Re: [tcpm] [Fwd: New Version Notification for draft-gomez-tcpm-ack-rate-request-02.txt]

Jon Crowcroft <Jon.Crowcroft@cl.cam.ac.uk> Wed, 23 March 2022 09:18 UTC

Return-Path: <Jon.Crowcroft@cl.cam.ac.uk>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 541263A14EE for <tcpm@ietfa.amsl.com>; Wed, 23 Mar 2022 02:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cl.cam.ac.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4DYQ_jKwVW2q for <tcpm@ietfa.amsl.com>; Wed, 23 Mar 2022 02:18:29 -0700 (PDT)
Received: from mta1.cl.cam.ac.uk (mta1.cl.cam.ac.uk [IPv6:2a05:b400:110::25:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CB893A14E8 for <tcpm@ietf.org>; Wed, 23 Mar 2022 02:18:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cl.cam.ac.uk; s=mta3; h=Message-Id:Date:Content-Transfer-Encoding: Content-ID:Content-Type:MIME-Version:References:In-reply-to:Subject:cc:To: From:Sender:Reply-To:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=vC4ngEidoO7X2RBF7qp01W5kfsBHZgDiN9wK+y0Gof8=; t=1648027109; x=1648891109; b=jdVucVezjBoZjMNpNu7kp6ox/wRN9bmExMsqNnc80NSYfo/U2uv4qxR7xzfD5RXLv7mn7NGD0YZ +qTFy6SsFoKvjrM6N8qxaGzigvxEkhU/HB7sGv+Zi6tJgw95bHYRjGvS5+QbS4+JNAtWkpqObkiKc xwWLB1KKTgxsZxdjupynW9RGJ71QW1rqiC8rr+zXMNIvoFL9x5fesohm9gbtxqNmzJgsbrmw38Bea tfJyLMvLacdOUZvWmL/22WHx8gd49HX8MOIddMYQIwXLtXkNqgBC4DPf/HosyMHZ+WFk/VEboJVMB lF1UQQcSg2EoS28zu8Vka8yrhbiy6L20d3Rw==;
Received: from slogin-new.cl.cam.ac.uk ([2a05:b400:110::22:98] helo=svr-ssh-0.cl.cam.ac.uk) (dnseec=no) by mta1.cl.cam.ac.uk:587 [2a05:b400:110::25:1] with esmtp (Exim 4.94) id 1nWx8A-0002bk-6f (envelope-from <Jon.Crowcroft@cl.cam.ac.uk>); Wed, 23 Mar 2022 09:18:14 +0000
From: Jon Crowcroft <Jon.Crowcroft@cl.cam.ac.uk>
To: Bob Briscoe <ietf@bobbriscoe.net>
cc: Carles Gomez Montenegro <carlesgo@entel.upc.edu>, tcpm@ietf.org, jon.crowcroft@cl.cam.ac.uk
In-reply-to: <ab51c2a0-04f8-aebf-2005-42973e74f51a@bobbriscoe.net>
References: <a7c8b301b51270e146481e65cffba6c7.squirrel@webmail.entel.upc.edu> <e478e70d-e5bb-9089-f0b5-392038bc4c87@bobbriscoe.net> <39aeaa5e98cd99288d2f43ea6504d22f.squirrel@webmail.entel.upc.edu> <ab51c2a0-04f8-aebf-2005-42973e74f51a@bobbriscoe.net>
Comments: In-reply-to Bob Briscoe <ietf@bobbriscoe.net> message dated "Tue, 22 Mar 2022 18:27:01 +0000."
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-ID: <2605902.1648027094.1@svr-ssh-0.cl.cam.ac.uk>
Content-Transfer-Encoding: 8bit
Date: Wed, 23 Mar 2022 09:18:14 +0000
Message-Id: <E1nWx8A-0002bk-6f@mta1.cl.cam.ac.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/VqQSdcLXnbf-NXW83aPCLXJIJ2A>
Subject: Re: [tcpm] [Fwd: New Version Notification for draft-gomez-tcpm-ack-rate-request-02.txt]
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 09:18:38 -0000

thanks very much for this detailed review/feedback....

I wasn't sure about the ignore order thing either....
> 
> 
> I would support this draft being adopted (as I've said numerous times
> before).
> 
> 
> 
> I believe I agree with everything you've proposed (except the one I 
> mention
> below), and it's good to give the WG two options for how best to proceed 
> on
> the encoding.
