IETF Logo Mail Archive

Re: [tcpm] draft-ietf-tcpm-experimental-options

Joe Touch <touch@isi.edu> Fri, 22 February 2013 21:33 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E32F421F8706 for <tcpm@ietfa.amsl.com>; Fri, 22 Feb 2013 13:33:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.011
X-Spam-Level:
X-Spam-Status: No, score=-103.011 tagged_above=-999 required=5 tests=[AWL=-0.412, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2gpUCtgrdVe for <tcpm@ietfa.amsl.com>; Fri, 22 Feb 2013 13:33:47 -0800 (PST)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id 3DAC321F86C2 for <tcpm@ietf.org>; Fri, 22 Feb 2013 13:33:47 -0800 (PST)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id r1MLXFWp024885 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 22 Feb 2013 13:33:15 -0800 (PST)
Message-ID: <5127E413.1000702@isi.edu>
Date: Fri, 22 Feb 2013 13:33:07 -0800
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
MIME-Version: 1.0
To: "Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com>
References: <DF29671EFBFC454E984F5A1AD4834F491E7B02EA@pwsvl-excmbx-04.internal.cacheflow.com>
In-Reply-To: <DF29671EFBFC454E984F5A1AD4834F491E7B02EA@pwsvl-excmbx-04.internal.cacheflow.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] draft-ietf-tcpm-experimental-options
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2013 21:33:48 -0000

Hi, Jamshid,

On 2/22/2013 12:54 PM, Mahdavi, Jamshid wrote:
...
> The draft claims that experimental TCP options are
>
>            “intended to be used both in controlled environments and in
> are allowed in public deployments (when not enabled as default) [RFC3962]”
>
> (Side note:  typo “in”, and the citation is wrong, it should be 3692.)

Those are part of pending updates.

> However, that goes against other documentation – for example these
> statements in 3692:
>
> “Mutually consenting devices could use these numbers for whatever
> purposes they desire, but under the understanding that they are reserved
> for generic testing purposes” (i.e. not for production use)
>
> “They are not intended to be used in general deployments or be enabled
> by default in products or other general releases.”  (my reading of that
> has always been, “not intended for use in the public Internet”)

The key is the term "default". I.e., they are allowed in general 
releases if not enabled by default.

> And, on the IANA assigned numbers:
>
> “RFC3692-style Experiment 1 (also improperly used for shipping
> products)” – clearly implying these are not intended for use in
> commercial products.

Not by default. But having them available where users can turn them on 
causes the same problem.

> Finally, the draft itself implies the experimental option usage is still
> intended to be temporary in the discussion “Migration to Assigned Options”.

That's correct. The goal would be for experiments with sufficient 
experience that are sufficiently warranted to justify assignment of 
permanent TCP option codepoints.

> (Another side note:  I’d have concerns about implementing the proposed
> migration mechanism in practice due to the creation of extra connections
> which would just be dropped.)
>
> In the absence of a better solution, a vendor may find using an
> experimental option to be preferable to squatting somewhere else in the
> option space, but this draft in its current form does not really appear
> to change any of the underlying rules which suggest experimental options
> are not intended for this type of use.
>
> One other suggestion for the draft:  it might merit a word or two in the
> security considerations how this draft might affect the firewall
> processing of TCP options 253 and 254.

I can add that.

> Having the IANA registry
> suggested elsewhere in the thread would actually help firewalls to have
> better visibility into the contents of these options to be more
> selective about what to allow.

The IANA registry would help firewalls only if they parsed inside TCP 
options; is that remotely likely?

Joe

>
> --Jamshid
>
>
>
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm
>

v2.23.0 | Report a Bug | By Email