IETF Logo Mail Archive

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe Touch <touch@strayalpha.com> Thu, 30 August 2018 00:32 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3FB130ED9; Wed, 29 Aug 2018 17:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTNotU4ePt5N; Wed, 29 Aug 2018 17:32:46 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1465C130E1C; Wed, 29 Aug 2018 17:32:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Message-ID:References:In-Reply-To:Subject:Cc: To:From:Date:Content-Type:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Lr6cgfrF6y0BZZPoxr8PHHe2PKjfjakIM/FsFO0o3/Q=; b=5LAhR5o2s5FEfLvBS+LGh31H9 KFbKFly6Yz12D50wfq3JankXAAdJ5cZY5SaHVkvccl++VuC7MDzHvfZrXwYIwJuFtL69x2AAR0qtX bHkanYBMKk7e9X2CGgBQcsXB5qBvvkjVD7YHwFxzl6WcZsbk6stESpuju7mcXFSZ3z6+OrHTSV0hb 7lgEG0nyb5wOYmKlgqVdlFBKY/PxPUwYrmmnhyhvJgXxqICIEIm6AwNeWXhkIbJ5WMYsfkBo1d7o+ QVw+FzB2eJCvKLfT0aXwZx7d+y0eTa0gX/+Ni33blITkNVlHy7c+edlnVLYpv2Pb6xFLal8I+rPKV nwXP3LTsQ==;
Received: from [::1] (port=36512 helo=server217.web-hosting.com) by server217.web-hosting.com with esmtpa (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1fvAt9-003xUp-OC; Wed, 29 Aug 2018 20:32:44 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_d900480c046025dce308235367b6e3ca"
Date: Wed, 29 Aug 2018 17:32:43 -0700
From: Joe Touch <touch@strayalpha.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Toerless Eckert <tte@cs.fau.de>, Christian Huitema <huitema@huitema.net>, int-area <int-area@ietf.org>, intarea-chairs@ietf.org
In-Reply-To: <CALx6S37EiFo8C4K7fO=O0hNpStoaS6wBvM8jVowmJTQHW2=DHw@mail.gmail.com>
References: <CAF493D3-37A2-4A89-BA88-81567E5B88F1@huitema.net> <538A6193-2BD7-4E72-BD28-736B81F97B33@strayalpha.com> <20180826215558.6hzff2povrxuis3y@faui48f.informatik.uni-erlangen.de> <0A065EE6-463C-4C71-BF12-C0E5A1C51680@strayalpha.com> <20180826233350.kz3q6gzqbq36nn4r@faui48f.informatik.uni-erlangen.de> <810cea0d-809f-040d-bc79-7c7413cd99f2@strayalpha.com> <20180827023513.2bxjrk335al2lbvz@faui48f.informatik.uni-erlangen.de> <E02F3C36-ECE6-419E-A219-08A15AD98D13@strayalpha.com> <20180828220915.fpx5hi7nhl46ou6r@faui48f.informatik.uni-erlangen.de> <CALx6S35vbtYOiEx2opqSh1uq9rfgG5QHEQcb+ccWLMcwWZA-uQ@mail.gmail.com> <20180829002430.fojlqonvnqdrhw4z@faui48f.informatik.uni-erlangen.de> <af424b4b449c4a1459b69ed01a984e48@strayalpha.com> <CALx6S3563g___ZP03dD5+sV++ZH7U5yudqRX0Bf2744BbBxGgQ@mail.gmail.com> <2b6dd7006cca65525ac6240a8edffabb@strayalpha.com> <CALx6S37EiFo8C4K7fO=O0hNpStoaS6wBvM8jVowmJTQHW2=DHw@mail.gmail.com>
Message-ID: <b40ed6c3fc32909e2df677cd999550dd@strayalpha.com>
X-Sender: touch@strayalpha.com
User-Agent: Roundcube Webmail/1.3.3
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/nMgULFIUMLOdomVgiF5kEEWY-P0>
Subject: Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Aug 2018 00:32:49 -0000

On 2018-08-29 10:38, Tom Herbert wrote:

> I don't think you need the part about acting as a host, that would
> have other implications.

It does, and that's exactly why you do. In particular, this includes
ICMP processing. 

> Also, the reassembly requirement might be
> specific to NAT and not other middlebox functionality. For instance,
> it would be sufficient for a firewall that is dropping UDP packets to
> some port to only drop the first fragment that has UDP port numbers
> and let the other fragments pass. Without the first fragment
> reassembly at the destination will simply timeout and the whole packet
> is dropped.

And that's a great example of why not reassembling (or equivalent) isn't
the appropriate behavior. 

Yes, the packet will still not be delivered, but the receiver will end
up doing a lot of work that isn't necessary. I.e., the middlebox has
ignored work it was responsible for and caused work elsewhere.  

Further, acting as a host is always the right thing for any node that
sources packets with its own IP address -- that includes NATs and
regular proxies. The behavior of transparent proxies is more complex,
but can be similarly reasoned from the appropriate equivalence model. 

>> ...
>> I would argue that it is OK to give a middlebox the key if that's OK for a
>> given trust model, e.g., it would make sense inside an enterprise to offload
>> security to the ingress of that enterprise. But not elsewhere;
> Sure enterprises can do that. But I'm more worried about the five
> billion mobile devices that may connect to random WIFI or mobile
> networks over the course of a day. For them there is simply no concept
> that the network will provide any level of security.

Which is a great reason why it might actually be useful to shift the
security work to a "home entrance" device by placing the security there.
It's a matter of system configuration, but the point is that it isn't
the device that makes it incorrect; it is how it is configured and
deployed. 

Joe

v2.23.0 | Report a Bug | By Email