IETF Logo Mail Archive

[tram] Benjamin Kaduk's Discuss on draft-ietf-tram-stun-pmtud-10: (with DISCUSS and COMMENT)

"Felipe Garrido (fegarrid)" <fegarrid@cisco.com> Tue, 21 May 2019 15:59 UTC

Return-Path: <fegarrid@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 402F912016F; Tue, 21 May 2019 08:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=OaMubbKk; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=G4KDZCeb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aD9ghh34ZTdS; Tue, 21 May 2019 08:59:56 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30D9B120041; Tue, 21 May 2019 08:59:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24099; q=dns/txt; s=iport; t=1558454396; x=1559663996; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=478Qwepxw0eBNH+yWOOYFyyOwAbd510JHGvHwUePeFI=; b=OaMubbKkP8bAXgPfV7+SehfNozUoeRQ4SyOYM+/YMFqhLEv8oNcLGw6I nMQM8pjSwF1jnp1lJih9VFzpspyCikBY4xq1J4wQDIo2Tye4tRF3zhbpc 0r6Z9F70Vd/CPVjFm1DBPrCrd/vDkwkMQhqLYfB074FQoKNaUV/cv1k6T U=;
IronPort-PHdr: 9a23:ocvDERP2MAoStYm5C5Al6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBj1IfHjdTY7EOxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BxAABFIORc/5hdJa1lDg4BAQEEAQEHBAEBgVIGAQELAYEOLyQsA2lVIAQLKIQTg0cDjnaVMIROgS4UgRADVAkBAQEMAQEjCgIBAYRAAheCDyM1CA4BAwEBBAEBAgEEbRwMhUsCBBIRHQEBNwEPAgFKAgICMCUCBAENJ4MAAYEdTQMdAQIMnC8CgTWIX3GBL4J5AQEFgUdBgn0Ygg8DBoE0AYtQF4FAP4ERJx+DCoJhAgECAYEqARIBCUOCXTKCJos4gkKEXpVPCQKCDYYujFIbgh6GW4N8iTeMVoZyjlYCBAIEBQIOAQEFgVABNmZYEQhwFTsqAYJBgg8JGhSDOIUUhQQ7cgGBKIs4DRcHgiUBAQ
X-IronPort-AV: E=Sophos;i="5.60,495,1549929600"; d="scan'208,217";a="560976789"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 May 2019 15:59:28 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x4LFxS7f004892 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 21 May 2019 15:59:28 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 21 May 2019 10:59:28 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 21 May 2019 10:59:27 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 21 May 2019 10:59:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=478Qwepxw0eBNH+yWOOYFyyOwAbd510JHGvHwUePeFI=; b=G4KDZCebLlROK5Pk5ikdC+h3sroZoxjYaAYmxJxf+V8RhyftXb3LLiyH/cmkZSUmULtwiHlDwiOjVQN6yUnJU0ggn09UYO3MB6cIh7uFW9UH34CG/jHssR4SH7ur0os27xLMFJaRPz8eHFgdyz7UuNCFNVEKDMCEMpPF7jebxuE=
Received: from SN6PR11MB2800.namprd11.prod.outlook.com (52.135.93.15) by SN6PR11MB2544.namprd11.prod.outlook.com (52.135.90.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.15; Tue, 21 May 2019 15:59:26 +0000
Received: from SN6PR11MB2800.namprd11.prod.outlook.com ([fe80::54d:79aa:af94:ca1]) by SN6PR11MB2800.namprd11.prod.outlook.com ([fe80::54d:79aa:af94:ca1%5]) with mapi id 15.20.1900.020; Tue, 21 May 2019 15:59:25 +0000
From: "Felipe Garrido (fegarrid)" <fegarrid@cisco.com>
To: "kaduk@mit.edu" <kaduk@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>
