[tram] FW: Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)
"Felipe Garrido (fegarrid)" <fegarrid@cisco.com> Thu, 14 November 2019 09:04 UTC
Return-Path: <fegarrid@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD52120232; Thu, 14 Nov 2019 01:04:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AKk2G9gy; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dI5XwG6G
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fELTTJsN_ll9; Thu, 14 Nov 2019 01:04:44 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE25412089E; Thu, 14 Nov 2019 01:04:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=23831; q=dns/txt; s=iport; t=1573722282; x=1574931882; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=N4/F4EfLA0n6ZVr6JqaQhRWbWIAkTsIrwngEUHOOZw4=; b=AKk2G9gyf+U5uWXVcVmqdeknHOteguGx7ezj/k5w/q/r3AhiW17dXq+c PwQqV0wzVRA6aEFs0pt3u3Wg8x6JPgFqUxZ5r2deisRhQ6x43twU0oPxe 85JGV3qnee4hRKqIJz5S7G1BK6/kNLOM/ufT/EV0XqWTx660QBTamfIqg M=;
IronPort-PHdr: 9a23:V/S5qRS9+gubGf6+rXeCcXIo69psv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOiI3E81YTl5p13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DMAAAWGM1d/4gNJK1lGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBAYF+gRwvUAVsWCAECyoKhB+DRgOKeIJef5IfhGKBQoEQA1QJAQEBDAEBGAEKCgIBAYRAAheCCCQ4EwIDCwEBBAEBAQIBBQRthTcBC4VRAQEBAQMBARARHQEBLAsBDwIBCBEDAQIoAwICAiULFAcBAQUDAgQOBSKDAAGBeU0DLgECDKcOAoE4iGB1gTKCfgEBBYE0ARNBgxIYghcDBoE2iUyCSRiBQD+BEScfghc1PoJiAQEBAQEBgSoBAREBCTYNCYJaMoIsjSeCaYVDiUOPCQqCKocYhSWJDhuCPodjj2GOR4FBhneRSwIEAgQFAg4BAQWBaSJnWBEIcBU7KgGCQVARFIVnizM4gzuEWTuFP3QBgSeODA4XgQsBgQ4BAQ
X-IronPort-AV: E=Sophos;i="5.68,302,1569283200"; d="scan'208,217";a="379829053"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Nov 2019 09:04:41 +0000
Received: from XCH-RCD-016.cisco.com (xch-rcd-016.cisco.com [173.37.102.26]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id xAE94fLN030334 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 14 Nov 2019 09:04:41 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-016.cisco.com (173.37.102.26) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Nov 2019 03:04:41 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Nov 2019 03:04:35 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 14 Nov 2019 03:04:34 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z+uPE+LLnpMvZhN2BBlAAMwjWI4A5XarTybG2nPJc7x2exvW2S5XECQtHmjddm0HXqLPhwc59k9xsz09bHg8cEiz5SfIz3HtpbP+YVuhnI/15wcNgmAIDRO/9c+das7SRXyJr2O4kRy1lsbloTVckd7SAHPnWs+u9K6gxSJlfp9r+37KuIwGSMPETIs0RMtal0SP5dkGCme189o9RCoiIQobDcu6Nn0jcPvE7wnNTe10KQ2aW7vPVwQW4uqcFBQ0ztdy04wJj5BMuJuLjJRAjncDZlvmA19MKo3ZcVZ7AzYb/4/Dkm8C7HL9DwDOn1AhcwxeDmQvp5GRdFyqRKMXIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N4/F4EfLA0n6ZVr6JqaQhRWbWIAkTsIrwngEUHOOZw4=; b=lRheRxOuq1VnzioAqN16gDExybouBL0axVn3TcBEeuOYXTfQQn3mm6D2tQE8xeRFcXQPsix1QN18vF2Xtz5eebKZ6MJPeMAkrJZgI9ga7woYG4d9DoEqnS44zB8AfZPnWh3VR0K3lTBvEHfEDx4lzh/3kX/C8/A3YnKI1RI7BQC4isPPydDdt+PtM488bCHEBBQrR+pY4qIXmfXNPEmtpPkZakMKssuaQN9vOjhe6EA+TZnKPZU8BTT6zu9UIEyZBD553sXfVgzmkbVNUkwHYSelec/9DXlIc8kfdgfsLzquKweruy+0LYJBfU30iPqUQXf2Ig7A/ut5buD9ihMDeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N4/F4EfLA0n6ZVr6JqaQhRWbWIAkTsIrwngEUHOOZw4=; b=dI5XwG6G429hdRMkV76SoO2Sxdu0pZadbPCkxF0MthM9Ws2GIwnAiumPXLJYezMZ++sb1XNHNNneBlUJBWkAX/XuT1pDsoGjMVeR2NpLga2/1DkBrcrRCSXepxszjZxGYU21irReufMnNN9uw3EQNn4LKE0IpbuDAo/WnUiA3xc=
Received: from SN6PR11MB2800.namprd11.prod.outlook.com (52.135.93.15) by SN6PR11MB2717.namprd11.prod.outlook.com (52.135.92.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Thu, 14 Nov 2019 09:04:33 +0000
Received: from SN6PR11MB2800.namprd11.prod.outlook.com ([fe80::59c7:c0f9:fd0c:861b]) by SN6PR11MB2800.namprd11.prod.outlook.com ([fe80::59c7:c0f9:fd0c:861b%3]) with mapi id 15.20.2451.027; Thu, 14 Nov 2019 09:04:33 +0000
From: "Felipe Garrido (fegarrid)" <fegarrid@cisco.com>
To: "ekr@rtfm.com" <ekr@rtfm.com>
CC: "tram-chairs@ietf.org" <tram-chairs@ietf.org>, "draft-ietf-tram-stun-pmtud@ietf.org" <draft-ietf-tram-stun-pmtud@ietf.org>, "tram@ietf.org" <tram@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: [tram] Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)
Thread-Index: AQHVWStvsucI/MLzhUuBzovgg1Cg1aeKjueA
Date: Thu, 14 Nov 2019 09:04:33 +0000
Message-ID: <D5E68052-BF83-44BF-86F9-2676F6D50799@cisco.com>
References: <153802198349.21545.4817405254758467837.idtracker@ietfa.amsl.com> <D2C80AF7-8AAA-4C77-863A-2EF272C1DB51@cisco.com>
In-Reply-To: <D2C80AF7-8AAA-4C77-863A-2EF272C1DB51@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=fegarrid@cisco.com;
x-originating-ip: [173.38.117.73]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6df7d38a-e8ce-4669-ef21-08d768e1aad3
x-ms-traffictypediagnostic: SN6PR11MB2717:
x-microsoft-antispam-prvs: <SN6PR11MB2717809C6EF8A372AF5E1277C8710@SN6PR11MB2717.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02213C82F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(376002)(39860400002)(346002)(136003)(189003)(199004)(71200400001)(6506007)(25786009)(33656002)(86362001)(229853002)(6486002)(6512007)(2473003)(54896002)(6306002)(5640700003)(236005)(6436002)(3846002)(66066001)(6916009)(2351001)(4326008)(8936002)(8676002)(9326002)(81156014)(1730700003)(2906002)(2501003)(91956017)(76116006)(7736002)(54906003)(58126008)(6116002)(186003)(66556008)(14454004)(486006)(64756008)(2616005)(66946007)(66476007)(316002)(66446008)(478600001)(14444005)(99286004)(81166006)(26005)(102836004)(5660300002)(476003)(256004)(966005)(11346002)(446003)(76176011)(36756003)(71190400001)(606006)(21615005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2717; H:SN6PR11MB2800.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: T7nuVcoY4LRJbc1xrr6N/eEpMDzXIrW1v7jQHCck+6QaHBLR9w53K9bo0UGuc98Ij9djgf67UaqqDfZujXixJ+wEuZYL3l/qg08USdy96TPFd9RxVYoMx3S6WvOCZ3y5KahlhM2xfZzORo4rbK0nczO4sLVeBHE/25yNYPSLs2xHgnu0ISX6LiBc8wLCGlK6YjsspvG+kiN3Fe26U6+fMibfjfdebpLIg38QRlSsymntIZ0TW/SQ0MiigFyx0ys2Jxu9FrDSZ90IZJDHLTBsLNjMwEqe/VXBLsC2bSToSbb0tgquFjZyZSD0BcOfpR8N4OLSfPufRUyup3WVCxevCuCE2PXcO8bD+CmFdG3IfSA71vk5MFy+ApEuNoEcej4myuG2KpxtZBOqt2SdKxCWZFK+0AjLo9G+1IZa1+tz9irQcoIQwZJRCu+1/yDS8kLq
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_D5E68052BF8344BF86F92676F6D50799ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6df7d38a-e8ce-4669-ef21-08d768e1aad3
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2019 09:04:33.8011 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ij5YVMkcJFffVwoPdsghEWRnSUxAtsm5ZM/GV+taGrRGOd0JfI4P2I+MFtwT5DG2wMrRkEVFJmCefKuclAlE6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2717
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.26, xch-rcd-016.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/dUWCDOW0njZOasDSKJhQ5O9JTeE>
Subject: [tram] FW: Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 09:04:48 -0000
Hi Eric, Responses to your COMMENTS are in-line along with some additional requests for information to address some of them. Most are addressed in the latest draft -14. Thanks, -Felipe From: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> Subject: [tram] Eric Rescorla's No Objection on draft-ietf-tram-stun-pmtud-10: (with COMMENT) Date: September 27, 2018 at 12:19:43 AM EDT To: "The IESG" <iesg@ietf.org<mailto:iesg@ietf.org>> Cc: tram-chairs@ietf.org<mailto:tram-chairs@ietf.org>, draft-ietf-tram-stun-pmtud@ietf.org<mailto:draft-ietf-tram-stun-pmtud@ietf.org>, tram@ietf.org<mailto:tram@ietf.org>, tasveren@rbbn.com<mailto:tasveren@rbbn.com>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com<mailto:gonzalo.camarillo@ericsson.com>> Eric Rescorla has entered the following ballot position for draft-ietf-tram-stun-pmtud-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tram-stun-pmtud/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Rich version of this review at: https://mozphab-ietf.devsvcdev.mozaws.net/D4528 IMPORTANT S 4.2.6. It could have been possible to use the checksum generated in the UDP checksum for this, but this value is generally not accessible to applications. Also, sometimes the checksum is not calculated or is off-loaded to network hardware. 