IETF Logo Mail Archive

Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-requirements-16

Joe Touch <touch@strayalpha.com> Mon, 26 November 2018 23:02 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EAEC13103C; Mon, 26 Nov 2018 15:02:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Level:
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xisahv36Q2Hr; Mon, 26 Nov 2018 15:02:22 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A0C6126CB6; Mon, 26 Nov 2018 15:02:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Message-ID:References:In-Reply-To:Subject:Cc: To:From:Date:Content-Type:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wrBsAscg3V/X6oj/RGFdXm44n95v3LV3HOhzTvGAhKw=; b=rFhik5qvmPsTfVcqi8mSx5ZrR dBBfz+36e+JPwta4w2k8jq+T9edIgAKnKtkU0AAzmSd495M1O39ugga+p7oKtdodA5wrQUABv78Ut 5rri8M4Ad3XTS50aYzbxMXmrniSCAbVvuU0UEzQYjbFVGYm5Czq4UPvtH7X414UpMqBWHDf4oyopm KUtH/yDJxZoW76Td3ybinJmJ55teZXdcdy8+3SQT5fMY83K5ok9uhP755K5kT83r7/P6jMGqnuWL+ YWQJu0w37RtaOGxHwkT3zseUnlSfoKC6wZQ3Fc4/wAZkIotR/DrAkSUuEpuax5mtmqbQkIFxxINDp LNFxOFr5g==;
Received: from [::1] (port=43236 helo=server217.web-hosting.com) by server217.web-hosting.com with esmtpa (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gRPtO-0025V8-FO; Mon, 26 Nov 2018 18:02:18 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_50dc47a3dd2790ee100388482989f000"
Date: Mon, 26 Nov 2018 15:02:14 -0800
From: Joe Touch <touch@strayalpha.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: tsv-art <tsv-art@ietf.org>, draft-ietf-dots-requirements.all@ietf.org, ietf@ietf.org, dots@ietf.org
In-Reply-To: <20181126221445.GC10033@kduck.kaduk.org>
References: <154250516269.15956.17131342239124604403@ietfa.amsl.com> <20181125211734.GE70217@kduck.kaduk.org> <887D02F8-A9BA-4467-9CE8-D8A3583F5773@strayalpha.com> <20181126221445.GC10033@kduck.kaduk.org>
Message-ID: <2b27fe6edf9427f6c086bfb9bf6492dc@strayalpha.com>
X-Sender: touch@strayalpha.com
User-Agent: Roundcube Webmail/1.3.3
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/uEWDxhq-IA7VEJZDufKjONorbzU>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-requirements-16
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 23:02:26 -0000

Thanks for the input -- some suggestions below...

On 2018-11-26 14:14, Benjamin Kaduk wrote:

> Hi Joe,
> 
> Many of these points are at a point where the authors will need to weigh
> in, but I can help a little bit more...
> 
> On Sun, Nov 25, 2018 at 09:08:39PM -0800, Joe Touch wrote: Hi, Benjamin,
> 
> On Nov 25, 2018, at 1:17 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> Hi Joe,
> 
> On Sat, Nov 17, 2018 at 05:39:22PM -0800, Joseph Touch wrote: Reviewer: Joseph Touch
> Review result: Ready with Issues 
> [reformatted for readability]
> 
> Transport issues:
> - The GEN requirements refer to signal and data channels; it should be more
> clear that these would be transport associations or connections, not
> necessarily separate port assignments
> 
> - GEN-03 recommends transports that avoid
> HOL blocking, but that blocking can occur at any protocol layer (e.g., when
> using TCP as a tunneling layer or at the application layer) 
> Is the concern about "conveyed over a transport not susceptible"?  I don't
> think that one needs to read "transport" as "lowest level transport
> protocol" here and it would equally apply to any tunneling layer.

The point is that avoiding HOL blocking at one layer may have no impact
on HOL blocking at another layer. If HOL blocking is a significant
problem, it needs to be noted that this can happen at many places in the
stack, not just at the transport layer. 
HoL blocking is a very big problem for the signal channel specifically,
so
this is good feedback.

> - SIG-001 - PLPMTUD
> should be used instead of PMTUD; PMTUD (relying on ICMP, which is often blocked
> and remains insecure) should be avoided. The PMTU of 1280 is relevant only for
> IPv6. The use of 576 should be more clearly indicated as applying only to IPv4.
> (note there is emerging PLPMTUD for UDP). 
> The IPv4 text is phrased as it currently is since there may be tunneling
> scenarios that go over IPv4 at some intermediate link even if the endpoints
> are speaking IPv6.

That should be made more explicit.

> With respect to PMTU vs. PLPMTU, can you give any guidance on whether the
> literl 1280 and 576 values are equally valid for assumed PLPMTU as for
> "true" PMTU?