CC: "draft-ietf-tram-stun-pmtud@ietf.org" <draft-ietf-tram-stun-pmtud@ietf.org>, "tram-chairs@ietf.org" <tram-chairs@ietf.org>, "tasveren@rbbn.com" <tasveren@rbbn.com>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-tram-stun-pmtud-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVCZroxitzvIrR+0WCBXUGWDqVCaZzxlWAgAG/uAA=
Date: Tue, 21 May 2019 15:59:25 +0000
Message-ID: <D526B162-A27A-46CC-99D0-213F52BC43BD@cisco.com>
References: <153791323613.5011.4854093713979605105.idtracker@ietfa.amsl.com> <6DB9C5F7-7150-431D-96D4-28594C918D31@cisco.com> <486F16F2-EE74-4ADE-89D8-4B69BEDB803E@cisco.com>
In-Reply-To: <486F16F2-EE74-4ADE-89D8-4B69BEDB803E@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.18.0.190414
authentication-results: spf=none (sender IP is ) smtp.mailfrom=fegarrid@cisco.com;
x-originating-ip: [2001:420:2280:1272:7dd0:49c4:698d:a0af]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05a70e86-65d5-464b-7536-08d6de054c2f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:SN6PR11MB2544;
x-ms-traffictypediagnostic: SN6PR11MB2544:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <SN6PR11MB2544F8B7C8EA5123C8CF0241C8070@SN6PR11MB2544.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0044C17179
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(346002)(39860400002)(396003)(136003)(189003)(199004)(51444003)(76176011)(4326008)(110136005)(68736007)(53936002)(6506007)(73956011)(66946007)(91956017)(76116006)(25786009)(2171002)(6486002)(6436002)(14444005)(256004)(2501003)(7736002)(54906003)(102836004)(54896002)(6306002)(316002)(236005)(58126008)(6512007)(66574012)(21615005)(6116002)(36756003)(11346002)(186003)(46003)(8936002)(8676002)(446003)(478600001)(71200400001)(33656002)(83716004)(71190400001)(14454004)(86362001)(966005)(606006)(5660300002)(66446008)(99286004)(66476007)(64756008)(2616005)(476003)(66556008)(486006)(9326002)(2906002)(82746002)(81156014)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2544; H:SN6PR11MB2800.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: RsUHOHHyTnBHCN6RRrhpc0ipAuS/6kGRRqiztIyQQTSCxqGKA6m5SbZg9VUC+SdaMWQXH0mjt+ntPNzjwRztGgg4xjHYXD+HIfQT5PjnmWdCn/DEl9Z3F5BnAB5Y75QpnXonDZePEaq/2qr+U+DI3RmR/v9IKN0Xn0XVqxA/ZBQspUPmOyxAsd33mNInakqTd+pDbfqDm/S4ewWEGjZPYjZcYJVtmE3XiSp3o9eTojGlKL6kZWVM8y32IuqclfI6wIwYepgbV7HVaDzITdWRALv4PgCcgNqwtFQLtROe9M/h2DEkBj4YlTKxRmZzRPZ02oamVV+L9f6x0ISuAOMeogxKao3EaDghPwdxHQFWELH3BWSjF6ZpSzBgxw1MJnsurG/givIDM0UjT2lrERHXA083f5DVLVS0BkKIOsuoMNw=
Content-Type: multipart/alternative; boundary="_000_D526B162A27A46CC99D0213F52BC43BDciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 05a70e86-65d5-464b-7536-08d6de054c2f
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 15:59:25.2306 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2544
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.24, xch-aln-014.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/L9C1G6b0TuRMSaP7-ZUezTc1fqk>
Subject: [tram] Benjamin Kaduk's Discuss on draft-ietf-tram-stun-pmtud-10: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 15:59:59 -0000

