IETF Logo Mail Archive

Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22

"touch@strayalpha.com" <touch@strayalpha.com> Mon, 19 June 2023 20:28 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18FC7C151061 for <tsvwg@ietfa.amsl.com>; Mon, 19 Jun 2023 13:28:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.316
X-Spam-Level:
X-Spam-Status: No, score=-1.316 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2huu_QWgfGgD for <tsvwg@ietfa.amsl.com>; Mon, 19 Jun 2023 13:28:48 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E705CC14CE38 for <tsvwg@ietf.org>; Mon, 19 Jun 2023 13:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2BMVHjxU5xJla79u2aHfLvUXACcSrH+CYdYNCM38XBY=; b=Fh/clgs3SizvUhBomGls0o9/n1 /inrtEFLknJBZepIUfk+NM6WkRoOO+kp+sJ7IifleIwx6DFZiTbANHEieneYTX0cSJULIMc6dlcNF kWjkwrO3hbF0hP3+2OkYStQ/bUX9qLIEJmA1altS/oeWrVcRn4VE7swP7Hz6qgBPCw9O9Nfsz0HmN A2PnsZmMVP7lJZ80n7zuUyo844sYjqcxLaJPqY2X4d3/PX11VdYlmDvTU5WYbbx8JDcuxCRLefz60 RBPNlHhtic8lBu/gD8u2MoqJ6wsu7EQGKvqt6nwqKfslcpFmh1LPYeHK3+RJjIp3I7Ks9NV9+XJ23 5GDajx9A==;
Received: from [172.58.209.100] (port=7873 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1qBLUQ-00HPPU-4q; Mon, 19 Jun 2023 16:28:47 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_9A7E7FEF-1309-4BB9-8829-88AEE55765F6"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com>
Date: Mon, 19 Jun 2023 13:28:29 -0700
Cc: TSVWG <tsvwg@ietf.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-Id: <912712ED-49E6-43F6-88C8-3554661DECDC@strayalpha.com>
References: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/CnPYSXjPPmLtNkBtjJ4BSgMX2Ck>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2023 20:28:53 -0000

Hi, Mike,

Thanks for the detailed feedback and thanks for catching some of the pending issues. I do have them still listed as pending, FWIW, and was focusing on the higher level issues first.

Taking things individually below.

Joe

—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

> On Jun 18, 2023, at 4:13 PM, C. M. Heard <heard@pobox.com> wrote:
> 
> On Mon, May 22, 2023 at 6:21 AM Gorry Fairhurst wrote:
> > I have just read version 20, and I have some questions as a working
> > group member. I hope this helps.
> [ ... ]
> >
> > 12. "Values should "increase" (allowing for rollover) according to a
> >        typical 'tick' time"
> > - explain rollover in terms of the modulo the field size?
> 
> and in draft-ietf-tsvwg-udp-options-22 Section 9.8 we now see:
> 
>    o  Values should "increase" (allowing for rollover, i.e., modulo the
>       field size) according to a typical 'tick' time
> 
> where "modulo the field size" is new text. But later on (in text that
> has been around for several versions) we see:
> 
>    Rollover can be handled as a special case or more completely using
>    sequence number extension [RFC9187], however zero values need to be
>    avoided explicitly.
> 
>    >> TIME values MUST NOT use zeros as valid time values, because they
>    are used as indicators of requests and responses.
> 
> Since the value zero is not a value time value, it is incorrect to say
> that values should increment modulo the field size,

Agreed. It would be "modulo the field size excepting zero”, where all 1’s rolls over to 00000…

> i.e., modulo 2^32.
> At most they can increment modulo 2^32 - 1. In fact, though, if time
> values are incremented modulo 2^32 - 1, using output values in the range
> 1 through 2^31-1, what you have is nothing more than conventional ones
> complement arithmetic,

One’s compliment is signed; this is unsigned. We never have a timestamp that indicates negative time.

> ...
> =======================================================================
> In draft-ietf-tsvwg-udp-options-22 Section 9.1 we see
> 
>    >> Bytes after EOL in the surplus area MAY be checked as being zero
>    on receipt, but MUST be treated as zero regardless of their content
>    and are not passed to the user (e.g., as part of the surplus area).
> 
> Do the words "MUST be treated as zero regardless of their content" mean
> that an implementation that does not verify that bytes after EOL are in
> fact equal to zero have to exclude them from the OCS validation? Doing
> so would not play well checksum offload (see
> https://mailarchive.ietf.org/arch/msg/tsvwg/9_1YWp-TApI9mcCuia8U6jfCwTA/).
> 
> I therefore propose this replacement text:
> 
>    >> Bytes after EOL in the surplus area MAY be checked as being zero
>    on receipt but MUST NOT otherwise be processed (except for OCS
>    calculation) or passed to the user.

