Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-23.txt
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 26 September 2023 17:16 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89A00C13AE48 for <tsvwg@ietfa.amsl.com>; Tue, 26 Sep 2023 10:16:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FdRYWfBQmxUc for <tsvwg@ietfa.amsl.com>; Tue, 26 Sep 2023 10:16:40 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 70854C15AE03 for <tsvwg@ietf.org>; Tue, 26 Sep 2023 10:16:38 -0700 (PDT)
Received: from [192.168.1.81] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 105DE1B00062; Tue, 26 Sep 2023 18:16:34 +0100 (BST)
Content-Type: multipart/alternative; boundary="------------cP7EOMIkWtOy1pndTkF5EE40"
Message-ID: <1ff8e9b0-6480-3ad9-5ee0-ec99ffe5050f@erg.abdn.ac.uk>
Date: Tue, 26 Sep 2023 18:16:33 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.15.0
To: Joe Touch <touch@strayalpha.com>
Cc: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, TSVWG <tsvwg@ietf.org>
References: <68685502-E308-46B0-A1C9-EB1D0EA9D31B@strayalpha.com> <46DB3108-6D66-4892-9623-0FB68F57AB20@strayalpha.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <46DB3108-6D66-4892-9623-0FB68F57AB20@strayalpha.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/2TgHXKGQ1JeEtrtG_TBGdrllyJI>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-23.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2023 17:16:45 -0000
On 26/09/2023 18:10, Joe Touch wrote: > Swap /Teheran/ with /then/. > >> On Sep 26, 2023, at 10:08 AM, Joe Touch <touch@strayalpha.com> wrote: >> >> >> Changing that behavior would be inconsistent with the design of the >> options overall. >> >> The definition of a safe option is just that. Of you make APS unsafe, >> Teheran it cannot interoperate with legacy endpoints at all. >> >> Joe Yes, I do understand that. - I thought the utility was a stronger check that worked without a pseudoheader. That in itself requires a sender to know which approach is going to be taken by the receiver. This is UNSAFE. - The sender could negotiate out of band what it needs, or the application developer can decide when both client and server are designed, but this needs to be consistent. Gorry >> >>> On Sep 26, 2023, at 9:11 AM, Gorry Fairhurst <gorry@erg.abdn.ac.uk> >>> wrote: >>> >>> >>> On 26/09/2023 16:46, Joe Touch wrote: >>>> Gorry, >>>> >>>> Your view of APC doesn’t align with the text, which had been stable >>>> for a while now. >>>> >>>> The current text also explains why the current behavior is needed. >>>> >>>> Joe >>> >>> Yes, I see, I seem to have overlooked this change when it was added >>> in -09, it wasn't what I expected to read. Can we change this >>> behaviour? >>> >>> As stated, it isn't an alternative to a UDP Checksum: it adds bytes >>> that a receiver may or may not ignore, so therfore a sender still >>> needs to add a checksum, and I am not sure how this helps a sender >>> whoi can anyway include a CRC within the data it sends, to me this >>> just seems weird? >>> >>> Gorry >>> >>> >>> >>> >>>> >>>>> On Sep 25, 2023, at 11:58 PM, Gorry Fairhurst >>>>> <gorry@erg.abdn.ac.uk> wrote: >>>>> >>>>> >>>>> On 26/09/2023 05:30, touch@strayalpha.com wrote: >>>>>> >>>>>> >>>>>>> On Sep 25, 2023, at 7:36 PM, Tom Herbert >>>>>>> <tom=40herbertland.com@dmarc.ietf.org> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 25, 2023, 7:35 PM Tom Herbert <tom@herbertland.com> >>>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 25, 2023, 5:31 PM touch@strayalpha.com >>>>>>> <touch@strayalpha.com> wrote: >>>>>>> >>>>>>> See below. >>>>>>> >>>>>>> — >>>>>>> Dr. Joe Touch, temporal epistemologist >>>>>>> www.strayalpha.com <http://www.strayalpha.com/> >>>>>>> >>>>>>>> On Sep 25, 2023, at 5:21 PM, Tom Herbert >>>>>>>> <tom=40herbertland.com@dmarc.ietf.org> wrote: >>>>>>>> >>>>>>>> On Mon, Sep 25, 2023 at 5:08 PM touch@strayalpha.com >>>>>>>> <touch@strayalpha.com> wrote: >>>>>>>>> >>>>>>>>> On Sep 25, 2023, at 4:14 PM, Tom Herbert >>>>>>>>> <tom=40herbertland.com@dmarc.ietf.org> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Sep 25, 2023, 3:55 PM touch@strayalpha.com >>>>>>>>> <touch@strayalpha.com> wrote: >>>>>>>>>> >>>>>>>>>> FWIW, you can also “require ACS” at the receiver, if >>>>>>>>>> you want. That would ensure that ACS was both present >>>>>>>>>> and valid. >>>>>>>>>> >>>>>>>>>> UDP options are based on the core rule that senders >>>>>>>>>> decide what to offer and receivers decide what’s >>>>>>>>>> required. >>>>>>>>> >>>>>>>>> Joe, >>>>>>>>> >>>>>>>>> For something like CRC, the sender is in a much better >>>>>>>>> position to decide if it's needed. >>>>>>>>> >>>>>>>>> >>>>>>>>> Whether it is or is not, that’s not something UDP >>>>>>>>> options supports - what UDP supports is based on a >>>>>>>>> bunch of principles, including the need to support >>>>>>>>> legacy receivers. So if something is “required”, the >>>>>>>>> receiver has to demand and check for it. >>>>>>>>> >>>>>>>>> For example, if two hosts were communicating over a >>>>>>>>> rack switch, the ACS is probably pointless since >>>>>>>>> Ethernet CRC is sufficient. But, if the hosts were >>>>>>>>> communicating over an unreliable satellite link then >>>>>>>>> ACS might be critical. >>>>>>>>> >>>>>>>>> >>>>>>>>> Or the link/phy