IETF Logo Mail Archive

Re: [tsvwg] UDP source ports for HTTP/3 and QUIC

"Black, David" <David.Black@dell.com> Thu, 22 July 2021 18:11 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 376073A0C42 for <tsvwg@ietfa.amsl.com>; Thu, 22 Jul 2021 11:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.541
X-Spam-Level:
X-Spam-Status: No, score=-2.541 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHuyHvC5gWnJ for <tsvwg@ietfa.amsl.com>; Thu, 22 Jul 2021 11:11:01 -0700 (PDT)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 266F93A0C45 for <tsvwg@ietf.org>; Thu, 22 Jul 2021 11:11:00 -0700 (PDT)
Received: from pps.filterd (m0170396.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16MI2NIp012954; Thu, 22 Jul 2021 14:10:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=smtpout1; bh=dP6SwKT/7k/P/DEgTaOFlv/R/8rj0dtOfap6k7Y5eBw=; b=FYiVTfBhhVEuwZfDCDoW18aynprDpOhl3W08YryB5lzSsrowq5Z2wcPyPMugHH/+EwZZ UavY9xDSEgfZQxb/eJcrMvgFNInxodOlpcTcALhlGO6sV0uHT/CwHfd676Hp97v5//EP W1/viuM2PR3RvNdew5jye9sulE+KDfK8Msu25yIf5lxAaRu0STOL/SKdheKLIp7D7C5b YDdeR20salKnjGtYD3VjCOf1fepTqpxoHlMgEQSbvuAIo1pTIe5dRz5nXR6YDFwsGa/g kzhVCQ+/MPGVMzYSLz6eQ76bWycBNqYhF7gacqGt7j+MDgVwKZWjQdzm0lUwW49o6/xL mw==
Received: from mx0a-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0b-00154904.pphosted.com with ESMTP id 39xb3qqry8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Jul 2021 14:10:28 -0400
Received: from pps.filterd (m0089484.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16MIA2Cr080687; Thu, 22 Jul 2021 14:10:27 -0400
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2109.outbound.protection.outlook.com [104.47.55.109]) by mx0b-00154901.pphosted.com with ESMTP id 39yb2ktuj8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Jul 2021 14:10:27 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VhQSVOLTgmg58DNbh8U3HPJzRNxKsW1WNzLtuhJJqeW+1xEWp30rHWGbQB0sb7wbe+f4ZoeAxej+1QoZrDuWNbYnL0Vc2Zj7y6NIMKa6YX2622/3WIoVdunxkb70od+pEFo4buH8BioHJ9qC7VhuccGa3DWz1Cf67Ay5/hhsaImOh1TdUj8Mkw4BvWaeqR+scb/15TmrMGuEouKE6BA/lEP7cDsebj0pdeFCQ9War+ieHtA4mrWkgrPwliEngqRJkOUpMThRPfQAUtqEWeY/3H6SEnRhLflTPmQa9XSFxcgor2hpuVTP/gjo5LfYZJNxjMPZtnP8WgeFvQglvzh6/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dP6SwKT/7k/P/DEgTaOFlv/R/8rj0dtOfap6k7Y5eBw=; b=B8ir9sinW1UMzxMA/oeHhHjbe9ds7Rp+pv/hF73fdyhyhJhJu5nfUC4Dha5EpYk85g3X8KFvllmmhMfZ1wVpm786vX4UiGm1SCYzH2cS62C5H9UEFNmRXOweznJNWQjVBSvWPBU9k6k8oUH0tWiGD05ZX4kODQuT9UrMSIvQBjQYe53s3mZ9fMt4/9svrIxn/3G7mryKxnyJbpJYaYbKu67sh06v5HPGXRyyPu9puLRjBxulAOM3a1K5FHIq0sEj+FJ7/HvqEQ+bGqeESoAFI8MhXz2WQWVAThHjvvUl86L/wpwddYd1aOytWd7saA+UFSRvMkn25QtvsOSiLI84fw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB4158.namprd19.prod.outlook.com (2603:10b6:208:18f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.24; Thu, 22 Jul 2021 18:10:25 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::95f9:b5b3:56ae:4362]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::95f9:b5b3:56ae:4362%7]) with mapi id 15.20.4331.034; Thu, 22 Jul 2021 18:10:25 +0000
