IETF Logo Mail Archive

Re: [tcpm] AccECN field order

Yoshifumi Nishida <nsd.ietf@gmail.com> Mon, 15 February 2021 06:28 UTC

Return-Path: <nsd.ietf@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42CAD3A0BFC for <tcpm@ietfa.amsl.com>; Sun, 14 Feb 2021 22:28:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lI5gf_B7idp8 for <tcpm@ietfa.amsl.com>; Sun, 14 Feb 2021 22:28:00 -0800 (PST)
Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0E953A0BFA for <tcpm@ietf.org>; Sun, 14 Feb 2021 22:28:00 -0800 (PST)
Received: by mail-qk1-x735.google.com with SMTP id t62so5531591qke.7 for <tcpm@ietf.org>; Sun, 14 Feb 2021 22:28:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WQdHRCEHEWpjqSj9QOAygbg0Gk75IkPAXSaY0byzUHg=; b=Sbmr3Z1QRXPtqWCzo0FKT4sHGxKM6rAkw0MZUrcmftvzIQWcl1+47+csjyjmsf4FzF 6VWcZpkRzEd0D8KulFOj5KLW7ImjwngweTQ4ovBA8NU09Z/uVlnIaN6MbqJXAiSv1sLe TnhqUCBfTGPJeAmWXlclAPMWa7mnNORwkZ3bmgQR7LBfM9MEAolIuiS9SxWYuL+M2kqj 2hrBfmP70aLg9xk7jSV41qU/ZQimJdqGqOAEooZ3TsWe9BB87dGy7uUPRolIkwS6M8cn gZz2wEsYsIPsFH8OuhpBaNUcd/5Rjqy/HEVkFC/DwpguQG2NbvAnjGLP8YzyDSygM1IS /dKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WQdHRCEHEWpjqSj9QOAygbg0Gk75IkPAXSaY0byzUHg=; b=njSthNV+3m2uBSVDrZ1Frm3zKqL+Fsk1TaW10wVss1kl588xsdVpjRlW1YWAPR2lXq 4YQJU+v1cHEhxKtEWfXbk/PejVlhBWDXbTDqrGfoJvEV2zy/qZTbvCMmcO1sBMijLf+U kdy7lfv97WGoSPunm8bAJfrYEUUTIX04EFR2udSLV52JlWXXWaM6lz9Gq0d69KySi2n6 qvC/JgArpAJjnt8xT1WP7rnO7WMlCcdrwd0EegVgblxuxGRktNA1y7TFpxBTX6IiF5Zd h7Cqo6PFHEM29zNVsH+Op+iXp33YY7xpmA3v41M8wQD2gr3PfeQtyPQQ2d7pP9eWf+ID YkXA==
X-Gm-Message-State: AOAM531k0+N5gotDvnf4nF+mW7C7NCstcQ/NOoctptWP7JLKHEZggca0 SwKRX29mve4yzhIVeimiE2vucOPDLe8SkOQ7bTg=
X-Google-Smtp-Source: ABdhPJwNcW3PuwinTsloIh0a++nHXCPtbbbKeSh5oeE4f+7U6hKl02oZZNfs0Q/eflwMDw25If+JshJXewRij28+s5I=
X-Received: by 2002:a37:542:: with SMTP id 63mr13841970qkf.8.1613370479716; Sun, 14 Feb 2021 22:27:59 -0800 (PST)
MIME-Version: 1.0
References: <42eee5b7-fc0d-9576-c2ab-128706611a96@bobbriscoe.net> <279fb3d5-0000-f704-d88f-08ab0fa9e83a@bobbriscoe.net> <CAAK044TtbFWjb-msj3rA6vE+ZB99O1qAwhUFwzD2+rehzX9a7Q@mail.gmail.com> <9bdf71e9-4af0-f5ee-f2f7-e63349956500@bobbriscoe.net> <b3ae297684b04461be4e5ef5bbe3c83a@hs-esslingen.de> <f881b3e1-20e7-8533-1003-d22a69929f62@bobbriscoe.net> <30781ea61a794131beafe9997ed9221a@hs-esslingen.de> <1c927b36-7228-91f3-4d58-6f3545c88a57@bobbriscoe.net> <5c3c4661887c43529b35bd5f47d10c2b@hs-esslingen.de> <CADVnQynjc=fhTR_T29xP4r=945GtRJ8oBkRHCvpHraxb_a1ZCA@mail.gmail.com> <B7ED67D5-B5BE-4D42-8A48-06B9DD987749@kuehlewind.net> <SN4PR0601MB37286EB6FAA56C9E5293638086FC0@SN4PR0601MB3728.namprd06.prod.outlook.com> <381499f5-3333-08c5-2ffd-fba77e027795@bobbriscoe.net> <ffc499d2760a43a684543581a69b93f4@hs-esslingen.de> <1e61a7d3-b6be-d995-4fc2-777bc2d5d5fe@bobbriscoe.net> <CAAK044TeRk20+VzNzbZ-5PPj5cBxujbvg-XYEGYsOeup+DWzpQ@mail.gmail.com> <298c8924-c751-8f08-0caa-6d5eeaf293ac@bobbriscoe.net>
In-Reply-To: <298c8924-c751-8f08-0caa-6d5eeaf293ac@bobbriscoe.net>
From: Yoshifumi Nishida <nsd.ietf@gmail.com>
Date: Sun, 14 Feb 2021 22:27:48 -0800
Message-ID: <CAAK044QH=brxs5mY59NHK62qJ407i+tS2DKKxoPpKN1rB=nMLg@mail.gmail.com>
To: Bob Briscoe <ietf@bobbriscoe.net>
Cc: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>, "Scheffenegger, Richard" <Richard.Scheffenegger@netapp.com>, Mirja Kuehlewind <ietf@kuehlewind.net>, tcpm IETF list <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000055abff05bb5a169c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/Xk8sqfQoshh-MNMrVkzEWRFKcAo>
Subject: Re: [tcpm] AccECN field order
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 06:28:03 -0000