These are independent issues. The MTU minimums are set by the protocols;
the MTU used on a given path is discovered by PMTUD or PLPMTUD; the
former is not as reliable as the latter, due to ICMP blocking. 
Maybe I am confused, but I have in mind a scenario where we PLPMTU
discovery fails so we assume 1280, but there's a tunneling protocol and
we traverse a minimum-MTU IPv6 segment, so our packet would be too big
if
we assume PMTU of 1280 and don't know about the tunnel.  Can we do any
better than the existing assumptions from the IP minimum values? 

A tunnel that transits IP MUST be able to send 1280 bytes across it.
That may require fragmentation at the ingress and reassembly at the
egress -- which is why IPv6 link MTU is 1280 but the receiver reassembly
MTU is 1500. You cannot simply say that the tunnel eats the MTU and the
MTU is below 1280 - that's not allowed for IPv6. In this case, the
PLPMTUD between ingress and egress could report 1280 while the
end-to-end path that goes over the tunnel also reports 1280. 

This is explained in more detail in draft-ietf-intarea-tunnels 

> - SIG-004 should address the use of
> TCP keepalives for TCP connections as a way to achieve heartbeats. 
> I don't believe that there is an IETF consensus position about what layer
> is best for performing heartbeats; see the "statement regarding keepalives"
> thread.

There's a lot of misundestanding on this issue. Keepalives can be needed
at multiple layers; a keep alive at one layer is never a direct
substitute for a keep alive at another layer. If keepalives are enabled
at multiple layers, they should never need to interfere, though - they
basically disable keepalives at lower layer ONLY when they are frequent
enough relative to that lower layer.

> In particular, since this signal channel is going to support
> non-TCP transports and prefers UDP over TCP, it will need its own heartbeat
> mechanism anyway, at which point the TCP-layer functionality is going to be
> fairly redundant.

It depends on whether you also need TCP to keep active state. If so,
turning TCP keepalives on would not necessarily interfere with app-layer
keepalives; it would serve its own purpose.

Again, the error is thinking that keealives at one layer either avoid
the need for keepalives at another layer OR interfere per se; correctly
implemented, they do not interfere even when enabled at multiple layers.

I don't think that's the argument I was trying to make; I'm saying that
this is a generic requirements document and we are covering the
application
layer's heartbeat needs.  If we don't require stable transport state
(note
the lack of such a requirement in the SIG-XXX block), then why would we
need to talk about TCP hearbeats at all? 

An app layer can decide to use TCP as its heartbeat under some
circumstances, e.g., when it monitors the TCP state and uses it to
determine the application state. If that's never going to be sufficient,
they you should say so and explain why. 

> - SIG-004 is
> self-contradictory, at first claiming that agents SHOULD avoid termination due
> to heartbeat loss then later saying they MAY use heartbeat absence as
> indication of defunct connections. Even though SHOULD and MAY can be used
> together this way, the advise is confusing. This is a case (see below) where
> the reasoning behind exceptions to SHOULDs are needed -- but the MAY clause is
> a far too trivial (and, based on our experience with BGP, incorrect) condition 
> Can you double-check this?  My read is that there are two factors involved
> and we are only giving guidance on two quadrants of the truth table, with
> the two factors being "failing to receive heartbeats" and "attack traffic
> is present".  (The attack traffic is assumed to be swamping other traffic,
> but when there is no attack traffic the heartbeats should be more
> reliable.)

You need to explain these as a SINGLE recommendation. Putting
contradictory advice in different places makes it confusing to determine
how it is applied. 
I'm still not seeing how these are contradictory.  We have "if A and not
B,
do X" and "if not A and not B, do Y".  The predicates are different, so
where is the contradiction? 

SHOULD avoid termination due to the lack of heartbeats 
  - Implies that I can I terminate due to lack of heartbeats only in
some (exceptional) circumstances, 
    but doesn't say what those are 

MAY use heartbeat loss as indication of defunct connection 
  - Gives blanket permission to ignore the SHOULD above, without
consideration for circumstance 

Those are contradictory as phrased. They could be revised: 

SHOULD avoid termination... except possibly under circumstance X 
MAY terminate during circumstance X, but (we'd prefer not) OR (anytime
it wants) 

Joe 

> -Ben
> 
> - DATA-002 should suggest protocols for security, at least indicating whether
> these need to be at a particular protocol layer (IP, transport, application),
> etc. 
> I think it's fine for a requirements document to limit itself to the actual
> cryptographic requirements.

If you have something in mind that exists, say it. If not, then assume
it will be incorrectly interpreted as suggesting something you didn't
have in mind.

IMO, better to avoid the ambiguity, i.e., to actually include the
following to explain that TLS is sufficient:

> FWIW, the current data-channel spec is using
> TLS.
> 
> -Ben
> 
>> Other issues:
>> - the document uses SHOULD without qualifying the conditions for exception
>> 
>> Nits
>> - the abstract is too brief
>> - Several requirements suggest that use of TCP avoids the need for separate
>> congestion control; the same should be mentioned of SCTP and DCCP.
> 
> _______________________________________________
> Tsv-art mailing list
> Tsv-art@ietf.org
> https://www.ietf.org/mailman/listinfo/tsv-art

v2.23.0 | Report a Bug | By Email