4.2.6. Using Sequence Numbers as Packet Identifiers I don't understand how as an endpoint I know which method I use. [FG] In discussing with the other authors, we’re unsure of which method you are referring to. Can you provide clarity on this COMMENT? S 4.2.6. 4.2.6. Using Sequence Numbers as Packet Identifiers When using sequence numbers, a small header similar to the TURN ChannelData header is added in front of all packets that are not a STUN Probe Indication or Request. The sequence number is how would this interact with ICE, where you send Binding Indidcations. [FG] Working with the other authors to determine how best to update this section. Will provide updated text in the next drft. COMMENTS S 2. Probing mechanism (as described in Section 4.2). The selection of which Probing Mechanism to use is dependent on performance and security and complexity trade-offs. If the Simple Probing mechanism is chosen, then the Client initiates Probe transactions, as shown in Figure 1, which increase in size Why does this use probe and not binding-request? Then you wouldn't have a constraint on knowing the other side supported it. [FG] The PMTUD mechanism is meant to be used by any UDP-based protocol. S 2. security and complexity trade-offs. If the Simple Probing mechanism is chosen, then the Client initiates Probe transactions, as shown in Figure 1, which increase in size until transactions timeout, indicating that the Path MTU has been exceeded. It then uses that information to update the Path MTU. Most of the MTU mechanisms I know of start big and go small. See, for instance: https://tools.ietf.org/html/rfc4821#section-7.2 [FG] Updated to match RFC 4821. S 4.1.2. [RFC5389]. The server then creates a Probe Response. The server MUST add the FINGERPRINT attribute so the STUN messages are disambiguated from the other protocol packets. The server then sends the response to the client. I note that this doesn't let you measure PMTU in the opposite direction. [FG] yes, this would require the server to take reverse roles and act as a client to measure PMTU. S 4.1.3. client. 4.1.3. Receiving a Probe Response A client receiving a Probe Response MUST process it as specified in [RFC5389]. If a response is received this is interpreted as a Probe 5389 doesn't describe Probe, so you should lay out what this means. [FG] updated text in the latest draft. S 6.2. 6.2. PMTUD-SUPPORTED The PMTUD-SUPPORTED attribute indicates that its sender supports this specification. This attribute has no value part and thus the attribute length field is 0. When is this useful? Only when you want to use simple probing? [FG] updated the text in the latest draft. S 7. The Simple Probing mechanism may be used without authentication because this usage by itself cannot trigger an amplification attack as the Probe Response is smaller than the Probe Request. An unauthenticated Simple Probing mechanism cannot be used in conjunction with the Implicit Probing Support Signaling mechanism in order to prevent amplification attacks. I don't understand this last sentence. It can't be used? Doesn't the previous sentence imply you can? [FG] updated the text in the latest draft _______________________________________________ tram mailing list tram@ietf.org https://www.ietf.org/mailman/listinfo/tram
- [tram] Eric Rescorla's No Objection on draft-ietf… Eric Rescorla
- [tram] FW: Eric Rescorla's No Objection on draft-… Felipe Garrido (fegarrid)