On Fri, Feb 12, 2021 at 3:05 PM Bob Briscoe <ietf@bobbriscoe.net> wrote:

> Yoshi,
>
> On 12/02/2021 17:49, Yoshifumi Nishida wrote:
>
>
> On Thu, Feb 11, 2021 at 1:33 PM Bob Briscoe <ietf@bobbriscoe.net> wrote:
>
>>
>>
>> On 09/02/2021 17:56, Scharf, Michael wrote:
>> > Bob,
>> >
>> >> -----Original Message-----
>> >> From: Bob Briscoe <ietf@bobbriscoe.net>
>> >> Sent: Tuesday, February 9, 2021 5:58 PM
>> >> To: Scheffenegger, Richard <Richard.Scheffenegger@netapp.com>; Mirja
>> >> Kuehlewind <ietf@kuehlewind.net>; Scharf, Michael <Michael.Scharf@hs-
>> >> esslingen.de>
>> >> Cc: tcpm IETF list <tcpm@ietf.org>
>> >> Subject: Re: AW: [tcpm] AccECN field order
>> >>
>> >> Richard,
>> >>
>> >> I just noticed I missed the last para of the old email from you below.
>> >> Response inline, tagged [BB]...
>> >>
>> >> On 23/11/2020 12:42, Scheffenegger, Richard wrote:
>> >>> I am also in favor of using two distinct option codes.
>> >>>
>> >>> However,
>> >>>
>> >>>> Or I guess we could say that only one option should be used for a
>> >> connection.
>> >>> I am opposed to this - with two option codes, a sender should be free
>> to
>> >> choose whichever he prevers at any one point; For example, if the
>> sender a
>> >> segment (e.g. may be the receiver side)  has to update the EE1 couter,
>> but
>> >> also convey SACK information, it would be good to use the one, where
>> the
>> >> EE1 field is first, and omit all remaining fields;
>> >>> Later in the same connection, that very same host may choose to update
>> >> the CE field together with some SACK information, and use the other
>> >> codepoint in order to preserve as much TCP option space for the SACK
>> >> option...
>> >>
>> >> [BB] I agree with you here (and disagree with Mirja below). The nice
>> >> thing about 2 options kinds is they are self-describing, so they can be
>> >> stateless (for instance, consider the code you would have to otherwise
>> >> add for when a host switches to a different congestion control module -
>> >> a lot of complexity despite being unlikely to happen).
>> >>
>> >>>
>> >>> As for extensibility: I would want to avoid that topic, and just
>> specifiy the
>> >> three correct supported lengths here, and not mention (other than
>> ignoring
>> >> "odd" fractionals of the 3-byte wide counters) what happens with other
>> >> lengths...
>> >>
>> >> [BB] A protocol spec should surely say what to do with unexpected
>> >> inputs. Not specifying this is one of the main reasons we have such
>> >> trouble changing things later - because we discover some implementers
>> >> handled the unexpected in different ways to others (e.g. ignore, vs RST
>> >> the connection), and others only handled expected inputs and didn't
>> even
>> >> think to check for anything else.
>> >>
>> >> So, I believe we have to either say "reset the connection" or "ignore",
>> >> in response to an unexpected option length. I figure that, if there's
>> no
>> >> harm in ignoring something unexpected, then why not ("liberal in what
>> >> you receive" principle).
>> >>
>> >> Earlier in this thread, Michael Scharf pointed out that there is some