Hi Benjamin,

Apologies for the delay in responding, the current authors are having scheduling conflicts and have added me to address the current concerns. Please see my responses inline.

thanks
-Felipe


Benjamin Kaduk has entered the following ballot position for
draft-ietf-tram-stun-pmtud-10: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tram-stun-pmtud/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

I was going to report the same thing as Adam, but will just say that I support his Discuss.
[FG]: I’ll be addressing this Discuss in Adam’s feedback.

I also have one other (also minor and easy to resolve) Discuss point:  Section 4.2.6 needs
to state what the Length field is measuring the length of.
[FG]: Agree that this is required. Adding the following text to Section 4.2.6.
“The Length field specifies the length in bytes of the sequence number and application data fields.”

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I understand that this document inherently has to be incomplete and "vague",
since the procedure specified within is only meaningful in the context of a
STUN usage or other protocol.  But in general it seems like there could be
greater clarity even within the constraints that we must work under.  My
points are probably less interesting than the ones Adam raised already, though.
The only general observation in this space that I can offer is that some parts of
the text read as if only the Probe packets are going to be monitored for the
report (but this is clearly not the case given the document as a whole).

Section 4.2

  The Complete Probing mechanism is implemented by sending one or more
  Probe Indications with a PADDING attribute over UDP with the DF bit
  set in the IP header followed by a Report Request to the same server.
  A router on the path to the server can reject this Indication with an
  ICMP message or drop it.

nit: I don't think "this" is the right word; perhaps "each" would be
better.


[FG]: Agree, updates will be made.

Section 4.2.3

  A server supporting this specification will keep the identifiers of
  all packets received in a chronologically ordered list.  The packets
  that are to be associated to a list are selected according to
  Section 5.2 of [RFC4821].  [...]

4821 doesn't talk about "list"s at all, and in fact the indicated section
seems to be talking more about where to store a PMTU value after it has
been determined, rather than what packets to be considering for a report.
So I'm pretty confused about what this sentence is trying to say.


[FG]: Agree. Updated wording to make the statement easier to read.
“The selection process specified in Section 5.2 of [RFC4821] is to be used to determine whether a packet is added with a list.”

Section 4.2.4

nit: I think that all instances of "the Probe Indication" should be
replaced with "a Probe Indication", in this section.


[FG]: Agree, updates will be made.

Section 4.2.5

  When using a checksum as a packet identifier, the client calculates
  the checksum for each packet sent over UDP that is not a STUN Probe
  Indication or Request and keeps this checksum in a chronologically
  ordered list.  The client also keeps the checksum of the STUN Probe
  Indication or Request sent in that same chronologically ordered list.
  The algorithm used to calculate the checksum is similar to the
  algorithm used for the FINGERPRINT attribute (i.e., the CRC-32 of the
  payload XOR'ed with the 32-bit value 0x5354554e [ITU.V42.2002]).

(editorial) It's pretty confusing to start out with the split between STUN
and non-STUN messages, only later to clarify that this is because the
FINGERPRINT is used for STUN messages.  So maybe:

 When using a checksum as a packet identifier, the client keeps a
 chronologically ordered list of the packets it transmits, along with an
 associated checksum value.  For STUN Probe Indication or Request packets,
 the associated checksum value is the FINGERPRINT value from the packet; for
 other packets a checksum value is computed using a similar algorithm to the
 FINGERPRINT calculation.


[FG]: Agree with changing of the language. It doesn’t change the content and easier to read.

Section 4.2.6

  When using sequence numbers, a small header similar to the TURN
  ChannelData header [...]

Probably want an informative reference for this header.


[FG]: Agree, updates will be made to reference.
Section 6.2

6.2.  PMTUD-SUPPORTED

  The PMTUD-SUPPORTED attribute indicates that its sender supports this
  specification.  This attribute has no value part and thus the
  attribute length field is 0.

"this specification" is not sufficiently detailed to interoperate, so I
think this needs to be qualified as more like "supports this mechanism, as
incorporated into the STUN usage or protocol being used".


[FG]: Agree, updates will be made.

Section 7

The contents of the PADDING do not seem to be specified anywhere, so it
could in theory be used as a side channel to convey other information,
which has some potential privacy considerations.  Nowadays we tend to ask
for the value of the padding bytes to be deterministic (but validation
remains optional); I forget if there are STUN-specific considerations that
would discourage just setting them all to zero.


[FG]: Agree.  Adding language to state contents of PADDING.
“The padding bits MUST be set to zero on sending and MUST be ignored by the receiver.”

v2.23.0 | Report a Bug | By Email