From: "Black, David" <David.Black@dell.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Joseph Touch <touch@strayalpha.com>
CC: Mark Nottingham <mnot@mnot.net>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [tsvwg] UDP source ports for HTTP/3 and QUIC
Thread-Index: AQHXfRWTZzzPNpBh0k6ullxufsYrSatLOJoAgAAHd4CAALWUAIAAOrNQgAJBegCAAKd1sIAADdyAgAAndgA=
Date: Thu, 22 Jul 2021 18:10:25 +0000
Message-ID: <MN2PR19MB40454F6D65F78FD618C691E283E49@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <3985895D-D420-4995-831E-332E33693B79@mnot.net> <CF409524-96F3-412A-A8DB-E4EFFDD9F4E7@mnot.net> <E62515E7-38FD-4197-8CF0-2D196FB6D6C4@strayalpha.com> <16CD883B-9561-41A5-97E0-43EF3618333C@mnot.net> <8235BE77-7849-49A3-A709-EB32EB039982@strayalpha.com> <AA5B1FC1-E0E8-488F-AE2E-F21696AD0A06@akamai.com> <MN2PR19MB4045E5063CE13DDE39D5BE8683E29@MN2PR19MB4045.namprd19.prod.outlook.com> <9263482C-2E0A-46F0-9351-B63C0E3B53E0@strayalpha.com> <MN2PR19MB40450ACCE13E4A335FF929A483E49@MN2PR19MB4045.namprd19.prod.outlook.com> <694559d2-c0ac-80f2-7336-950bf6384a9d@erg.abdn.ac.uk>
In-Reply-To: <694559d2-c0ac-80f2-7336-950bf6384a9d@erg.abdn.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Enabled=True; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Owner=david.black@emc.com; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_SetDate=2021-07-22T18:10:24.2082515Z; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Name=Customer Communication; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Application=Microsoft Azure Information Protection; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_ActionId=094d026a-7aa2-4435-9dfe-4f22a167ac5b; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Extended_MSFT_Method=Manual
authentication-results: erg.abdn.ac.uk; dkim=none (message not signed) header.d=none;erg.abdn.ac.uk; dmarc=none action=none header.from=dell.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fe45ce29-976b-470d-0107-08d94d3bfacf
x-ms-traffictypediagnostic: MN2PR19MB4158:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR19MB4158B5AA5D2E74940BDC810883E49@MN2PR19MB4158.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EH0D1xZSVznaqu7R+jS/yzdPtCZlXKvDzVRpsyrpLvdMD92lQCSmoWuvBPRioU3thV8H0L97USLGLBEli1TSJhMKdm9nWkjuBdwyocnM2cfEk8lN/TZEGuizL754cmDvHt8PUXku7n5LZw6VKn1bq6dddV6B1ngtlapbuSTc5GAvRgV44KmznilG2TUv95ygpd8UEu4t6AmIMc9txJ9LVHfKiwKGLWuZpA0flriYgDXcTFugTX/g0gBSpK6lBOyD0fSzMnwJrA2BJ+//kcMocWAOazyxi0nYKpXlteCIC/k2RT2AKvDKDVFFYOJOZ12viofookDN4kaY1D3mWULz2z4bRh+XGwH/LN2IFwhDu1MLbvuLWSELfC6V1M2SST1qykwUiBYp6GQkHwSSxUIXovjl/pfVLgAPI/MsdAba/Vkp8u3knKYdUyMwR7DNrj05WZsbKFRh9KAPZYDtqSytBwyjt32Xo4KCpsC1gM9HDRgKn6rQZ+UQCW/oXFkeg3OQZJ6rnluY19Gzd3R7HLmIrzXTHp7uyx95Z6ilzfVmbzExguqjAwiyTa2kZGQ5ukUI2xVgYApNXK9c5qk6hkuHZeIBqfCL6YvlzcGHBd/ROTo6K+1+R6Q5jFkF0qig+37q4EWEIAHhCqaPgPrCI5YnB3UZkstvI+MwQDyrIT5oXefQ8/nxXPBuzkzR/ddhlH9hdJiigjffpSgdxJ/iTCKH0nu7ZHXz2JV3TLIpiF9YWeRXWbkr/W7wQUmHKRjHTXGNdIvW4KAdu/wD5NMJk0HPjNsqun1KWylXRjEdI1XHq7o=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(346002)(396003)(39860400002)(136003)(8936002)(110136005)(166002)(7696005)(66946007)(5660300002)(9686003)(66556008)(478600001)(53546011)(71200400001)(6506007)(4326008)(107886003)(8676002)(786003)(186003)(64756008)(316002)(54906003)(52536014)(26005)(76116006)(66446008)(38100700002)(55016002)(86362001)(33656002)(296002)(66476007)(122000001)(83380400001)(2906002)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZOjQbdJpFnS8wQsXQdTE6k2FYUMuebwmP8yaajfm5sDIq9hGvBKJybM1R5H4mN+avV6IiTd7htTPBPOMZvOXB4jjQw8bEWa/UPa1tRPho65BH+Q3Jb1mUdnDkS/W3+9czJlsXEvqqbObrIPQ76KOZWTDTeDmDJ19xL8+MQpKcGtLwPjH8x93BwxB/p7pnockpdKSVHSMDTdZWpM9ZbSSPrIcMgD3q2fqCISNmWRbyvtDkuurPzb2HUP++gF3VD3lPojqHSYWw2UqldGvtvnt9Tlk6vkmBFte4d2MtU5z4fHPzOq00yqaTNLrsFQ1xcoj/xhmwyEBoXboNMM62Uz/2Oq9KP6xwZWgp2jr+sWaYjr3r3/u4SheUmJuvHxY/BpsM+d6FxQssM3EfzMXvJ9nw1e4veU40lk0FtU/KByVNliQ9vmDnSge9DJ9R/6pN2PU0BrJ7BDNGUri/WcODR3WCAl29Ypp48a91DS5zvKKk8SkbQc0OdKvPcQa1Ptm41h2hWYolcBHxzy2yfqQsVlOWXfZsobtK5XzyEYihvWxsGtfNtNRSCNBQB8PjJ6e80EhqUriSkcea1MdnipJCNb5VQSjJGdxTcwRYc+D98CedowGL4kZHXPJKI7ECmWniqs1DwzKOqp+RjuVW2DyRi4IUB6mHY+OeD7DdhrYi7hC905ywZF+hH1jFCSr5AftHLRqTdxTdbO42DyNGLUTSOqZn1pUJG154egwWHFHrn7VlMHpr4wPZlQCu2fVXS5EYLscUXlT6lUrW8f2VmQKLqpTWXMpL4as69WCQJyH1xtHkECxMyatXi9q/51lAb1JH15CV0D47GjIlrQGNjsSaf+Jjzpec3jV7tvWKTVtfxy0UismAibim3NZlZPLugvmyAq1E7wj1WBRmTBGoct4yZH8A+ONEwBZQYznqv7q+deyRnUqcanMdWRBG7ujmGMZPpAM8VTUKqKYQ6SOT7NOpShv/mBCHIfEzMrejH7h9SKJcLxv0+aKdJNNEWXqjI4iEL2L3uCyeB+HkaBD6UbzWXaA6LHRIFpEyvUsDjn3WiwQVFYB5cC96omKaTa7/6gk/tJAZikIdeHD/pUPKccFsdxb4hX5C6AGhoDS3KMqbhpWzh/c0enbAIUSQEnBuIWXLxYaRRbROnYPk5vd4gaRYhgPeyD0kyMZCYS6WM8vV4vx+o1xhYd6vRwZaBq6ugI8l3uZA5vv5BOy2EQsV3eA6+s5KgV786qRIYNtZk0un5Cpsr3cOBkYR8OXm1dxfJnFqoQIyfehgzEHbty577u3qm5tgGRQ4/TfgjCChf+UR/oxSc6hYID71kDs9Xfvlcll2wvM
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB40454F6D65F78FD618C691E283E49MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fe45ce29-976b-470d-0107-08d94d3bfacf
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2021 18:10:25.5068 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ySNc+V1bHK6HrX3s84Zzo6tRusYNETkyLYMcfZE8hMdpzMj5FWC3T5PYxo+YCluuyxZYL+MqYkEeR5wgk9YR6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB4158
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-22_12:2021-07-22, 2021-07-22 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 clxscore=1015 spamscore=0 impostorscore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107220119
X-Proofpoint-GUID: VTSp0rsJCAUQtPtQWKdSB_aaf_nEPGJ0
X-Proofpoint-ORIG-GUID: VTSp0rsJCAUQtPtQWKdSB_aaf_nEPGJ0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxscore=0 phishscore=0 malwarescore=0 suspectscore=0 adultscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107220118
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/5VN4xAXF-hD2fZV98NFqlhjCbpo>
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 18:11:07 -0000

