Re: [tsvwg] Regarding DTLS and UDP options
Joe Touch <touch@isi.edu> Mon, 17 April 2017 22:43 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 442C3126DD9 for <tsvwg@ietfa.amsl.com>; Mon, 17 Apr 2017 15:43:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_1VQUjmRFDK for <tsvwg@ietfa.amsl.com>; Mon, 17 Apr 2017 15:43:30 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEE761242F7 for <tsvwg@ietf.org>; Mon, 17 Apr 2017 15:43:30 -0700 (PDT)
Received: from [128.9.184.37] ([128.9.184.37]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id v3HMgp5K012774 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 17 Apr 2017 15:42:51 -0700 (PDT)
To: Tom Herbert <tom@herbertland.com>
References: <CACL_3VFeJs7KzG9Bchh15bfZ3CmaOPWcfisEreNoGYK5CsEJ+g@mail.gmail.com> <3a4a6b78-8146-de4c-6246-7bd09de44f1c@isi.edu> <CACL_3VFkr3mGe-yTbvHrTZcKVCpEv3FeSOyoShUxCK5+9Tdqqg@mail.gmail.com> <c79fe3d0-8567-ea7d-72fc-bd33732df60e@isi.edu> <CACL_3VHmoCSo23OWqQFq7upw749CqMK7iazXrBKZARzwbzY5mw@mail.gmail.com> <f97f08d4-0070-437a-e22a-8782497c76eb@isi.edu> <4e36af95-84c3-bc7e-b18a-614f8bfab662@isi.edu> <58F48403.8080302@erg.abdn.ac.uk> <a0f656e8-e847-db54-6046-2078364d428b@isi.edu> <CALx6S36HYHdbGoJHNb+mVY6reu9RLikLxDJqrPgwO9tF1EfSgQ@mail.gmail.com> <8b1829ba-4e8d-5ee1-e24c-f42962f47dde@isi.edu> <CALx6S36=7KbTtv9QNUBTg6gPYQQighsPD_+mWNc=wUQTX70VBQ@mail.gmail.com> <8378ae17-c023-25a2-76e7-07b858916849@isi.edu> <CALx6S35chiqMtqKa+zahfZnLZrQzfYUF7D9m0QGbkwFVpRwHag@mail.gmail.com> <bfc36611-6817-fbf9-a9c7-5bdde179b665@isi.edu> <CALx6S34qAh0mXGi8nuRtTiorf_1TE4V0NQ1QhqCcW0hmxOgc-Q@mail.gmail.com>
Cc: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>
From: Joe Touch <touch@isi.edu>
Message-ID: <8aa5b87d-62bb-eba5-5ef4-67d107cb10e0@isi.edu>
Date: Mon, 17 Apr 2017 15:42:50 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CALx6S34qAh0mXGi8nuRtTiorf_1TE4V0NQ1QhqCcW0hmxOgc-Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------12D70393AD2D8ED7862AF556"
X-MailScanner-ID: v3HMgp5K012774
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/7Q0T9jRB5U8qSD8lXrVMP6CdIX0>
Subject: Re: [tsvwg] Regarding DTLS and UDP options
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 22:43:32 -0000
On 4/17/2017 3:31 PM, Tom Herbert wrote: >> Do you use TCP options? >> >> How and why should these be different? >> > TCP options are pretty much required for operation of the TCP > protocol, You can run TCP with no options just fine - but not efficiently. > this is why they will never be ossified and why it's one of > the few methods of protocol extensibility that is viable on the > Internet. They are somewhat ossified in that there are offload devices and middleboxes that work only with known subsets of options. In some cases, those features have work-arounds when unknown or unsupported options are seen - but not always. > IP options on the other hand were never required for IP to > operate hence they were quickly ossified. I'm not sure you're using the term 'ossified' the way others do. For IPv4, options were not so much "turned to stone" as they were deprecated because fast-path processing never supported them. For IPv6, that's not as true because of the way the options are layered rather than tacked-on. > In this context, UDP options > are more like IP options since they are not required for use with UDP. Just like TCP, option support is determined by which options are activated and the semantics of the options and user (application) preferences. Whether they're required or not depends on the endpoint's decision of how they use the options. An endpoint could require particular options and backoff to TCP where the options are not supported, e.g., DNSSEC might require FRAG or backoff to TCP. > So there is a possibility that some vendors (e.g. a firewall) may just > decide that to start dropping packets or throwing packets that might > have them into a slow path similar to IP options. If something like > this is not consistently supported in the Internet, then applications > are unlikely to use it. I wish this wasn't reality and that the end to > end model was actually adhered to, but when writing Internet > applications we have to stick with what is known to work... ie. plain > TCP/IP or UDP/IP (where support for the latter is still a little shaky > since some network operators refer to think of UDP as nothing more > than a DOS vector). Certainly, but so far all we have evidence of are over-eager firewalls that incorrectly think that UDP packets whose transport portion are smaller than the IP payload are an error. That's just as incorrect as thinking that it's "safer" to drop all TCP packets that support MPTCP. So yes, like any extension, it works only where the Internet lets it. It can be useful where needed or preferred, but like any extension, there's always the possibility that some ignorant party will try to block it in the name of security. Again, not new and just like TCP. Joe
- [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Gorry Fairhurst
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Gorry Fairhurst
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- [tsvwg] Fwd: New Version Notification for draft-t… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- [tsvwg] summary of issues for draft-touch-tsvwg-u… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Gorry Fairhurst
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Gorry Fairhurst
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch