[tram] FW: Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)

"Felipe Garrido (fegarrid)" <fegarrid@cisco.com> Thu, 14 November 2019 09:04 UTC

Return-Path: <fegarrid@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD52120232; Thu, 14 Nov 2019 01:04:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AKk2G9gy; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dI5XwG6G
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fELTTJsN_ll9; Thu, 14 Nov 2019 01:04:44 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE25412089E; Thu, 14 Nov 2019 01:04:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=23831; q=dns/txt; s=iport; t=1573722282; x=1574931882; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=N4/F4EfLA0n6ZVr6JqaQhRWbWIAkTsIrwngEUHOOZw4=; b=AKk2G9gyf+U5uWXVcVmqdeknHOteguGx7ezj/k5w/q/r3AhiW17dXq+c PwQqV0wzVRA6aEFs0pt3u3Wg8x6JPgFqUxZ5r2deisRhQ6x43twU0oPxe 85JGV3qnee4hRKqIJz5S7G1BK6/kNLOM/ufT/EV0XqWTx660QBTamfIqg M=;
IronPort-PHdr: =?us-ascii?q?9a23=3AV/S5qRS9+gubGf6+rXeCcXIo69psv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOiI3E81YTl5p13q6KkNSXs35Yg6arw=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DMAAAWGM1d/4gNJK1lGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYF+gRwvUAVsWCAECyoKhB+DRgOKeIJef5IfhGK?= =?us-ascii?q?BQoEQA1QJAQEBDAEBGAEKCgIBAYRAAheCCCQ4EwIDCwEBBAEBAQIBBQRthTc?= =?us-ascii?q?BC4VRAQEBAQMBARARHQEBLAsBDwIBCBEDAQIoAwICAiULFAcBAQUDAgQOBSK?= =?us-ascii?q?DAAGBeU0DLgECDKcOAoE4iGB1gTKCfgEBBYE0ARNBgxIYghcDBoE2iUyCSRi?= =?us-ascii?q?BQD+BEScfghc1PoJiAQEBAQEBgSoBAREBCTYNCYJaMoIsjSeCaYVDiUOPCQq?= =?us-ascii?q?CKocYhSWJDhuCPodjj2GOR4FBhneRSwIEAgQFAg4BAQWBaSJnWBEIcBU7KgG?= =?us-ascii?q?CQVARFIVnizM4gzuEWTuFP3QBgSeODA4XgQsBgQ4BAQ?=
X-IronPort-AV: E=Sophos;i="5.68,302,1569283200"; d="scan'208,217";a="379829053"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Nov 2019 09:04:41 +0000
Received: from XCH-RCD-016.cisco.com (xch-rcd-016.cisco.com [173.37.102.26]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id xAE94fLN030334 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 14 Nov 2019 09:04:41 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-016.cisco.com (173.37.102.26) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Nov 2019 03:04:41 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Nov 2019 03:04:35 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 14 Nov 2019 03:04:34 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z+uPE+LLnpMvZhN2BBlAAMwjWI4A5XarTybG2nPJc7x2exvW2S5XECQtHmjddm0HXqLPhwc59k9xsz09bHg8cEiz5SfIz3HtpbP+YVuhnI/15wcNgmAIDRO/9c+das7SRXyJr2O4kRy1lsbloTVckd7SAHPnWs+u9K6gxSJlfp9r+37KuIwGSMPETIs0RMtal0SP5dkGCme189o9RCoiIQobDcu6Nn0jcPvE7wnNTe10KQ2aW7vPVwQW4uqcFBQ0ztdy04wJj5BMuJuLjJRAjncDZlvmA19MKo3ZcVZ7AzYb/4/Dkm8C7HL9DwDOn1AhcwxeDmQvp5GRdFyqRKMXIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N4/F4EfLA0n6ZVr6JqaQhRWbWIAkTsIrwngEUHOOZw4=; b=lRheRxOuq1VnzioAqN16gDExybouBL0axVn3TcBEeuOYXTfQQn3mm6D2tQE8xeRFcXQPsix1QN18vF2Xtz5eebKZ6MJPeMAkrJZgI9ga7woYG4d9DoEqnS44zB8AfZPnWh3VR0K3lTBvEHfEDx4lzh/3kX/C8/A3YnKI1RI7BQC4isPPydDdt+PtM488bCHEBBQrR+pY4qIXmfXNPEmtpPkZakMKssuaQN9vOjhe6EA+TZnKPZU8BTT6zu9UIEyZBD553sXfVgzmkbVNUkwHYSelec/9DXlIc8kfdgfsLzquKweruy+0LYJBfU30iPqUQXf2Ig7A/ut5buD9ihMDeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N4/F4EfLA0n6ZVr6JqaQhRWbWIAkTsIrwngEUHOOZw4=; b=dI5XwG6G429hdRMkV76SoO2Sxdu0pZadbPCkxF0MthM9Ws2GIwnAiumPXLJYezMZ++sb1XNHNNneBlUJBWkAX/XuT1pDsoGjMVeR2NpLga2/1DkBrcrRCSXepxszjZxGYU21irReufMnNN9uw3EQNn4LKE0IpbuDAo/WnUiA3xc=
