Re: [Int-dir] [tsvwg] Intdir early review of draft-ietf-tsvwg-udp-options-19
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 15 February 2023 16:49 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C355C15DD5E; Wed, 15 Feb 2023 08:49:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zDCsF0HmVhAZ; Wed, 15 Feb 2023 08:49:34 -0800 (PST)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id 9D401C152564; Wed, 15 Feb 2023 08:49:31 -0800 (PST)
Received: from [192.168.1.64] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 1E51C1B00137; Wed, 15 Feb 2023 16:49:21 +0000 (GMT)
Message-ID: <dab06636-9988-ba00-d8f5-62ec455384bc@erg.abdn.ac.uk>
Date: Wed, 15 Feb 2023 16:49:20 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:102.0) Gecko/20100101 Thunderbird/102.7.2
To: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, "C. M. Heard" <heard@pobox.com>
Cc: Joe Touch <touch@strayalpha.com>, "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, "int-dir@ietf.org" <int-dir@ietf.org>, "draft-ietf-tsvwg-udp-options.all@ietf.org" <draft-ietf-tsvwg-udp-options.all@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <167599146728.42049.10916891372133731811@ietfa.amsl.com> <B743425D-38C0-49B8-B391-7AC6E51D9B1A@cisco.com> <CACL_3VFDHhmJL2_WXV60d-tyyfE8tkW8P6rwtcBOox4mxsHRzQ@mail.gmail.com> <CALx6S35T+H5ETDJVEawbOSs7EeBO7wbvmRSvH0+TfZiTXhK5cQ@mail.gmail.com> <CACL_3VFrtuDS4FW1xWzzdB4LGibrUWSvTgWi1ashh=D1hvFaNQ@mail.gmail.com> <CALx6S34qG0uv4tj1gzZxL7LZUeX6V1vEwYJ9A9Ybtszh074ovA@mail.gmail.com> <BB7783E3-273A-4D83-B4BF-BCE3DA00E609@strayalpha.com> <CALx6S36QovfwXjFmspVP4CgEOwmJzBLGX59c=zsvSGap8sX1gQ@mail.gmail.com> <CACL_3VFDQUjp5ez70RpyptZSOYvso2-QZsRvLhRNyU9p0iMayw@mail.gmail.com> <CALx6S34y6XttaEz_Uod4bSK50F-KArrv-V=HjKAb8v-9oWoM5Q@mail.gmail.com> <CACL_3VGKuk2HU1Hy4bZymUgPJqvhtzS_xSvZ987m58=fZAAXDw@mail.gmail.com> <CALx6S34dEdPgUvTQZda0qb-H3dERzo-3rjsnZ1MyscbJwJwvoQ@mail.gmail.com> <CACL_3VEhA-Jc_GH2isrJjYsheEp0phHdh71ZgRnvBW5tCKYR5A@mail.gmail.com> <CALx6S3551sms4q_yKh8QYqeedB3uoK9ZRMNrDtVLoMxe-ENX5g@mail.gmail.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <CALx6S3551sms4q_yKh8QYqeedB3uoK9ZRMNrDtVLoMxe-ENX5g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/H7RO7S2GHsDUKSs_VFcR3E1ajmc>
Subject: Re: [Int-dir] [tsvwg] Intdir early review of draft-ietf-tsvwg-udp-options-19
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2023 16:49:38 -0000
On 14/02/2023 17:50, Tom Herbert wrote: > On Mon, Feb 13, 2023 at 3:08 PM C. M. Heard <heard@pobox.com> wrote: >> On Mon, Feb 13, 2023 at 11:07 AM Tom Herbert wrote: >>> On Mon, Feb 13, 2023 at 10:28 AM C. M. Heard wrote: >>>> Those servers can (and probably should) be configured to reject UDP >>>> options with OCS=0, if they are not already configured to reject UDP >>>> packets with CS=0. >>> I agree, but that suggests that there are conditions when it's >>> acceptable to not use OCS=0. What guidance is given for that? Just >>> saying the user needs to figure this out themselves seems like a >>> disservice; this is not the same risk as enabling a CS=0 for UDP. How >>> can a user determine what is safe and what is not in their network? >>> Note that it took two RFCs to describe the necessary conditions in >>> detail to enable CS=0 for UDPv6. Do we need an equivalent discussion >>> on when it's safe not to have the checksum in surplus space? >> Section 7 of the draft currently says: >> >> Like the UDP checksum, the OCS is optional under certain >> circumstances and contains zero when not used. UDP checksums can be >> zero for IPv4 [RFC791] and for IPv6 [RFC8200] when UDP payload >> already covered by another checksum, as might occur for tunnels >> [RFC6935]. The same exceptions apply to the OCS when used to detect >> bit errors; an additional exception occurs for its use in the UDP >> datagram prior to fragmentation or