdA==
X-Gm-Message-State: AOJu0YxBFuvu+9EQ6uiEIkmQlICqHTb4i+oq8y7agdiG41iAXV24s/dJ I0RLTKiF5y4BBrnv0LgLSWSWndkpiyo0OJOjWkUery6D5RbKIyXEGdnVGzuGhZ8i4J/ek1GezPP OMqnJWwbOz9+Px0W1KD46g7umcMs=
X-Google-Smtp-Source: AGHT+IHTfxO7cx9Qd3RrQtXpqVq7Sw2BdW8eKrDMcIatehoQw6hQ9aHt6KEnH8qOksuMeoU/fmaKje+lnIuNEHF2mS8=
X-Received: by 2002:a17:90a:d497:b0:29b:6f5a:4db5 with SMTP id s23-20020a17090ad49700b0029b6f5a4db5mr2108264pju.24.1709694886687; Tue, 05 Mar 2024 19:14:46 -0800 (PST)
MIME-Version: 1.0
References: <ed574adc2549475eb12b9846a3cfe658@jhuapl.edu>
In-Reply-To: <ed574adc2549475eb12b9846a3cfe658@jhuapl.edu>
From: Erik Kline <ek.ietf@gmail.com>
Date: Tue, 05 Mar 2024 19:14:35 -0800
Message-ID: <CAMGpriWgrdTGfq4DrWNsa0PRFc8nn=tU0iOm0Qr-TXmoTZfGFg@mail.gmail.com>
To: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
Cc: "dtn@ietf.org" <dtn@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/v6trjruGnYSYIYFaxXKobgg_BMY>
Subject: Re: [dtn] BPv7 compliance and handling of unknown EID schemes
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 03:14:52 -0000
There are a couple of crypto RFCs that are mostly (entirely?) test vectors. This obviously makes sense for that specific context, but an "implementation guidance" doc for BPv7 with test vectors accompanying advice would seem like a Good Thing (tm) imho. On Tue, Mar 5, 2024 at 2:04 PM Sipos, Brian J. <Brian.Sipos@jhuapl.edu> wrote: > > All, > > There is something that I’ve seen a few times in different contexts related to EID handling that has the potential to lead to highly “ossified” state for BPv7 and cause lack of interoperability or lack of future compatibility (as spelled out in great detail in RFC 9170 [3]). > > > > BPv7 requires EIDs in a few different places; beyond the three uses in the primary block there are also the Previous Hop block, Security Source within security blocks, and within Status Report records. The BPv7 spec has a well-defined notion of what a valid EID structure is from Section 4.2.5.1 [1] and this structure is codified in Appendix B as the simple CDDL expression: > > eid-structure = [uri-code: uint, SSP: any] > > > > In some cases a BPA implementation might choose to consider invalid any EID with an unknown scheme `uri-code` value. The problem is that this BPA will now fail in situations that it should not: > > It might not be able to forward a bundle having an unknown EID scheme in its Destination, even if the BPA has a kind of “default route” forwarding policy that would otherwise handle the situation properly. > It might no longer be able to properly status bundles that use an unknown EID scheme in the bundle Source, even if the Report-To EID scheme is known and routable and the bundle is otherwise fully valid. > It might not properly treat the primary block as immutable if the Report-To EID uses an unknown scheme and the primary block is re-encoded. > It might consider a Previous Hop block to fail processing, triggering Step 4 of Section 5.6 “Bundle Reception” (and possibly deleting the bundle with reason “Block unsupported”), even though the block data is well-formed and valid according to [1]. > It might treat a security block as invalid if it contains a Security Source EID having an unknown scheme even though the block data is perfectly well-formed and valid according to [1]. Just because the EID will not match any security policy on the BPA does not mean that the block is invalid. > > > > This is a different situation than, for example, the CRC Type field which has a fixed set of valid code points [2] and any others represent invalid content. Any EID which matches the `eid-structure` schema should be treated as valid by a BPA and handled appropriately. This means the EID `SSP` is kept in its original form without any further processing so that, e.g., a bundle Source or Report-To EID is not modified by a BPA during reception or forwarding. > > > > The examples above could even be turned into test vectors to check the proper behavior of a BPA with unknown EID scheme code points. I suspect that current BPA implementations might not handle these cases well. > > > > Others’ thoughts on this topic are appreciated. My goal here is not to nitpick or finger-point, but to ensure that BP and BPAs do not fall into the same traps that others have landed in (see examples in Appendix A of [3]) while development is fresh and there is still time to correct things. > > Brian S. > > > > [1] https://www.rfc-editor.org/rfc/rfc9171.html#section-4.2.5.1 > > [2] https://www.rfc-editor.org/rfc/rfc9171.html#section-4.2.1 > > [3] https://www.rfc-editor.org/rfc/rfc9170.html > > > > _______________________________________________ > dtn mailing list > dtn@ietf.org > https://www.ietf.org/mailman/listinfo/dtn