layer might have its own checks >>>>>>>>> anyway, e.g., block checksums. End to end errors >>>>>>>>> happen during reassembly or in memory, not all that >>>>>>>>> often on links that aren’t checked, AFAIR. >>>>>>>>> >>>>>>>>> In both those cases, it's the sender that has the best >>>>>>>>> view as to what's required because it may require >>>>>>>>> knowledge of the path to the destination. So, if the >>>>>>>>> sender computes the ACS, then the receiver should >>>>>>>>> honor that and verify it. >>>>>>>>> >>>>>>>>> >>>>>>>>> In some other protocol where those semantics can be >>>>>>>>> demanded, perhaps. But remember that anything the >>>>>>>>> sender “demands”, except for encryption, is at best a >>>>>>>>> “request”; receivers always get to decide what they >>>>>>>>> enforce anyway. >>>>>>>> >>>>>>>> Joe, >>>>>>>> >>>>>>>> I believe the general consensus in IETF is that >>>>>>>> checksum or CRCs may >>>>>>>> be optional to send, but not optional to validate when >>>>>>>> received. The >>>>>>>> precedent was established in RFC1122: "If a UDP >>>>>>>> datagram is received >>>>>>>> with a checksum that is non-zero and invalid, UDP MUST >>>>>>>> silently >>>>>>>> discard the datagram." >>>>>>> >>>>>>> That’s for checksums you know are coming. A legacy >>>>>>> receiver won’t know or care. >>>>>>> >>>>>>> UDP option-aware receivers work like legacy receivers >>>>>>> UNTIL they are explicitly told otherwise. That’s the >>>>>>> basic operational principle. >>>>>>> >>>>>>> So you can tell your receiver to care about ACS if it >>>>>>> shows up all the time. Or not. >>>>>>> >>>>>>> Here’s the current text, which follows these principles: >>>>>>> >>>>>>> >> UDP packets with incorrect APC checksums MUST be passed to the >>>>>>> application by default, e.g., with a flag indicating APC failure. >>>>>>> >>>>>>> Like all SAFE UDP options, APC needs to be silently ignored when >>>>>>> failing by default, unless the receiver has been configured to do >>>>>>> otherwise. Although all UDP option-aware endpoints support APC >>>>>>> (being in the required set), this silently-ignored behavior ensures >>>>>>> that option-aware receivers operate the same as legacy receivers >>>>>>> unless overridden. >>>>>>> >>>>>>>> For user perspective, if I set the ACS in my packets >>>>>>>> but the receiver >>>>>>>> may or may not validate it then it doesn't seem very >>>>>>>> useful as a check >>>>>>>> for corruption of the sender's data. >>>>>>> >>>>>>> It is useful when the receiver agrees it is useful. >>>>>>> >>>>>>>> I'd probably put a CRC in the UDP >>>>>>>> payload instead that I can assure it is always verified >>>>>>>> by the >>>>>>>> receiving application. >>>>>>> >>>>>>> You can do that if you want, but then it means that it >>>>>>> cannot be silently ignored by a legacy receiver. >>>>>>> >>>>>>> >>>>>>> Right, that's exactly the desired non-deterministic >>>>>>> >>>>>>> >>>>>>> Deterministic I meant >>>>>>> >>>>>>> behavior that we want with regards to a CRC. Silently >>>>>>> ignoring the CRC also means that data corruption would also >>>>>>> be silently ignored. >>>>>>> >>>>>> >>>>>> >>>>>> So you have two choices: >>>>>> >>>>>> 1. Use UDP options with ACS (which is now APC) >>>>>> a cooperating receiver would know to set APC as required and >>>>>> would drop packets if APC fails >>>>>> >>>>>> 2. Create a new application that knows to require APC >>>>>> so that the application can enforce CRC in the payload >>>>>> >>>>>> But if you can do (2), why not do (1) and have the application >>>>>> enforce APC-required? >>>>>> >>>>>> Joe >>>>> >>>>> I'm reading this with some doubt now. >>>>> >>>>> I think option the above option 2 needs to be strongly >>>>> discouraged: it provides a place to send an integrity check, but >>>>> it doesn't protect the parsing of the other options nor their >>>>> data, which would leave all other fields unprotected. That check >>>>> would better be provided within the application data, and we ought >>>>> to remove this option if that is all it does. >>>>> >>>>> Here is what I thought had been designed: >>>>> >>>>> I expect a sender chooses whether to add an APC option. >>>>> >>>>> If a receiver receives the APC option, the receiver must to either: >>>>> >>>>> - discard all datagrams that contain an APC that it decides not to >>>>> check, or when the APC fails. >>>>> >>>>> - forward datagrams that contain an APC that passes. (It MIGHT be >>>>> configured to always expect an APC: which I think is the ONLY >>>>> receiver decision). >>>>> >>>>> ... This differs from the benign "use or ignore" processing that >>>>> applies to most options, but it is exactly the required logic that >>>>> I would expect and I thought we previously discussed. >>>>> >>>>> Gorry >>>>> >>>>> >>>
- [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Alex Burr
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Lloyd W
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Rodney W. Grimes
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Michael Welzl
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Erik Auerswald
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Erik Auerswald
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Erik Auerswald
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller