Re: Can I set the UDP checksum to zero when running QUIC?
Martin Thomson <mt@lowentropy.net> Tue, 12 March 2024 22:57 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 379B2C14F5EC for <quic@ietfa.amsl.com>; Tue, 12 Mar 2024 15:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="lsjVSz7b"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="iguRAF5q"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-cHxbrZzNXO for <quic@ietfa.amsl.com>; Tue, 12 Mar 2024 15:57:37 -0700 (PDT)
Received: from wfout8-smtp.messagingengine.com (wfout8-smtp.messagingengine.com [64.147.123.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9FC5C14F5EB for <quic@ietf.org>; Tue, 12 Mar 2024 15:57:37 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.west.internal (Postfix) with ESMTP id 398C91C000D9 for <quic@ietf.org>; Tue, 12 Mar 2024 18:57:35 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Tue, 12 Mar 2024 18:57:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1710284254; x=1710370654; bh=fLwnPNbgRM UqGoob0gwFkVxMpoI3mW1MXBVFOX8T7+Q=; b=lsjVSz7bdSo3lgbT6zdZWERuKf q4rMiAWCj6isryBdLkQSFZwbfeNybINqZvX9hdtVFUQamDkXiPHEmjPHbMFLSK20 MzYONt81TfGHMBlyqgWDoGBEXRAdhnc9saKArPg89pxe+5QVr0q8SMtOKx/1Eq17 Fa9ABjHhkZ31zkwqn5044jie6sSUx49vcvBPi8Gomktr4b5+vmtBg6PdQgruC4pM KZuaFC3zoW2F3dqHY/1xgI59OsAMcrCqGqcZ/4gMfH/jU321PU6mLIj55yuRjIz5 KepQdoZlwxZHy+2nMdTg6YLWl5brpXTsepyuv0f77c5AWZhMsC5A3tOJZhlw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1710284254; x=1710370654; bh=fLwnPNbgRMUqGoob0gwFkVxMpoI3 mW1MXBVFOX8T7+Q=; b=iguRAF5qreR5S565lBgqI9O9hfJNydJJCcuPiyH+h8wZ Wb4WQYIkHxtWMTlFPYbpc99Er/Gso8Ho5lx5QaV0npAoB+18mrk+GqLli2+e7xEN XD2RzGu3kGL+Jpnh3KTRThoj7YAqI/5CUb4cFnI6tOcmDL0c6qlk5ETJot8miMzC 2QtvMuDuD0jl9czih85Ir9akzgmoM13kuzfhsonCRuz6hxdyJ+G5EPiRQQ2qO1n/ DqEt8vmPb/O/j0oN0x9NGYZ9teAnNIGkThsrnUlUMJlNyY/D60UrXPMvw1T4Ag80 IvTYk89K+QsC/MF5fap1WsXbHM7gxKhAOXf191lYDQ==
X-ME-Sender: <xms:3t3wZb96EjKuX6535sKnc-KSVfTBa1mjKve1U8M_xdfSY-re9Up2Ww> <xme:3t3wZXv5L_7ZUUDndBSBKh-R9f_cMSpYGFn2tcRXBI1_w9liaCRNONXyMZSC07sSv DJxmIYMP-yN1TFzlXc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrjeeggddtgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepueegjeejfffgudehjefgfe dtieegteejgefhuddvfeegueffheelffevhfektefhnecuffhomhgrihhnpehrfhgtqdgv ughithhorhdrohhrghdpihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:3t3wZZATVvNasy9Fwg13nD1hzfT3oqUpGsxJDX2v_bvO5pPJMbghQw> <xmx:3t3wZXcg3R4kVbM22yq08Rr_96zrSF7LON--LfgNV48q98_ZVSF5bw> <xmx:3t3wZQOBSSud0tyRpTV9XXXwUcOQswmj3byUtkax3cL6Zr5GVdF0Iw> <xmx:3t3wZZk834HwPyfbn3oaLu9REN2HXpZxaCU8hDX9-ETLwv6DHSlYMw> <xmx:3t3wZa0jNQcKwEQaEEvqkZYbhg45khzehHnvg00i83mngeO4SY8dbHkxR9E>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7CF182340080; Tue, 12 Mar 2024 18:57:34 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-251-g8332da0bf6-fm-20240305.001-g8332da0b
MIME-Version: 1.0
Message-Id: <0522153e-2492-46b9-a2ce-e29a479e79aa@betaapp.fastmail.com>
In-Reply-To: <6e69606a9d9443668dda4ee33bf8f825@huawei.com>
References: <6e69606a9d9443668dda4ee33bf8f825@huawei.com>
Date: Wed, 13 Mar 2024 09:57:14 +1100
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Re: Can I set the UDP checksum to zero when running QUIC?
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/HL3i3-B3HuOBkWRMVxwXqLgMLA4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 22:57:42 -0000
The question is more of a compatibility one than anything else. What, if anything breaks if you do this? As noted, there are contexts in which not computing the checksum works. So I guess the conclusion is that nothing breaks, so go ahead. QUIC doesn't depend on the checksum. All the cryptographic bits of QUIC use far stronger and more reliable mechanisms. On Tue, Mar 12, 2024, at 22:04, Shihang(Vincent) wrote: > Hi QUIC wg, > Since QUIC has strong encryption and integrity protection provided by > TLS 1.3. I wonder if the UDP checksum can be disabled(using UDP Zero > Checksum Mode https://www.rfc-editor.org/rfc/rfc6936 )to save the > computation just like in VXLAN(RFC7348 > <https://datatracker.ietf.org/doc/html/rfc7348#autoid-12>). > > Thanks, > Hang
- Can I set the UDP checksum to zero when running Q… Shihang(Vincent)
- Re: Can I set the UDP checksum to zero when runni… Martin Thomson
- Re: Can I set the UDP checksum to zero when runni… Christian Huitema
- RE: Can I set the UDP checksum to zero when runni… Shihang(Vincent)
- Re: Can I set the UDP checksum to zero when runni… Martin J. Dürst
- Re: Can I set the UDP checksum to zero when runni… Gorry Fairhurst
- Re: Can I set the UDP checksum to zero when runni… Christian Huitema
- Re: Can I set the UDP checksum to zero when runni… Gorry Fairhurst
- 回复: Can I set the UDP checksum to zero when runni… Shihang(Vincent)