Agreed. Will fix.

> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
> =======================================================================
> In draft-ietf-tsvwg-udp-options-22 Section 9.4 we see:
> 
>    >> Similar to IPv6 reassembly [RFC8200], if any of the fragments
>    being reassembled overlap with any other fragments being reassembled
>    for the same UDP packet, reassembly of that UDP packet MUST be
>    abandoned and all the fragments that have been received for that UDP
>    packet must be discarded, and no ICMP error messages should be sent
>    in this case (to avoid a potential DOS attack turning into an ICMP
>    storm in the reverse direction).
> 
> and
> 
>    >> UDP reassembly expiration MAY generate an ICMP error, but this
>    MUST NOT use the existing IP reassembly timeout error type and code.
> 
>    [TBD: ?? Should we define a new code for this purpose?]
> 
> In my opinion, any mention of sending ICMP errors for UDP reassembly
> failures is totally out of place, and all mention of this should be
> removed from Section 9.4. Sending ICMP messages is a function of the
> IP layer, not of the UDP layer (or any other transport layer).

ICMP destination port unreachable errors are transport protocol issues. Both these port errors and UDP reassembly prevent useful transport responses.

> My apologies for not commenting on this when it first showed up in -14.
> =======================================================================
> In draft-ietf-tsvwg-udp-options-22 Section 12 we see:
> 
>            if the UDP checksum passes or is zero then
>                if ((OCS != 0 and fails or OCS == 0) and UDP CS != 0)
>                or ((OCS != 0 and passes) and UDP CS == 0) then
>                    deliver the UDP user data but ignore other options
>                    (this is required to emulate legacy behavior)
>                if OCS != 0 and passes or OCS == 0 when UDP CS != 0 then
>                    deliver the UDP user data after parsing
>                    and processing the rest of the options,
>                    regardless of whether each is supported or succeeds
>                    (again, this is required to emulate legacy behavior)
> 
> Corrected:
> 
>            if the UDP checksum passes or is zero then
>                if OCS != 0 and fails or OCS == 0 when UDP CS != 0 then
>                    deliver the UDP user data but ignore other options
>                    (this is required to emulate legacy behavior)
>                if OCS != 0 and passes or OCS == 0 when UDP CS == 0 then
>                    deliver the UDP user data after parsing
>                    and processing the rest of the options,
>                    regardless of whether each is supported or succeeds
>                    (again, this is required to emulate legacy behavior)

When UDPCS==0, OCS MAY be 0; there’s no MUST, That’s why the first version is needed.

> 
> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
> =======================================================================
> In draft-ietf-tsvwg-udp-options-22 Section 22, 2nd paragraph, we see:
> 
>    Note that any user application that considers UDP options to affect
>    security need not enable them. However, their use does not impact
>    security in a way substantially different than UDP options; both
>    enable the use of a control channel that has the potential for
>    abuse. Similar to TCP, there are many options that, if unprotected,
>    could be used by an attacker to interfere with communication.
> 
> The phrase "substantially different than UDP options" should be changed
> to "substantially different than TCP options."
> 
> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
> =======================================================================
> In draft-ietf-tsvwg-udp-options-22 Section 22, 3rd paragraph, we see:
> 
>    UDP options create new potential opportunities for DDOS attacks,
>    notably through the use of fragmentation. Except when enabled, UDP
>    options cause no additional work at the receiver. At most, the
>    required options (if enabled) result in a responding option in the
>    next transmitted packet, but no options (including ECHO) ever
>    initiate UDP responses in the absence of user transmission.
> 
> Corrected:
> 
>    UDP options create new potential opportunities for DDOS attacks,
>    notably through the use of fragmentation. When enabled, UDP options
>    may cause some additional work at the receiver; however, of the
>    must-support options, only REQ (when used on a DLPMTUD probe [Fa22])
>    will initiate a UDP response in the absence of a user transmission.

Fa23 leaves it up to the endpoint as to whether it responds in the absence of user transmission AND it limits that to 1 per second. I’ll add that to the next update.

> 
> Note that [Fa22] needs to be updated to [Fa23].

Will do.

> 
> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
> =======================================================================
> 
> The unaddressed comments mentioned above can be found in
> https://mailarchive.ietf.org/arch/msg/tsvwg/aGOHvmGfSTRs4ATgEEpqHrWAln4/.
> 
> I also commented there on the need to replace turn [To18]
> (draft-touch-tcp-ao-encrypt) by a stable, normative reference, but I
> won't belabor that, since it's part of a larger ongoing discussion.

As you note, that is a pending issue.

> 
> Thanks and regards,
> 
> Mike Heard

v2.23.0 | Report a Bug | By Email