>> >> potential harm here (covert channel of up to 29B), but I pointed out
>> >> that TCP/IP has plenty of other ways of creating covert channels, so
>> >> we're not really adding to any problem here. But I did say that we
>> would
>> >> highlight the covert channel in the Security Considerations section, so
>> >> the Sec Area has a chance to object. If it raises as serious concern,
>> >> then we should switch from "ignore" to "reset", But I doubt it will.
>> > I think we first have to come to the conclusion *inside* TCPM whether
>> such a new covert channel is actually acceptable.
>> >
>> > Existing covert channels do not at all imply that a new covert channel
>> is a good idea (and, IMHO, 29B per packet is a lot). Network administrators
>> and operators know how to deal with the existing problems in TCP/IP. Adding
>> any new security issue needs careful reasoning.
>> >
>> > As individual contributor to TCPM, I believe that this covert channel
>> must just be removed from the next version of the draft. At least I don't
>> need other opinions to come to this personal conclusion.
>> >
>> > If this was less obvious others in the WG, TCPM could ask for an early
>> SECDIR review to get further guidance ASAP. Then this question can be
>> sorted out while we finish the protocol.
>> >
>> > If TCPM needs any external input on covert channels, I think an early
>> SECDIR review would be a much better approach compared to having a security
>> discussion during IETF last call. We are here discussing a standards track
>> extension of one of the core Internet protocols. In such a case, at least
>> in my view on IETF processes, other IETF areas can expect that TCPM ties to
>> deal with known open issues within the WG as far as possible, i.e., before
>> they see a "stable" specification in the IETF last call.
>> >
>> > In a nutshell:
>> >
>> > -1 on leaving this question open until IETF last call
>>
>> [BB] That's a perfectly reasonable process proposal.
>>
>> I just wanted to add that there are not just 2 choices: the WG (with
>> advice from SEC area if necessary) is free to limit the bandwidth of
>> this covert channel anywhere between 0 and 29B per packet by simply
>> limiting how much extensibility the protocol allows the option length
>> field to offer, with a 0B covert channel corresponding to no
>> extensibility.
>>
>
> OK. Michael.S abstains from the decision for SECDIR review, but other
> co-chairs think this is an important point to be checked.
> So, if there's no specific opposition, we would like to ask for SECDIR
> review before WGLC.
>
> Do authors want to update the draft beforehand to add some more
> clarifications or are there any other thoughts on this?
>
>
> [BB] The current draft could probably go to SECDIR review as it is.
> However, I have a few edits already done in my local copy, and a todo list
> of a few more, which I could try to get done in the next few days. Then
> I'll post a rev. So I guess it might as well wait a few days for those
> updates.
>
> Agree?
>

Yes, works for me.
Thank you so much!
--
Yoshi

v2.23.0 | Report a Bug | By Email