Re: [tsvwg] https://notes.ietf.org/notes-ietf-117-tsvwg# UDP options discussion
Tom Herbert <tom@herbertland.com> Wed, 26 July 2023 19:33 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6F3C151709 for <tsvwg@ietfa.amsl.com>; Wed, 26 Jul 2023 12:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fi-CblbNZ-75 for <tsvwg@ietfa.amsl.com>; Wed, 26 Jul 2023 12:33:15 -0700 (PDT)
Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB85FC15155A for <tsvwg@ietf.org>; Wed, 26 Jul 2023 12:33:15 -0700 (PDT)
Received: by mail-il1-x134.google.com with SMTP id e9e14a558f8ab-348c8fc6eb9so385975ab.2 for <tsvwg@ietf.org>; Wed, 26 Jul 2023 12:33:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1690399995; x=1691004795; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=acxk9UsJDaLCGhEfVMVY4BL+Xg+0LGmIfLCikd71L90=; b=g/wzSihY/LDG95wY+TiGi6qKopXeWEPj6eGFMfU7Ah9s1/MtHSqZe8wQgFiABjPZES HEFOnbQNJ4RbNc/uZCC7wwFgUonnAFcWWNjxSaZ28658iaXcBjmAXEpLu4cjRtwNwZZl gAUox6ZRmTK8xfa36aKVHAFPFh76XTu8wSBn7J3YBE0C5BO2mA5uc677Va1s5OQn1JZT nVTwiPi7XhzF6PD0nyiLdWVgqFYb7fG/I4wSfh8YnNbpbfEVvsnl3q+7aZZTiSGeHI/f 9f1B9t6zQdHQTeqppf2M+Z7xtUjMYlGOIONCA8GYBiZyhzJISv9Zur7l4V7dJZDaIQay QVRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690399995; x=1691004795; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=acxk9UsJDaLCGhEfVMVY4BL+Xg+0LGmIfLCikd71L90=; b=isqFr8SHaTkCxWlvP7fZwb7MGcLU/Xv/2qjoKy5RpkJAwirA7hxvLdnDJZHFWQ/H4Y y73/xGzyEHSgilI72yogZiVjDq69MQynSBs1lMchNl0Q7DQ01DUaxhokxCpdpHJy4m/+ fl4pTh9iTSX46Z1bYsh6wR4ujlWxb58VYhy+fkAatBnpBklrHbnkpGeNJ8TZyMvaE02L yOqr7TPARErwYHdsl/8f0U+6JEzEvrf0d5uIKh3Y8xemHKsnuQfWHVAiQtv/FbR1zz1i 7snDmFVVas1rXBQDPwJFQARWfp7++4czfVA1iq34HrFI3fCIBbqgsXmqBHLis/f+dgO4 H1Iw==
X-Gm-Message-State: ABy/qLZeLVQYhalw76P/3Cu73JACO0QsNABdmBahIxvzQoA9JIzky4JX 1oUjWhwf0RQAoSxim9UOnrvRiDJlpSItqRMtD+agGg==
X-Google-Smtp-Source: APBJJlFbLavg7Ow54U9XMWVMozbMVj8TMVW61zzXPzTn98QKKbrZYazJKz5EXCWxYKqGnyR3+Qog4wf0DgIbeBrXegU=
X-Received: by 2002:a92:cdad:0:b0:345:f28f:cc26 with SMTP id g13-20020a92cdad000000b00345f28fcc26mr3502972ild.24.1690399994946; Wed, 26 Jul 2023 12:33:14 -0700 (PDT)
MIME-Version: 1.0
References: <trinity-35b7d0fa-f62c-4f38-8778-06054cf80141-1690353455216@3c-app-gmx-bs42> <CACL_3VHOnsSXVgma7iOLcoJiKPAhb8yXRVQft1NRX_VJZDD8RQ@mail.gmail.com> <CALx6S36c6GmD=BdhSMy7QHCwYi8Dj+eb0Np4vuGMaazWDsiQkg@mail.gmail.com> <CACL_3VE+oKOHe7FukjQfTG9qRVipaUyOFJZYVQdSn_GKVOVVUw@mail.gmail.com>
In-Reply-To: <CACL_3VE+oKOHe7FukjQfTG9qRVipaUyOFJZYVQdSn_GKVOVVUw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 26 Jul 2023 12:33:02 -0700
Message-ID: <CALx6S37tgVhZPyhAmmi-g4zCC09ndCGMZ0Tc5r+=-=uHSzfbSA@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: Sebastian Moeller <moeller0@gmx.de>, tsvwg <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003a3d68060168eb51"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/5vx7Om0un_8r3AChhZEYQ4i-da4>
Subject: Re: [tsvwg] https://notes.ietf.org/notes-ietf-117-tsvwg# UDP options discussion
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 19:33:19 -0000
On Wed, Jul 26, 2023, 11:32 AM C. M. Heard <heard@pobox.com> wrote: > On Wed, Jul 26, 2023 at 9:45 AM Tom Herbert wrote: > > It's not so much design principles, it's realities of deployment or > > lack of deployment that we have learned with experience from other > > protocols. We know that protocols with unlimited TLVs where unknown > > TLVs can be ignored is an invitation to DOS attack. We also know that > > any plain text in a packet will be read and consumed by some > > intermediate nodes in the network; this is an invitation to ossifying > > transport layers, or worse a security vulnerability when the plain > > text reveals information about encrypted data. As I said, there is a > > real risk that providers will filter packets with surplus area if > > there is ever a problem with UDP Options (even the perception that > > there might be a problem could be enough to drop packets). > > Thank you for clarifying and expanding upon your mic comment. > > > That being said, the more troublesome issue is about Christian > > comments that UDP Options should not be allowed with encrypted > > payloads. > > I get the sense that the WG is generally in agreement with this; in > the case of QUIC in particular, it's been established that the > currently specified UDP options do not offer any capabilities that > QUIC does not already have, while on the other hand there is a > temptation in some quarters to define new options that expose > information QUIC was explicitly designed to conceal (I'm thinking of > specifically of draft-reddy-tsvwg-explcit-signal). > Mike, Yes, there are valid use cases for hosts to signal the network, QoS immediately comes to mind. The temptation here is to use UDP Options" because the proper technique, HBH Options, "doesn't work". Even if I believed the argument, I am doubtful there's a path to deployment or standardization in IETF for using UDP Options for this purpose (layering violation, UDP specific, relies on unproven protocol, yet to be shown it's any more deployable than HBH, difficulties to process TLVs in trailers efficiently, lack of deployment, etc.). So, UDP Options should only be an E2E protocol. As I mentioned previously, regardless of the requirements, some network nodes will decide to inspect any plain text in a packet data. They may even decide to modify it. This is true for UDP Options. I don't think this is necessarily a showstopper, but it does need to be considered. Tom I do understand > Christian's antipathy to exposing anything about QUIC (or any other > encrypted protocol carried over UDP) as cleartext in the surplus area. > That certainly is not something that we should standardize. But given > that the whether insertion of such cleartext information is done is > under endpoint control, I fail to see how the very existence of UDP > options poses a threat to QUIC or other end-to-end encrypted protocols > that use UDP as a substrate. I'm expecting to be educated shortly :-) > > > Given that the trend is towards encrypting as much of the > > packet as possible (if it was feasible, I think we'd regularly be > > encrypting TCP headers), if UDP Options were restricted to only work > > with unencrypted payloads I have to wonder if there are a sufficient > > number of use cases to justify the protocol. I don't know how this can > > be addressed; maybe since UDP Options are end-to-end, there should be > > a way to encrypt them along with the payload... > > The potential lack of sufficient use cases is definitely an issue, and > the length of time that it is taking to get this spec done has not > helped at all. The greatest potential that I see in UDP options is to > improve matters for legacy applications such as DNS that rely heavily > on classical UDP but suffer from poor network handling of IP fragments. > A migration to UDP fragmentation can be done in a manner that is > backward compatible and incrementally deployable. If DNS has at best a > long and tortuous path to migrate all of its use of classical UDP to an > encrypted protocol such as QUIC, then maybe there still is a role for > UDP options. > > Mike Heard >
- [tsvwg] https://notes.ietf.org/notes-ietf-117-tsv… Sebastian Moeller
- Re: [tsvwg] https://notes.ietf.org/notes-ietf-117… C. M. Heard
- Re: [tsvwg] https://notes.ietf.org/notes-ietf-117… Tom Herbert
- Re: [tsvwg] https://notes.ietf.org/notes-ietf-117… C. M. Heard
- Re: [tsvwg] https://notes.ietf.org/notes-ietf-117… Tom Herbert