Dell Customer Communication - Confidential

Hi Gorry,

Quoting from the original message that Mark forwarded (https://mailarchive.ietf.org/arch/msg/tsvwg/7Fbxa5NryyUzJSWesNFbAx6hs3U/ - scroll down past Mark's initial remarks to TSVWG):

> If a client chooses source ports from the ephemeral port range, this shouldn't be an issue. However, some implementations (or deployments) extend the source port range "downwards" to avoid exhaustion:

Thanks, --David

From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Sent: Thursday, July 22, 2021 11:46 AM
To: Black, David; Joseph Touch
Cc: Mark Nottingham; tsvwg@ietf.org
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC


[EXTERNAL EMAIL]

I'm still misisng some context about the use case why a QUIC client would wishes to use a source port outside the ephmeral range.

Although it was always possible to use all ports as source port, that use does not come without pain. And QUIC multiplexes data, so  what's the use case for using the lower-numbered source ports?

Gorry




On 22/07/2021 16:05, Black, David wrote:
Hi Joe,

Let's start from a couple of aspects where we're in rough agreement:


  1.  "... agree with documenting the problem as a problem, but not as a practice." &
  2.  " ... no problem making a list of ports that people ... attribute to attacks."

Someone ought to "Send Draft!" (credit to Randy Bush) that contains an explanation of the problem, text to create the new IANA registry that lists the ports plus some discussion of what can usefully be done.  That draft's text on implications and recommendations (what can usefully be done) can then be discussed in detail to get to precise text that is acceptable to all (e.g., what to do about the view that attribution to attacks in the second bullet may be mistaken).

Does that sound reasonable?

Thanks, --David

From: Joseph Touch <touch@strayalpha.com><mailto:touch@strayalpha.com>
Sent: Thursday, July 22, 2021 12:57 AM
To: Black, David
Cc: Holland, Jake; Mark Nottingham; tsvwg@ietf.org<mailto:tsvwg@ietf.org>
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC


[EXTERNAL EMAIL]
Hi, David,


On Jul 20, 2021, at 12:02 PM, Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> wrote:

Explaining as an individual, not WG chair ... TL;DR - +1 on Jake's comments, his understanding matches mine.

Providing some more detail ...


As I understand the proposal, it's to say "these source ports
happen to match common attack targets that are listening ports
for other protocols, and thus commonly get special handling to
help avoid reflection attacks against those servers".

+1 - this is about documenting "running code" that discards traffic that uses one of those UDP source ports.

There's a hazard with this viewpoint, IMO.

It's like observing people driving on flat tires and thinking the road is bumpy.

There are two solutions:
              - document existing practice and describe how road engineers can redesign roads to avoid the problem
              - document that driving on flat tires is incorrect and explain what it impacts

I agree with documenting the problem as a problem, but not as a practice. The latter viewpoint endorses it, which then means we all have to accommodate that behavior.


There's no precedence for that decision and no registry where
those values would be indicated.

The proposal here is to create such a registry.

I definitely agree that a new registry is wanted/warranted,

I have no problem making a list of ports that people MISTAKENLY attribute to attacks.

However, those who assume that a packet is bad simply because it uses one of these source ports is ITSELF incorrect. Just because it works when you're under this attack, doesn't mean it is safe to do when you're not.

Let's please not endorse incorrect conclusions that source port has this sort of meaning.

Joe

v2.23.0 | Report a Bug | By Email