IETF Logo Mail Archive

[tcpm] draft-ietf-tcpm-experimental-options

"Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com> Fri, 22 February 2013 20:54 UTC

Return-Path: <jamshid.mahdavi@bluecoat.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00F4321F8EE3 for <tcpm@ietfa.amsl.com>; Fri, 22 Feb 2013 12:54:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NOFOF6tPiSTV for <tcpm@ietfa.amsl.com>; Fri, 22 Feb 2013 12:54:07 -0800 (PST)
Received: from plsvl-mailgw-01.bluecoat.com (plsvl-mailgw-01.bluecoat.com [199.91.133.11]) by ietfa.amsl.com (Postfix) with ESMTP id A502721F87AA for <tcpm@ietf.org>; Fri, 22 Feb 2013 12:54:07 -0800 (PST)
Received: from pwsvl-exchts-03.internal.cacheflow.com (pwsvl-exchts-03.bluecoat.com [10.2.2.160]) by plsvl-mailgw-01.bluecoat.com (Postfix) with ESMTP id 7253B81A0AE for <tcpm@ietf.org>; Fri, 22 Feb 2013 13:01:59 -0900 (AKST)
Received: from PWSVL-EXCMBX-04.internal.cacheflow.com ([fe80::c596:c77:dd67:b72d]) by pwsvl-exchts-03.internal.cacheflow.com ([fe80::a508:17dc:1550:e9f6%12]) with mapi id 14.01.0355.002; Fri, 22 Feb 2013 12:54:06 -0800
From: "Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com>
To: "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: draft-ietf-tcpm-experimental-options
Thread-Index: Ac4RN3UDu/G7H2JITH6LXAHQ4WqGxg==
Date: Fri, 22 Feb 2013 20:54:05 +0000
Message-ID: <DF29671EFBFC454E984F5A1AD4834F491E7B02EA@pwsvl-excmbx-04.internal.cacheflow.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.2.2.106]
Content-Type: multipart/alternative; boundary="_000_DF29671EFBFC454E984F5A1AD4834F491E7B02EApwsvlexcmbx04in_"
MIME-Version: 1.0
Subject: [tcpm] draft-ietf-tcpm-experimental-options
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2013 20:54:21 -0000

I have reviewed this proposed draft.  I don't believe that commercial vendors who have TCP option needs would view this as changing the current landscape at all.  If your intent is to provide a new alternative that "cooperating protocol designers" could use, in my opinion this is not meeting the need.

(If your intent is just to make it safer and easier to use the experimental TCP options for actual experiments, you can ignore the rest of this email.)

The draft claims that experimental TCP options are
          "intended to be used both in controlled environments and in are allowed in public deployments (when not enabled as default) [RFC3962]"
(Side note:  typo "in", and the citation is wrong, it should be 3692.)

However, that goes against other documentation - for example these statements in 3692:

"Mutually consenting devices could use these numbers for whatever purposes they desire, but under the understanding that they are reserved for generic testing purposes" (i.e. not for production use)

"They are not intended to be used in general deployments or be enabled by default in products or other general releases."  (my reading of that has always been, "not intended for use in the public Internet")

And, on the IANA assigned numbers:

"RFC3692-style Experiment 1 (also improperly used for shipping products)" - clearly implying these are not intended for use in commercial products.

Finally, the draft itself implies the experimental option usage is still intended to be temporary in the discussion "Migration to Assigned Options".
(Another side note:  I'd have concerns about implementing the proposed migration mechanism in practice due to the creation of extra connections which would just be dropped.)

In the absence of a better solution, a vendor may find using an experimental option to be preferable to squatting somewhere else in the option space, but this draft in its current form does not really appear to change any of the underlying rules which suggest experimental options are not intended for this type of use.

One other suggestion for the draft:  it might merit a word or two in the security considerations how this draft might affect the firewall processing of TCP options 253 and 254.  Having the IANA registry suggested elsewhere in the thread would actually help firewalls to have better visibility into the contents of these options to be more selective about what to allow.

--Jamshid

v2.23.0 | Report a Bug | By Email