Received: from SN6PR11MB2800.namprd11.prod.outlook.com (52.135.93.15) by SN6PR11MB2717.namprd11.prod.outlook.com (52.135.92.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Thu, 14 Nov 2019 09:04:33 +0000
Received: from SN6PR11MB2800.namprd11.prod.outlook.com ([fe80::59c7:c0f9:fd0c:861b]) by SN6PR11MB2800.namprd11.prod.outlook.com ([fe80::59c7:c0f9:fd0c:861b%3]) with mapi id 15.20.2451.027; Thu, 14 Nov 2019 09:04:33 +0000
From: "Felipe Garrido (fegarrid)" <fegarrid@cisco.com>
To: "ekr@rtfm.com" <ekr@rtfm.com>
CC: "tram-chairs@ietf.org" <tram-chairs@ietf.org>, "draft-ietf-tram-stun-pmtud@ietf.org" <draft-ietf-tram-stun-pmtud@ietf.org>, "tram@ietf.org" <tram@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: [tram] Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)
Thread-Index: AQHVWStvsucI/MLzhUuBzovgg1Cg1aeKjueA
Date: Thu, 14 Nov 2019 09:04:33 +0000
Message-ID: <D5E68052-BF83-44BF-86F9-2676F6D50799@cisco.com>
References: <153802198349.21545.4817405254758467837.idtracker@ietfa.amsl.com> <D2C80AF7-8AAA-4C77-863A-2EF272C1DB51@cisco.com>
In-Reply-To: <D2C80AF7-8AAA-4C77-863A-2EF272C1DB51@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=fegarrid@cisco.com;
x-originating-ip: [173.38.117.73]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6df7d38a-e8ce-4669-ef21-08d768e1aad3
x-ms-traffictypediagnostic: SN6PR11MB2717:
x-microsoft-antispam-prvs: <SN6PR11MB2717809C6EF8A372AF5E1277C8710@SN6PR11MB2717.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02213C82F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(376002)(39860400002)(346002)(136003)(189003)(199004)(71200400001)(6506007)(25786009)(33656002)(86362001)(229853002)(6486002)(6512007)(2473003)(54896002)(6306002)(5640700003)(236005)(6436002)(3846002)(66066001)(6916009)(2351001)(4326008)(8936002)(8676002)(9326002)(81156014)(1730700003)(2906002)(2501003)(91956017)(76116006)(7736002)(54906003)(58126008)(6116002)(186003)(66556008)(14454004)(486006)(64756008)(2616005)(66946007)(66476007)(316002)(66446008)(478600001)(14444005)(99286004)(81166006)(26005)(102836004)(5660300002)(476003)(256004)(966005)(11346002)(446003)(76176011)(36756003)(71190400001)(606006)(21615005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2717; H:SN6PR11MB2800.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: T7nuVcoY4LRJbc1xrr6N/eEpMDzXIrW1v7jQHCck+6QaHBLR9w53K9bo0UGuc98Ij9djgf67UaqqDfZujXixJ+wEuZYL3l/qg08USdy96TPFd9RxVYoMx3S6WvOCZ3y5KahlhM2xfZzORo4rbK0nczO4sLVeBHE/25yNYPSLs2xHgnu0ISX6LiBc8wLCGlK6YjsspvG+kiN3Fe26U6+fMibfjfdebpLIg38QRlSsymntIZ0TW/SQ0MiigFyx0ys2Jxu9FrDSZ90IZJDHLTBsLNjMwEqe/VXBLsC2bSToSbb0tgquFjZyZSD0BcOfpR8N4OLSfPufRUyup3WVCxevCuCE2PXcO8bD+CmFdG3IfSA71vk5MFy+ApEuNoEcej4myuG2KpxtZBOqt2SdKxCWZFK+0AjLo9G+1IZa1+tz9irQcoIQwZJRCu+1/yDS8kLq
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_D5E68052BF8344BF86F92676F6D50799ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6df7d38a-e8ce-4669-ef21-08d768e1aad3
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2019 09:04:33.8011 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ij5YVMkcJFffVwoPdsghEWRnSUxAtsm5ZM/GV+taGrRGOd0JfI4P2I+MFtwT5DG2wMrRkEVFJmCefKuclAlE6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2717
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.26, xch-rcd-016.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/dUWCDOW0njZOasDSKJhQ5O9JTeE>
Subject: [tram] FW: Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 09:04:48 -0000

Hi Eric,

Responses to your COMMENTS are in-line along with some additional requests for information to address some of them. Most are addressed in the latest draft -14.

