Re: Eric Rescorla's No Objection on draft-ietf-6man-rfc1981bis-06: (with COMMENT)
Eric Rescorla <ekr@rtfm.com> Tue, 09 May 2017 13:02 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95EF5129C5D for <ipv6@ietfa.amsl.com>; Tue, 9 May 2017 06:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLk-POAmNDNe for <ipv6@ietfa.amsl.com>; Tue, 9 May 2017 06:02:11 -0700 (PDT)
Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90843127137 for <ipv6@ietf.org>; Tue, 9 May 2017 06:02:11 -0700 (PDT)
Received: by mail-yw0-x22c.google.com with SMTP id l14so22519460ywk.1 for <ipv6@ietf.org>; Tue, 09 May 2017 06:02:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dVjkRywPXj90Br5pp2eRm3PVJyuIohf6sUKPFw2Mb+Q=; b=mEKYsbNQPqjxFz+WNslxIEBBXJ8OlIVRJNfcRkz+/KhDZMMn7HwVCM+k0i2jxGVzD7 17Lxja8lhaosFHN2o7zXrCtTytXJHLFHpqHWQxeYrorVThkytzB1PhVsHpx+X6WXGMem cT30qLkbFgx5kw1oo5Z2mhe2auS5mtMSctspg81/1NleONGLxSdQYqV6FEpdgUHkJmVd rlgMZPO5n0Rks4ltQKHcUsr8vhmWW8uwB8bQtCoheETl3dfg6U7NLlPOezt3ApWTx9Gc IqQy1z28UAg9dmgS807fOO7Y07FTnhAVLZvF32qFkU1O1+1h60XNZWcxfGiKDK79RcGP FYqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dVjkRywPXj90Br5pp2eRm3PVJyuIohf6sUKPFw2Mb+Q=; b=VJQyZniv4v2keybgYt4ARboR4HPkmdiK0/TLT435t3JcfzZgrsvOGOrDs+1jtJ961r lDuhhJ222BRHy6LKDSHXuFYotTtkWYwq3Xu6UXU0clQg6rO0/ffLKXMFXe6ho8Eu+tk7 ccn2A00AmG5qB7R3DzxGJF9nn0o7LXHTktItvTOdATPiEyNGB/79TqnQiKKWfdklZDjd lHKwfem8WD2f+6cdhEcbhqwfkvkJLNyYg2Vgh0/cmxx2CTusWfZ8k9EUOKGuw0gcPYKB pDNokL8xpItHTY646gfhaZ5v+IlPbdaVjxpl2ufINZVAQDG/+lOCrDPeue2E8iJ/AfA7 w7UA==
X-Gm-Message-State: AN3rC/7Yv7NxzIm1XyOoYO9Eblb0YwOOX3UqP8U9yveOSqTHzRhEvcvz HhfUji3iLqUrjlc9SlNiiB//b3wvqQ==
X-Received: by 10.13.245.2 with SMTP id e2mr56629518ywf.270.1494334930726; Tue, 09 May 2017 06:02:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.131.150 with HTTP; Tue, 9 May 2017 06:01:30 -0700 (PDT)
In-Reply-To: <CA+MHpBpb1VsnCo6Xm4ZBfhWTutEP3wGdM2Cao8nUTZfiT02Pcw@mail.gmail.com>
References: <149424843717.31731.1944317631050418426.idtracker@ietfa.amsl.com> <CA+MHpBpb1VsnCo6Xm4ZBfhWTutEP3wGdM2Cao8nUTZfiT02Pcw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 09 May 2017 06:01:30 -0700
Message-ID: <CABcZeBOL8y5wP=GdnTcxN+Jt3c0N7BsbOc_Qc1j9RWQeaYscTA@mail.gmail.com>
Subject: Re: Eric Rescorla's No Objection on draft-ietf-6man-rfc1981bis-06: (with COMMENT)
To: Suresh Krishnan <suresh.krishnan@gmail.com>
Cc: The IESG <iesg@ietf.org>, Ole Trøan <otroan@employees.org>, 6man-chairs@ietf.org, IPv6 List <ipv6@ietf.org>, draft-ietf-6man-rfc1981bis@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c08763ab8cb8a054f16f642"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YkR6158ZeEYqybAyZECsuQFBnxs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 13:02:15 -0000
On Mon, May 8, 2017 at 9:20 PM, Suresh Krishnan <suresh.krishnan@gmail.com> wrote: > Hi Ekr, > Thanks for your comments. Please find responses inline. > > On Mon, May 8, 2017 at 9:00 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > Eric Rescorla has entered the following ballot position for > > draft-ietf-6man-rfc1981bis-06: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. > html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-6man-rfc1981bis/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Document: draft-ietf-6man-rfc1981bis-06.txt > > > > OVERALL > > I see in the shepherd's writeup that you have opted not to cite RFC > > 2119, but that makes the mixed case use of SHOULD/MUST even more > > confusing. I would suggest that at minimum you go through the document > > and evaluate whether each should/must should be capitalized, though I > > would prefer a cite to 2119. > > > > For instance: > > changed. Therefore, attempts to detect increases in a path's PMTU > > should be done infrequently. > > > > Is this normative? > > > > > > I also share the concerns others have raised about whether, given the > > actual state of PMTU this is something we should be making IS, but > > I'm willing to bow to the majority here. > > This was certainly one of the things I considered. There is not too > much measurement to back the claims that PMTUD is completely broken. > The only reasonably sized study that I know of > > http://www.nlnetlabs.nl/downloads/publications/pmtu- > black-holes-msc-thesis.pdf > > shows about ~1% packet loss in ICMPv6 PTB messages compared to about > 4-6% for ICMPv4 PTB messages. > OK. > > > > S 4. > > > > Nodes SHOULD appropriately validate the payload of ICMPv6 PTB > > messages to ensure these are received in response to transmitted > > traffic (i.e., a reported error condition that corresponds to an > > IPv6 > > packet actually sent by the application) per [ICMPv6]. > > > > This seems like it ought to be a MUST. Is there a good reason why > > it is not? Perhaps also a cite to how one validates. > > This is directly derived from Section 5.2 of RFC4443. > > "It is recommended that the upper layers perform some form of > validation of ICMP messages (using the information contained in the > payload of the ICMP message) before acting upon them." > > This was precisely the text that made me worried that this is adding a > new requirement. As long as we stick to the requirement level of > ICMPv6, we are OK. If we want to change this to a MUST, I think we > need to demote this to Proposed Standard. So, I see your point as a process point, but given that this actually is a security condition, doesn't this suggest that the document does not perhaps meet the "no known technical omissions" requirement for PS, let alone the bar for IS? > > When a node receives a Packet Too Big message, it MUST reduce its > > > > a valid Packet Too Big message, I think because in graf 2 you say you > > should validate. > > > > > > elicit Packet Too Big messages. Since each of these messages (and > > the dropped packets they respond to) consume network resources, the > > node MUST force the Path MTU Discovery process to end. > > > > It's not clear to me what the requirement is. > > > > Nodes using Path MTU Discovery MUST detect decreases in PMTU as fast > > as possible. Nodes MAY detect increases in PMTU, but because doing > > > > Same thing, what are you requiring. How could I be nonconformant to > > this? > > I see this as stating that detecting PMTU increases is optional and > detecting PMTU decreases is mandatory. I agree that this text could be > clarified Sorry, I'm concerned about "force to end" and "as fast as possible". For instance, suppose that I have an implementation of IPv6 which uses message queues to process all incoming packets, and I receive in order an IPv6 datagram and an ICMPv6 Packet Too Big datagram before I can process either. Am I required to have the ICMPv6 datagram jump the queue. That would be consistent with "as fast as possible" > > > > > S 5. > > This section discusses a number of issues related to the > > implementation of Path MTU Discovery. This is not a specification, > > but rather a set of notes provided as an aid for implementers. > > > > However, this section contains a lot of normative language. Is that all > > non-normative? > > Yes. That is the intention (no normative text here). But it's full of things which sound normative. They should perhaps all be rewritten in some way? > > S 5.3. > > If the stale PMTU value is too large, this will be discovered almost > > immediately once a large enough packet is sent on the path. No such > > mechanism exists for realizing that a stale PMTU value is too small, > > so an implementation SHOULD "age" cached values. When a PMTU value > > has not been decreased for a while (on the order of 10 minutes), the > > PMTU estimate should be set to the MTU of the first-hop link, and > > the > > packetization layers should be notified of the change. This will > > cause the complete Path MTU Discovery process to take place again. > > > > Is this really good advice for TCP? It seems like if you have a > > situation where it required several attempts to get the true PMTU (for > > instance, if you have successively narrower tunnels), then a PMTU > > reset could have a pretty material impact on throughput. > > There is some TCP related implementation advice in Section 5.4. > Basically, a TCP implementation will not send a packet larger than MSS > received from the peer even if the PMTU is larger. > Sure, but that doesn't mean you can't exceed the PMTU. > > S 6. > > dropped. A node, however, should never raise its estimate of the > > PMTU based on a Packet Too Big message, so should not be > > vulnerable to this attack. > > > > I get that this is now not a normative statement but rather a claim > > about what nodes who follow the MUST NOT in S 4, but it might still > > be better to make it a MUST to avoid confusion. > > How about s/should/will/? That leaves it as a statement of what the > node does and not a normative statement. > SGTM. -Ekr > > Thanks > Suresh >
- Eric Rescorla's No Objection on draft-ietf-6man-r… Eric Rescorla
- Re: Eric Rescorla's No Objection on draft-ietf-6m… Suresh Krishnan
- Re: Eric Rescorla's No Objection on draft-ietf-6m… Eric Rescorla
- Re: Eric Rescorla's No Objection on draft-ietf-6m… Bob Hinden
- Re: Eric Rescorla's No Objection on draft-ietf-6m… Eric Rescorla
- Re: Eric Rescorla's No Objection on draft-ietf-6m… Bob Hinden