after reassembly (see Section >> 9.4). >> >> If this guidance is too slender, how should it be improved? > Mike, > > The casual reference to RFC6935 is a good example of why this text is > insufficient. RFC6935 and RFC6936 were created to allow UDPv6 packets > to have a zero checksum. The UDP checksum was required in IPv6 > (RFC2460) because, unlike IPv4, the IPv6 header doesn't contain a > header checksum; the UDP checksum includes the pseudo header that > covers the IPv6 address. So the UDPv6 checksum is needed as an > integrity check of the IPv6 addresses, and the primary risk of using > CS=0 with UPDv6 is the potential for misdelivery when addresses are > corrupted. That is the primary consideration of RFC6935 and RFC6936. > Note that it is a misnomer that those RFCs allow a zero UDPv6 checksum > for all packets, in fact it is a narrowly defined exception applicable > to tunnel protocols under specific circumstances. Also note, in > RFC8086 (GRE over UDP), it still took three pages of requirements to > show how the specific protocol meets the requirements of RFC6935 and > RFC6936. IMO an offhand statement that the exceptions of RFC6935 and > RFC6936 are applicable for a new protocol is trite. > > While the risk RFC6935 and RFC6936 is packet misdelivery, the risk of > UDP options is misinterpretation of protocol in a packet. UDP options > present an entirely different problem and the means to address it will > be different. The UDP checksum is completely independent and has no > correlation to the bits of the surplus space, the UDP checksum does > not cover the surplus space and neither is there any coverage if "UDP > payload is already covered by another checksum". So the "The same > exceptions apply to the OCS" are not valid since the exceptions refer > to the UDP checksum which has different properties and different > risks. Without a proper code point, the protocol of the surplus space > needs to be determined solely based on the contents of the space, not > the UDP checksum nor anything else in the packet, and any means of > this determination is probabilistically correct. The probability of > misinterpretation with a checksum is 1/65,536 which is presumably > sufficient. If the idea is to forgo the checksum, then one would > expect a quantitative analysis of both the probability of > misinterpretation and the risks of misinterpretation. > > That being said, I see no zero value in making the checksum optional. > Aside from its critical role in validating the surplus is indeed UDP > options, UDPv6 packets are required to have a non-zero checksum so the > OCS is required for all of IPv6 (again RFC6935 and RFC6936 are narrow > exceptions). Furthermore, TCP, the original transport layer protocol > with options, and IPv4 have had a checksums since the beginning and we > don't see people complaining about the performance of those. > > Tom > >> Mike Heard I for one also think that last para on whether OCS needs to be required in all cases is something that needs to be considered carefuly. Gorry
- [Int-dir] Intdir early review of draft-ietf-tsvwg… Carlos Pignataro via Datatracker
- Re: [Int-dir] Intdir early review of draft-ietf-t… touch@strayalpha.com
- Re: [Int-dir] Intdir early review of draft-ietf-t… touch
- Re: [Int-dir] Intdir early review of draft-ietf-t… Carlos Pignataro (cpignata)
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Carlos Pignataro (cpignata)
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Carlos Pignataro (cpignata)
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Gorry Fairhurst
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… touch@strayalpha.com
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard
- Re: [Int-dir] [tsvwg] Intdir early review of draf… Tom Herbert
- Re: [Int-dir] [tsvwg] Intdir early review of draf… C. M. Heard