Thanks,
-Felipe

From: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Subject: [tram] Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)
Date: September 27, 2018 at 12:19:43 AM EDT
To: "The IESG" <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: tram-chairs@ietf.org<mailto:tram-chairs@ietf.org>, draft-ietf-tram-stun-pmtud@ietf.org<mailto:draft-ietf-tram-stun-pmtud@ietf.org>, tram@ietf.org<mailto:tram@ietf.org>, tasveren@rbbn.com<mailto:tasveren@rbbn.com>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com<mailto:gonzalo.camarillo@ericsson.com>>

Eric Rescorla has entered the following ballot position for
draft-ietf-tram-stun-pmtud-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tram-stun-pmtud/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D4528



IMPORTANT
S 4.2.6.

    It could have been possible to use the checksum generated in the UDP
    checksum for this, but this value is generally not accessible to
    applications.  Also, sometimes the checksum is not calculated or is
    off-loaded to network hardware.

 4.2.6.  Using Sequence Numbers as Packet Identifiers

I don't understand how as an endpoint I know which method I use.

[FG] In discussing with the other authors, we’re unsure of which method you are referring to. Can you provide clarity on this COMMENT?

S 4.2.6.


 4.2.6.  Using Sequence Numbers as Packet Identifiers

    When using sequence numbers, a small header similar to the TURN
    ChannelData header is added in front of all packets that are not a
    STUN Probe Indication or Request.  The sequence number is

how would this interact with ICE, where you send Binding Indidcations.

[FG] Working with the other authors to determine how best to update this section. Will provide updated text in the next drft.

COMMENTS
S 2.

    Probing mechanism (as described in Section 4.2).  The selection of
    which Probing Mechanism to use is dependent on performance and
    security and complexity trade-offs.

    If the Simple Probing mechanism is chosen, then the Client initiates
    Probe transactions, as shown in Figure 1, which increase in size

Why does this use probe and not binding-request? Then you wouldn't
have a constraint on knowing the other side supported it.

[FG] The PMTUD mechanism is meant to be used by any UDP-based protocol.


S 2.

    security and complexity trade-offs.

    If the Simple Probing mechanism is chosen, then the Client initiates
    Probe transactions, as shown in Figure 1, which increase in size
    until transactions timeout, indicating that the Path MTU has been
    exceeded.  It then uses that information to update the Path MTU.

Most of the MTU mechanisms I know of start big and go small.

See, for instance: https://tools.ietf.org/html/rfc4821#section-7.2

[FG] Updated to match RFC 4821.

S 4.1.2.

    [RFC5389].

    The server then creates a Probe Response.  The server MUST add the
    FINGERPRINT attribute so the STUN messages are disambiguated from the
    other protocol packets.  The server then sends the response to the
    client.

I note that this doesn't let you measure PMTU in the opposite
direction.

[FG] yes, this would require the server to take reverse roles and act as a client to measure PMTU.


S 4.1.3.

    client.

 4.1.3.  Receiving a Probe Response

    A client receiving a Probe Response MUST process it as specified in
    [RFC5389].  If a response is received this is interpreted as a Probe

5389 doesn't describe Probe, so you should lay out what this means.

[FG] updated text in the latest draft.


S 6.2.


 6.2.  PMTUD-SUPPORTED

    The PMTUD-SUPPORTED attribute indicates that its sender supports this
    specification.  This attribute has no value part and thus the
    attribute length field is 0.

When is this useful? Only when you want to use simple probing?

[FG] updated the text in the latest draft.


S 7.

    The Simple Probing mechanism may be used without authentication
    because this usage by itself cannot trigger an amplification attack
    as the Probe Response is smaller than the Probe Request.  An
    unauthenticated Simple Probing mechanism cannot be used in
    conjunction with the Implicit Probing Support Signaling mechanism in
    order to prevent amplification attacks.

I don't understand this last sentence. It can't be used? Doesn't the
previous sentence imply you can?

[FG] updated the text in the latest draft


_______________________________________________
tram mailing list
tram@ietf.org
https://www.ietf.org/mailman/listinfo/tram