Re: [tsvwg] Regarding DTLS and UDP options

[Tom Herbert <tom@herbertland.com>]

On Mon, Apr 17, 2017 at 1:34 PM, Joe Touch <touch@isi.edu> wrote:
>
>
> On 4/17/2017 1:29 PM, Tom Herbert wrote:
>> On Mon, Apr 17, 2017 at 12:11 PM, Joe Touch <touch@isi.edu> wrote:
>>> FYI - draft 08 has just been uploaded to address this issue in the
>>> security considerations section.
>>>
>>> I would like to ask that the chairs to ask the WG to consider adopting
>>> this as a standards track doc.
>>>
>> Joe,
>>
>> The draft lists intended status as experimental, but above you're
>> asking for adoption for standard track?
>
> That's correct.
>
>> I would be worried about
>> making this standard if it retroactively defines all cases where IP
>> length is greater than UDP length as now containing UDP options.
>
> It does exactly that, but has checksums to validate when that happens.
>
>>
>> One thing that might be missing from the draft is middle box handling.
> This is already discussed extensively in the document, including in
> response to previous TSVWG discussion. That's why we now default to
> using the OCS and a length validation. Do you have specific concerns?
>
>> I suspect your intent is that options are meant only for end to end
>> consumption
>
> That's frankly true of all transport options, not just these in UDP.
>
>> and so middleboxes must pass packets with UDP options,
>> should not attempt to parse the UDP options, and must not modify
>> options.
> We already addressed that in the doc.

I'm sorry, which section is this info in?

Thanks,
Tom

>
> Joe
>
>>
>> Tom
>>
>>> Joe
>>>
>>> A new version of I-D, draft-touch-tsvwg-udp-options-08.txt
>>> has been successfully submitted by Joe Touch and posted to the
>>> IETF repository.
>>>
>>> Name:           draft-touch-tsvwg-udp-options
>>> Revision:       08
>>> Title:          Transport Options for UDP
>>> Document date:  2017-04-17
>>> Group:          Individual Submission
>>> Pages:          25
>>> URL:            https://www.ietf.org/internet-drafts/draft-touch-tsvwg-udp-options-08.txt
>>> Status:         https://datatracker.ietf.org/doc/draft-touch-tsvwg-udp-options/
>>> Htmlized:       https://tools.ietf.org/html/draft-touch-tsvwg-udp-options-08
>>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-touch-tsvwg-udp-options-08
>>> Diff:           https://www.ietf.org/rfcdiff?url2=draft-touch-tsvwg-udp-options-08
>>>
>>>
>>> On 4/17/2017 1:59 AM, Gorry Fairhurst wrote:
>>>> Thanks Joe,
>>>>
>>>> That seems to be exactly the question the WG asked to explore. I agree
>>>> your next update should add a small susbsection on how DTLS should be
>>>> handled.
>>>>
>>>> Gorry
>>>>
>>>> On 15/04/2017, 00:56, Joe Touch wrote:
>>>>> Hi, all,
>>>>>
>>>>> Christian Huitema a question about the interaction between DTLS and UDP
>>>>> options during my remote presentation at IETF 98.
>>>>>
>>>>> I took a closer look and consulted with Eric Rescorla (DTLS author). He
>>>>> and I agreed as follows:
>>>>> - DTLS would currently not cover UDP options; DTLS protects only the UDP
>>>>> payload
>>>>> - the situation is analogous to TCP options, which are not covered by
>>>>> TLS
>>>>> I.e., both TLS and DTLS are transport *payload* security only, despite
>>>>> their names.
>>>>>
>>>>> Christian noted that this may be a reason QUIC prefers UDP (to avoid the
>>>>> need to protection transport options), however QUIC does not (and
>>>>> cannot) deprecate UDP payloads that are smaller than the IP payload.
>>>>> That would require a change to RFC 768.
>>>>>
>>>>> I'll add a clarification on this point to the next rev of the UDP
>>>>> options document.
>>>>>
>>>>> Joe
>