IETF Logo Mail Archive

Re: deprecating Postel's principle- considered harmful

Paul Wouters <paul@nohats.ca> Wed, 08 May 2019 14:26 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899EB12012B for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 07:26:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7lga_rGgHgi for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 07:26:08 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A64F11202D9 for <ietf@ietf.org>; Wed, 8 May 2019 07:25:54 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 44zf0J5nQPzK5R; Wed, 8 May 2019 16:25:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1557325552; bh=aRPckgD9kJ7xRB5axppbIbeN6ISC8g/GgHrSPdSHC3U=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=eDQGukoAdEgNyGqU4y0nIBqSVmOqeKw4WCIYVfunB/auE2f1ctnpB4f9ZqYuELf7p ZhnUEspUnvTaWn0Y+1ZXWIyVkNI3bzq+jifVrr5ZchUvbths966olRsVsxITkdczkZ g67FXdTAPnC2ABXVucarOphosrZ/HthCug2TfXa8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id R2zs8NIQfiAL; Wed, 8 May 2019 16:25:51 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 8 May 2019 16:25:50 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 71CF69E3; Wed, 8 May 2019 10:25:49 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 71CF69E3
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 692EF41C02C8; Wed, 8 May 2019 10:25:49 -0400 (EDT)
Date: Wed, 08 May 2019 10:25:49 -0400
From: Paul Wouters <paul@nohats.ca>
To: Dave Cridland <dave@cridland.net>
cc: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: deprecating Postel's principle- considered harmful
In-Reply-To: <CAKHUCzw1fc0yhS9XjFNtcw7xiv-tRdfDwVvYDo27gNKp5q8MxA@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1905081022220.4912@bofh.nohats.ca>
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com> <DBD4837F-299B-497C-8922-AFF858B06C0F@strayalpha.com> <CAKHUCzwa89Qd6PD2EtkZU1LnT+1ZSsNiMQGAPnu5P_r=bvgMLg@mail.gmail.com> <alpine.LRH.2.21.1905081009330.4912@bofh.nohats.ca> <CAKHUCzw1fc0yhS9XjFNtcw7xiv-tRdfDwVvYDo27gNKp5q8MxA@mail.gmail.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/h0TffN3UarBEes40HzHiXPjVv3E>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 14:26:10 -0000

On Wed, 8 May 2019, Dave Cridland wrote:

>       Many UDP encapsulations of IP packets do not recalculate the outer UDP
>       checksum. It's a good thing we accept these datagrams with technical
>       errors.
> 
> There's two observations to be made here, if I understand correctly:
> 
> a) The lack of properly checking the outer UDP checksum means that implementations could avoid recalculating it.
> 
> b) We could not enforce such checking now, because of such implementations.

It is generally signaled by setting the checksum to 0.  I guess by now,
packet mangling has become so rare, that router implementers prefered
not to check at all and leave it up to the endpoint. We only know what
some of the well known endpoints do.

> I appreciate what you're saying, but it's unclear if either is a good thing.

To me, it makes sense that the endpoints are the only ones checking
these, but I'm not a router vendor and not really qualfied to speak
on these issues. So like you, I'm on the fence on whether this is a
good thing or not. But if it _is_ a good thing, than we only got there
via the Postel principle.

Paul

v2.23.0 | Report a Bug | By Email