> 
> 
> 
> The one I'm unsure about is Ignore Order, 'cos I haven't seen anything 
> that
> says what the benefit is (there might be one, I just haven't seen it). If
> there is little benefit, we could remove the I flag. "Do one thing, and do
> it well"
> 
> 
> 
> It hits the problem of scarce option space on the SYN, so I would suggest
> it goes forward as an independent option, but that it is also a candidate
> for being aggregated in draft-nishida-tcpm-agg-syn-ext, if that ever goes
> anywhere. You might want to mention these two possibilities (I don't think
> they are mutually exclusive).
> 
> 
> 
>    Review comments for draft-03:
> 
> 
>      §3.1 Sender behavior
> 
>    A TCP sender MUST NOT include the TARR option in TCP segments to be
>    sent if the TCP receiver does not support the TARR option.
> 
> 
> This is semi-redundant, because in general a host that doesn't recognize
> any TCP option ignores it [RFC2211; §4.2.2.5]. But it is OK to say it
> anyway, I guess.
> 
> 
>     Ignore Order field
> 
> Nitty point: Can 1 bit be called a field?:
> s/I field/I flag/ (throughout)?
> 
> 
>      §3.2 Receiver behavior
> 
> 
>    A receiving TCP conforming to this specification MUST process a TARR
>    option present in a received segment.
> 
> 
> You could delete this para. Given the next para says it doesn't have to
> honour a request, mandating that it just 'processes' a request is rather
> pointless.
> 
> 
>    If packet reordering occurs, a TCP receiver should send an immediate
>    duplicate ACK when an out-of-order segment arrives [RFC2581  
> <https://datatracker.ietf.org/doc/html/rfc2581>], thus in
>    such cases the TCP receiver will not comply with the request.
> 
> 
> It's a bit odd to say a compliant receiver doesn't comply. Suggest reword
> to say that complying with TARR protocol still requires host to dupACK
> out-of-order packets immediately. BTW, I assume the rcvr can still reset
> its counter, and send the next feedback R packets after the immediate ACK.
> 
> 
> Also s/RFC2581/RFC5681/ (updated)
> 
> 
>      §4 Option Format
> 
> 
> 
> FWIW, for the semantics of the R field, I prefer OPTION 2, 'cos it's much
> more future-proofed, and doesn't require a check for the special value of
> zero. (You might want to make it clear that these options are only there
> while the IETF decides which one to use. They will not be two alternatives
> if the RFC is published.)
> 
> 
> 
> I still don't see a rationale for the 'Ignore Order' facility. I 
> understand
> how it would work, but you need to say what benefit it would offer (or
> otherwise remove it). If we didn't have Ignore Order, you could have one
> more bit for the mantissa of R (or for the integer encoding).
> 
> I like the V field (flag?).
> 
> 
>      §5 Changing during a connection
> 
>     when conditions are rather stable ... for the whole lifetime of a
>    TCP connection
> 
> 
> Isn't this an oxymoron? A flow has to start, and until it has become
> stable, it's always not stable. And a flow doesn't know that conditions 
> are
> going to be stable until they have been for some time. The reason I'm
> saying this is, say a flow could work well with R = 20 once its stable. I
> doubt it could get up to speed very well with R=20.
> 
> 
> 
>      §7 Security Considerations
> 
>     An attacker might be able to impersonate a legitimate sender,
> 
> 
> 
> It would be worth saying that, if an attacker can impersonate a legit
> sender, it can mount all sorts of more harmful attacks, so it would be
> necessary to consider only any *new/worse* vulnerabilities that TARR would
> open up as well as those already there from hijacking.
> 
> 
> 
> In this section, it ought to point to the justification for making use of 
> R
> optional in §3.2. (Most reviews of drafts by the Security Area expect 
> them
> to only read the Security Considerations section, so it's common to point
> to other parts of the draft they need to read.)
> 
> 
> 
> Bob
> 
> On 21/03/2022 18:36, Carles Gomez Montenegro wrote:
> 
>     Hi again, Bob,
> 
>     Thanks as well for this third message of yours.
> 
>     Please find below my inline responses:
> 
> 
>         Carles,
> 
>         I've written a few of my review comments about
>         draft-gomez-tcpm-ack-rate-request-02 in the two recent threads 
> about
>         this draft. Here are the remainder...
> 
>     Thank you very much for your comprehensive feedback!
> 
> 
>         I think it would be useful at this stage to describe the pros and 
> cons
>         of one or two alternative encoding schemes, rather than just 
> assert one
>         scheme.
> 
>     In -03 they are briefly described (as "OPTION 1" and "OPTION 2").
> 
>     The first encoding is simple, but it is limited to a maximum value of 
> 63.
> 
>     The second encoding is more complex, but it covers a greater range of
>     values, with a maximum value of 1024 and lower granularity for high
>     values.
> 
> 
>         I don't believe the message can have the meaning "The receiver 
> MUST
>         modify its ACK rate to..." A TARR message can only be advisory (a
>         request not an order), because the receiver might not have the 
> resources
>         to send ACKs as often as requested. Also, it would be an obvious 
> attack
>         (e.g. everyone gangs up on a server by disabling delayed ACKs and
>         uploading loads of data). If the receiver does not comply it 
> doesn't
>         need to explicitly refuse the request, it just sends as 
> frequently as it
>         can in response.
> 
>     Agreed. In -03, this was modified to a SHOULD. We also added reasons 
> why
>     it is not a MUST, as per your comment above.
> 
> 
>         ==Capability negotiation==
>         * The description of the handshake isn't complete. It only 
> describes the
>         SYN, not the SYN-ACK.
> 
>     Agreed. We have described the SYN-ACK now.
> 
> 
>         * It occurs to me that initiating on the SYN isn't really 
> necessary,
>         because DelACKs do not start until after the SYN-ACK. Given lack 
> of
>         space on the SYN, how about saying the TARR option MUST NOT be on 
> a SYN.
>         If the server supports TARR, it includes the TARR option on the 
> SYN-ACK,
>         and it doesn't send any further TARR until it has seen a TARR 
> option
>         from the client.
>         if the client supports TARR, it SHOULD respond with the TARR 
> option on
>         the first ACK and the first data packet (if there is one).
> 
>         If you don't like this, second-best would certainly be to 
> aggregate with
>         other options on the SYN (as in Yoshi's presentation), given 
> option
>         space on the SYN is so scarce.
> 
>     Thanks for the proposal. It makes sense. Perhaps it would be good to 
> know
>     what others may think about it, and we plan to ask in the tcpm meeting
>     about it.
> 
> 
>         The scheme should define the semantics of a TARR message from 
> sender to
>         receiver. Does it mean "for this packet only" or "from this packet
>         onwards until another TARR packet"?
> 
>     It means the latter. We have clarified it in section 3.
> 
> 
>         Also, does a retransmission have to
>         have the same TARR option on it as the original (I would say not)?
> 
>     Agreed, our answer is "no". Added in section 3.
> 
> 
>         I notice you've stipulated that the TARR option is in the TCP 
> header of
>         a data packet. Is there any reason to preclude one on a pure ACK?
>         Admttedly TARR on an ACK doesn't seem so useful, but if you do 
> preclude
>         it, code has to exist to specifically ignore TARR on a pure ACK, 
> which
>         seems to add unnecessary complexity.
> 
>     Agreed. We removed the specific mention of "data" in "data packet".
> 
> 
>         I don't think the units should be "per full-sized data segment". 
> They
>         should just be "per data segment".
> 
>     We applied this update.
> 
> 
>         Security Considerations:
>         I'm not sure there's much point strongly recommending TLS in this 
> doc,
>         then saying it doesn't protect the TCP headers.
> 
>     Actually, we aimed to provide a general picture for a reader, and
>     precisely then explain that TLS won't help protect the TCP headers.
> 
> 
>         As well as IPsec, you
>         could mention the TCP Authentication Option.
> 
>     Agreed. Added in -03.
> 
> 
>         I think you are entitled to
>         say that it is still relatively hard for an off-path attacker to 
> hijack
>         an unprotected TCP session. It would be worth recommending that 
> RFC5961
>         is used to check packet validity. And say that TARR option MUST be
>         ignored on a packet that is deemed invalid.
> 
>     Agreed. Added in -03 as well.
> 
> 
>         I've briefly collected together points I've made in other threads 
> here:
>         * N is redundant. There's no need to request immediate ACKs for N
>         packets, when the sender can send an updated TARR request after N 
> packets.
>         * Rather than make R=0 have the special meaning of ACK every 
> packet,
>         ack-ratio = 1 already means that. So just define ack-ratio = R+1
>         * Lower precision would be sufficient for higher ack ratios.
>         * With a 6-bit field, could encode R as 4-bit mantissa plus 2-bit
>         exponent, in base 4 or base 16.
>           Â  o Then you'd have 2 bits spare, perhaps one for the "ignore
>         reordering" flag (I) and one reserved for future use (always 
> nice).
>         * With the "ignore reordering" flag (I), I think the semantics of 
> loss
>         detection would need to be redefined.
> 
>     I believe all the points above have been covered, pending the Ignore 
> Order
>     discussion mentioned.
> 
> 
>         HTH
> 
>     It does!!
> 
>     Once again, many thanks,
> 
>     Carles
> 
> 
> 
>         Bob
> 
> 
> 
> 
> --
> ________________________________________________________________
> Bob Briscoehttp://bobbriscoe.net/
>