Re: [tram] draft-ietf-tram-stun-pmtud-06 review
Marc Petit-Huguenin <petithug@acm.org> Sat, 03 March 2018 15:42 UTC
Return-Path: <petithug@acm.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FF09124B18 for <tram@ietfa.amsl.com>; Sat, 3 Mar 2018 07:42:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.441
X-Spam-Level:
X-Spam-Status: No, score=-0.441 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eYI9MzGyUTrK for <tram@ietfa.amsl.com>; Sat, 3 Mar 2018 07:42:29 -0800 (PST)
Received: from implementers.org (unknown [IPv6:2001:4b98:dc0:45:216:3eff:fe7f:7abd]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F3C1200F1 for <tram@ietf.org>; Sat, 3 Mar 2018 07:42:29 -0800 (PST)
Received: from [IPv6:2601:648:8301:730f:b138:267a:383f:dbfc] (unknown [IPv6:2601:648:8301:730f:b138:267a:383f:dbfc]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 51D27AE8D9; Sat, 3 Mar 2018 16:42:26 +0100 (CET)
To: "Asveren, Tolga" <tasveren@rbbn.com>, "Gonzalo Salgueiro (gsalguei@cisco.com)" <gsalguei@cisco.com>, "tram@ietf.org" <tram@ietf.org>
References: <CY4PR03MB316039CC07807621C64AFE39A5C90@CY4PR03MB3160.namprd03.prod.outlook.com>
From: Marc Petit-Huguenin <petithug@acm.org>
Message-ID: <10ce3dde-2401-dc4f-e231-13678f6494d1@acm.org>
Date: Sat, 03 Mar 2018 07:42:23 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CY4PR03MB316039CC07807621C64AFE39A5C90@CY4PR03MB3160.namprd03.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="wVrMZrybkg8uGWVuCytAzzM8vaYcrURJ7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/ZSRty7XPKIdvrAGClQiHLwDoytw>
Subject: Re: [tram] draft-ietf-tram-stun-pmtud-06 review
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Mar 2018 15:42:31 -0000
Thanks for the review, please see inline. As the cutoff is Monday afternoon, I'll publish -07 just after sending this email. On 02/17/2018 09:40 PM, Asveren, Tolga wrote: > Marc, Gonzalo, > > Some comments/questions for draft-ietf-tram-stun-pmtud-06: > > i- 4. > > Implementations supporting this specification MUST implement the > server side of both the Simple Probing mechanism (Section 4.1) and > the Complete Probing mechanism (Section 4.2). > Implementations supporting this specification MUST implement the > client side of the Complete Probing mechanism. They MAY implement > the client side of the Simple Probing mechanism. > > I don't see the rationale behind mandating this behavior. Such semantics in general are taken care of in the context of a capability negotiation mechanism, which this document does not specify. As it stands right now, I think this is best left to local policy and bilateral agreements and I would suggest not to use anything stronger than "RECOMMEND". It took me some time to remember why that was the case. IIRC, one of the reasons of doing this is because of the implicit probe support in section 5.2. Because there is no explicit signaling there, we need the server side (which was previously the client side) to be ready to respond to both Simple and Complete Probing. Hence the "server must do both, client choose what they want to do" rule. The other reason is that if we let implementers choose, then Complete Probing - which is the correct way of doing probing - will never be used. > > ii- 4.1 > DF bit set over UDP. > ==> > DF bit in IP Header. > Right? (the same in 4.2) Not really, the Probe Request is still sent over UDP, so I changed the text to that (twice): The Simple Probing mechanism is implemented by sending a Probe Request with a PADDING [RFC5780] attribute over UDP with the DF bit set in the IP header. A router on the path to the server can reject this request with an ICMP message or drop it. The Complete Probing mechanism is implemented by sending one or more Probe Indications with a PADDING attribute over UDP with the DF bit set in the IP header followed by a Report Request to the same server. > > iii- 4.1.1 > A client MUST NOT send a probe if it does not have knowledge that the > server supports this specification. This is done either by external > signalling or by a mechanism specific to the UDP protocol to which > PMTUD capabilities are added or by one of the mechanisms specified in > Section 5. > I suggest adding text for possible use of local policy/bilateral agreements for this purpose. I am not sure what to add to what is said. Do you have text to suggest? > > iv- 4.2 > Some protocols may already have a way of identifying each individual > UDP packet, in which case these identifiers SHOULD be used in the > IDENTIFIERS attribute of the Report Response. > What is meant here as "some protocols"? Are you referring to what is carried as payload of UDP or what is used below UDP? The former. I changed the text to "application layer protocols:" > > v- 4.2 > In the first packet identification mechanism, the server computes a > checksum over each packet received and sends back to the sender the > list of checksums ordered chronologically. The client compares this > list to its own list of checksums. > What if there are two probes with the same checksum right after each other and one of them is lost? How can client disambiguate such a case in the response? I am not sure to get the problem here. The sender keeps a chronologically ordered list of the checksums of the sent packets (data and probes), so in that case there is a sequence of two identical checksums in that list. The server sends back a list of checksums, but with only one of that value (or even 0). The loss can be detected. > > v- 7 > The Simple Probing mechanism may be used without authentication > because this usage by itself cannot trigger an amplification attack > because the Probe Response is smaller than the Probe Request. > Isn't the same true for Sum(Probe Requests) > (Report Response)? I think that mechanism was set following a review that was worried about amplification attack. We have the simple probe mechanism without authentication to keep the barrier to entry very low, i.e. the minimum required implementation possible. Security expert can chime in. > > vii- nit > == The copyright year in the IETF Trust and authors Copyright Line does not > match the current year > > -- The document date (September 1, 2017) is 169 days in the past. Is this > intentional? Will be upgraded with the next publication. -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: https://marc.petit-huguenin.org Profile: https://www.linkedin.com/in/petithug
- [tram] draft-ietf-tram-stun-pmtud-06 review Asveren, Tolga
- Re: [tram] draft-ietf-tram-stun-pmtud-06 review Marc Petit-Huguenin
- Re: [tram] draft-ietf-tram-stun-pmtud-06 review Asveren, Tolga
- Re: [tram] draft-ietf-tram-stun-pmtud-06 review Marc Petit-Huguenin
- Re: [tram] draft-ietf-tram-stun-pmtud-06 review Asveren, Tolga