IETF Logo Mail Archive

Re: [Int-dir] [tsvwg] Intdir early review of draft-ietf-tsvwg-udp-options-19

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 15 February 2023 16:49 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C355C15DD5E; Wed, 15 Feb 2023 08:49:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zDCsF0HmVhAZ; Wed, 15 Feb 2023 08:49:34 -0800 (PST)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id 9D401C152564; Wed, 15 Feb 2023 08:49:31 -0800 (PST)
Received: from [192.168.1.64] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 1E51C1B00137; Wed, 15 Feb 2023 16:49:21 +0000 (GMT)
Message-ID: <dab06636-9988-ba00-d8f5-62ec455384bc@erg.abdn.ac.uk>
Date: Wed, 15 Feb 2023 16:49:20 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:102.0) Gecko/20100101 Thunderbird/102.7.2
To: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, "C. M. Heard" <heard@pobox.com>
Cc: Joe Touch <touch@strayalpha.com>, "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, "int-dir@ietf.org" <int-dir@ietf.org>, "draft-ietf-tsvwg-udp-options.all@ietf.org" <draft-ietf-tsvwg-udp-options.all@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <167599146728.42049.10916891372133731811@ietfa.amsl.com> <B743425D-38C0-49B8-B391-7AC6E51D9B1A@cisco.com> <CACL_3VFDHhmJL2_WXV60d-tyyfE8tkW8P6rwtcBOox4mxsHRzQ@mail.gmail.com> <CALx6S35T+H5ETDJVEawbOSs7EeBO7wbvmRSvH0+TfZiTXhK5cQ@mail.gmail.com> <CACL_3VFrtuDS4FW1xWzzdB4LGibrUWSvTgWi1ashh=D1hvFaNQ@mail.gmail.com> <CALx6S34qG0uv4tj1gzZxL7LZUeX6V1vEwYJ9A9Ybtszh074ovA@mail.gmail.com> <BB7783E3-273A-4D83-B4BF-BCE3DA00E609@strayalpha.com> <CALx6S36QovfwXjFmspVP4CgEOwmJzBLGX59c=zsvSGap8sX1gQ@mail.gmail.com> <CACL_3VFDQUjp5ez70RpyptZSOYvso2-QZsRvLhRNyU9p0iMayw@mail.gmail.com> <CALx6S34y6XttaEz_Uod4bSK50F-KArrv-V=HjKAb8v-9oWoM5Q@mail.gmail.com> <CACL_3VGKuk2HU1Hy4bZymUgPJqvhtzS_xSvZ987m58=fZAAXDw@mail.gmail.com> <CALx6S34dEdPgUvTQZda0qb-H3dERzo-3rjsnZ1MyscbJwJwvoQ@mail.gmail.com> <CACL_3VEhA-Jc_GH2isrJjYsheEp0phHdh71ZgRnvBW5tCKYR5A@mail.gmail.com> <CALx6S3551sms4q_yKh8QYqeedB3uoK9ZRMNrDtVLoMxe-ENX5g@mail.gmail.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <CALx6S3551sms4q_yKh8QYqeedB3uoK9ZRMNrDtVLoMxe-ENX5g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/H7RO7S2GHsDUKSs_VFcR3E1ajmc>
Subject: Re: [Int-dir] [tsvwg] Intdir early review of draft-ietf-tsvwg-udp-options-19
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2023 16:49:38 -0000

On 14/02/2023 17:50, Tom Herbert wrote:
> On Mon, Feb 13, 2023 at 3:08 PM C. M. Heard <heard@pobox.com> wrote:
>> On Mon, Feb 13, 2023 at 11:07 AM Tom Herbert wrote:
>>> On Mon, Feb 13, 2023 at 10:28 AM C. M. Heard wrote:
>>>> Those servers can (and probably should) be configured to reject UDP
>>>> options with OCS=0, if they are not already configured to reject UDP
>>>> packets with CS=0.
>>> I agree, but that suggests that there are conditions when it's
>>> acceptable to not use OCS=0. What guidance is given for that? Just
>>> saying the user needs to figure this out themselves seems like a
>>> disservice; this is not the same risk as enabling a CS=0 for UDP. How
>>> can a user determine what is safe and what is not in their network?
>>> Note that it took two RFCs to describe the necessary conditions in
>>> detail to enable CS=0 for UDPv6. Do we need an equivalent discussion
>>> on when it's safe not to have the checksum in surplus space?
>> Section 7 of the draft currently says:
>>
>>     Like the UDP checksum, the OCS is optional under certain
>>     circumstances and contains zero when not used. UDP checksums can be
>>     zero for IPv4 [RFC791] and for IPv6 [RFC8200] when UDP payload
>>     already covered by another checksum, as might occur for tunnels
>>     [RFC6935]. The same exceptions apply to the OCS when used to detect
>>     bit errors; an additional exception occurs for its use in the UDP
>>     datagram prior to fragmentation or after reassembly (see Section
>>     9.4).
>>
>> If this guidance is too slender, how should it be improved?
> Mike,
>
> The casual reference to RFC6935 is a good example of why this text is
> insufficient. RFC6935 and RFC6936 were created to allow UDPv6 packets
> to have a zero checksum. The UDP checksum was required in IPv6
> (RFC2460) because, unlike IPv4, the IPv6 header doesn't contain a
> header checksum; the UDP checksum includes the pseudo header that
> covers the IPv6 address. So the UDPv6 checksum is needed as an
> integrity check of the IPv6 addresses, and the primary risk of using
> CS=0 with UPDv6 is the potential for misdelivery when addresses are
> corrupted. That is the primary consideration of RFC6935 and RFC6936.
> Note that it is a misnomer that those RFCs allow a zero UDPv6 checksum
> for all packets, in fact it is a narrowly defined exception applicable
> to tunnel protocols under specific circumstances. Also note, in
> RFC8086 (GRE over UDP), it still took three pages of requirements to
> show how the specific protocol meets the requirements of RFC6935 and
> RFC6936. IMO an offhand statement that the exceptions of RFC6935 and
> RFC6936 are applicable for a new protocol is trite.
>
> While the risk RFC6935 and RFC6936 is packet misdelivery, the risk of
> UDP options is misinterpretation of protocol in a packet. UDP options
> present an entirely different problem and the means to address it will
> be different. The UDP checksum is completely independent and has no
> correlation to the bits of the surplus space, the UDP checksum does
> not cover the surplus space and neither is there any coverage if "UDP
> payload is already covered by another checksum". So the "The same
> exceptions apply to the OCS" are not valid since the exceptions refer
> to the UDP checksum which has different properties and different
> risks. Without a proper code point, the protocol of the surplus space
> needs to be determined solely based on the contents of the space, not
> the UDP checksum nor anything else in the packet, and any means of
> this determination is probabilistically correct. The probability of
> misinterpretation with a checksum is 1/65,536 which is presumably
> sufficient. If the idea is to forgo the checksum, then one would
> expect a quantitative analysis of both the probability of
> misinterpretation and the risks of misinterpretation.
>
> That being said, I see no zero value in making the checksum optional.
> Aside from its critical role in validating the surplus is indeed UDP
> options, UDPv6 packets are required to have a non-zero checksum so the
> OCS is required for all of IPv6 (again RFC6935 and RFC6936 are narrow
> exceptions). Furthermore, TCP, the original transport layer protocol
> with options, and IPv4 have had a checksums since the beginning and we
> don't see people complaining about the performance of those.
>
> Tom
>
>> Mike Heard

I for one also think that last para on whether OCS needs to be required 
in all cases is something that needs to be considered carefuly.

Gorry

v2.23.0 | Report a Bug | By Email