Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22
"touch@strayalpha.com" <touch@strayalpha.com> Mon, 19 June 2023 20:28 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18FC7C151061 for <tsvwg@ietfa.amsl.com>; Mon, 19 Jun 2023 13:28:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.316
X-Spam-Level:
X-Spam-Status: No, score=-1.316 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2huu_QWgfGgD for <tsvwg@ietfa.amsl.com>; Mon, 19 Jun 2023 13:28:48 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E705CC14CE38 for <tsvwg@ietf.org>; Mon, 19 Jun 2023 13:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2BMVHjxU5xJla79u2aHfLvUXACcSrH+CYdYNCM38XBY=; b=Fh/clgs3SizvUhBomGls0o9/n1 /inrtEFLknJBZepIUfk+NM6WkRoOO+kp+sJ7IifleIwx6DFZiTbANHEieneYTX0cSJULIMc6dlcNF kWjkwrO3hbF0hP3+2OkYStQ/bUX9qLIEJmA1altS/oeWrVcRn4VE7swP7Hz6qgBPCw9O9Nfsz0HmN A2PnsZmMVP7lJZ80n7zuUyo844sYjqcxLaJPqY2X4d3/PX11VdYlmDvTU5WYbbx8JDcuxCRLefz60 RBPNlHhtic8lBu/gD8u2MoqJ6wsu7EQGKvqt6nwqKfslcpFmh1LPYeHK3+RJjIp3I7Ks9NV9+XJ23 5GDajx9A==;
Received: from [172.58.209.100] (port=7873 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1qBLUQ-00HPPU-4q; Mon, 19 Jun 2023 16:28:47 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_9A7E7FEF-1309-4BB9-8829-88AEE55765F6"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com>
Date: Mon, 19 Jun 2023 13:28:29 -0700
Cc: TSVWG <tsvwg@ietf.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-Id: <912712ED-49E6-43F6-88C8-3554661DECDC@strayalpha.com>
References: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/CnPYSXjPPmLtNkBtjJ4BSgMX2Ck>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2023 20:28:53 -0000
Hi, Mike, Thanks for the detailed feedback and thanks for catching some of the pending issues. I do have them still listed as pending, FWIW, and was focusing on the higher level issues first. Taking things individually below. Joe — Dr. Joe Touch, temporal epistemologist www.strayalpha.com > On Jun 18, 2023, at 4:13 PM, C. M. Heard <heard@pobox.com> wrote: > > On Mon, May 22, 2023 at 6:21 AM Gorry Fairhurst wrote: > > I have just read version 20, and I have some questions as a working > > group member. I hope this helps. > [ ... ] > > > > 12. "Values should "increase" (allowing for rollover) according to a > > typical 'tick' time" > > - explain rollover in terms of the modulo the field size? > > and in draft-ietf-tsvwg-udp-options-22 Section 9.8 we now see: > > o Values should "increase" (allowing for rollover, i.e., modulo the > field size) according to a typical 'tick' time > > where "modulo the field size" is new text. But later on (in text that > has been around for several versions) we see: > > Rollover can be handled as a special case or more completely using > sequence number extension [RFC9187], however zero values need to be > avoided explicitly. > > >> TIME values MUST NOT use zeros as valid time values, because they > are used as indicators of requests and responses. > > Since the value zero is not a value time value, it is incorrect to say > that values should increment modulo the field size, Agreed. It would be "modulo the field size excepting zero”, where all 1’s rolls over to 00000… > i.e., modulo 2^32. > At most they can increment modulo 2^32 - 1. In fact, though, if time > values are incremented modulo 2^32 - 1, using output values in the range > 1 through 2^31-1, what you have is nothing more than conventional ones > complement arithmetic, One’s compliment is signed; this is unsigned. We never have a timestamp that indicates negative time. > ... > ======================================================================= > In draft-ietf-tsvwg-udp-options-22 Section 9.1 we see > > >> Bytes after EOL in the surplus area MAY be checked as being zero > on receipt, but MUST be treated as zero regardless of their content > and are not passed to the user (e.g., as part of the surplus area). > > Do the words "MUST be treated as zero regardless of their content" mean > that an implementation that does not verify that bytes after EOL are in > fact equal to zero have to exclude them from the OCS validation? Doing > so would not play well checksum offload (see > https://mailarchive.ietf.org/arch/msg/tsvwg/9_1YWp-TApI9mcCuia8U6jfCwTA/). > > I therefore propose this replacement text: > > >> Bytes after EOL in the surplus area MAY be checked as being zero > on receipt but MUST NOT otherwise be processed (except for OCS > calculation) or passed to the user. Agreed. Will fix. > This comment was made originally against -19 on 27-Jan-2023 but was not addressed. > ======================================================================= > In draft-ietf-tsvwg-udp-options-22 Section 9.4 we see: > > >> Similar to IPv6 reassembly [RFC8200], if any of the fragments > being reassembled overlap with any other fragments being reassembled > for the same UDP packet, reassembly of that UDP packet MUST be > abandoned and all the fragments that have been received for that UDP > packet must be discarded, and no ICMP error messages should be sent > in this case (to avoid a potential DOS attack turning into an ICMP > storm in the reverse direction). > > and > > >> UDP reassembly expiration MAY generate an ICMP error, but this > MUST NOT use the existing IP reassembly timeout error type and code. > > [TBD: ?? Should we define a new code for this purpose?] > > In my opinion, any mention of sending ICMP errors for UDP reassembly > failures is totally out of place, and all mention of this should be > removed from Section 9.4. Sending ICMP messages is a function of the > IP layer, not of the UDP layer (or any other transport layer). ICMP destination port unreachable errors are transport protocol issues. Both these port errors and UDP reassembly prevent useful transport responses. > My apologies for not commenting on this when it first showed up in -14. > ======================================================================= > In draft-ietf-tsvwg-udp-options-22 Section 12 we see: > > if the UDP checksum passes or is zero then > if ((OCS != 0 and fails or OCS == 0) and UDP CS != 0) > or ((OCS != 0 and passes) and UDP CS == 0) then > deliver the UDP user data but ignore other options > (this is required to emulate legacy behavior) > if OCS != 0 and passes or OCS == 0 when UDP CS != 0 then > deliver the UDP user data after parsing > and processing the rest of the options, > regardless of whether each is supported or succeeds > (again, this is required to emulate legacy behavior) > > Corrected: > > if the UDP checksum passes or is zero then > if OCS != 0 and fails or OCS == 0 when UDP CS != 0 then > deliver the UDP user data but ignore other options > (this is required to emulate legacy behavior) > if OCS != 0 and passes or OCS == 0 when UDP CS == 0 then > deliver the UDP user data after parsing > and processing the rest of the options, > regardless of whether each is supported or succeeds > (again, this is required to emulate legacy behavior) When UDPCS==0, OCS MAY be 0; there’s no MUST, That’s why the first version is needed. > > This comment was made originally against -19 on 27-Jan-2023 but was not addressed. > ======================================================================= > In draft-ietf-tsvwg-udp-options-22 Section 22, 2nd paragraph, we see: > > Note that any user application that considers UDP options to affect > security need not enable them. However, their use does not impact > security in a way substantially different than UDP options; both > enable the use of a control channel that has the potential for > abuse. Similar to TCP, there are many options that, if unprotected, > could be used by an attacker to interfere with communication. > > The phrase "substantially different than UDP options" should be changed > to "substantially different than TCP options." > > This comment was made originally against -19 on 27-Jan-2023 but was not addressed. > ======================================================================= > In draft-ietf-tsvwg-udp-options-22 Section 22, 3rd paragraph, we see: > > UDP options create new potential opportunities for DDOS attacks, > notably through the use of fragmentation. Except when enabled, UDP > options cause no additional work at the receiver. At most, the > required options (if enabled) result in a responding option in the > next transmitted packet, but no options (including ECHO) ever > initiate UDP responses in the absence of user transmission. > > Corrected: > > UDP options create new potential opportunities for DDOS attacks, > notably through the use of fragmentation. When enabled, UDP options > may cause some additional work at the receiver; however, of the > must-support options, only REQ (when used on a DLPMTUD probe [Fa22]) > will initiate a UDP response in the absence of a user transmission. Fa23 leaves it up to the endpoint as to whether it responds in the absence of user transmission AND it limits that to 1 per second. I’ll add that to the next update. > > Note that [Fa22] needs to be updated to [Fa23]. Will do. > > This comment was made originally against -19 on 27-Jan-2023 but was not addressed. > ======================================================================= > > The unaddressed comments mentioned above can be found in > https://mailarchive.ietf.org/arch/msg/tsvwg/aGOHvmGfSTRs4ATgEEpqHrWAln4/. > > I also commented there on the need to replace turn [To18] > (draft-touch-tcp-ao-encrypt) by a stable, normative reference, but I > won't belabor that, since it's part of a larger ongoing discussion. As you note, that is a pending issue. > > Thanks and regards, > > Mike Heard
- [tsvwg] Comments on draft-ietf-tsvwg-udp-options-… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- [tsvwg] Comments on draft-ietf-tsvwg-udp-options-… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- [tsvwg] Remaining issues for draft-ietf-tsvwg-udp… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Sebastian Moeller
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Sebastian Moeller
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Christian Huitema
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard