IETF Logo Mail Archive

Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-31.txt

Tom Herbert <tom@herbertland.com> Wed, 06 March 2024 16:18 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0452FC14F5F6 for <tsvwg@ietfa.amsl.com>; Wed, 6 Mar 2024 08:18:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3mvu5N6Zd8H for <tsvwg@ietfa.amsl.com>; Wed, 6 Mar 2024 08:18:29 -0800 (PST)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46E23C14F5E6 for <tsvwg@ietf.org>; Wed, 6 Mar 2024 08:18:29 -0800 (PST)
Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-565d1656c12so1943745a12.1 for <tsvwg@ietf.org>; Wed, 06 Mar 2024 08:18:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1709741907; x=1710346707; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=YoH+rknSuWOadnY8SnLlyATzsTf+mLHjoLWO1T7cgAs=; b=H4CXSbyOFp2BGcW/VfTSRD8rbPJLnhjFDbe7oyhyOmkCu0BFIkooExCF2RXVwHYbiS 0G45TNxvBcZJn7xfgwnrSgXU0VldI0E+b5dEufP/Cn+keyPkSii/GWeDmDgnn/pqiFSY 9F3qXPeXQztsxy8fG1k9pmRJ840q0fXoi81TmE49pwE2iGAe5W1B6s/WuhC0J5T9G5oC 4I7rE4bWsMIq3Y2t8ex9L31R2+/sGDx0NqUtx3OqYoRNj5VjyIWJUBMiA0C/+jFNl14d 7vcn/pgly7cLPHewLXF4xJEsL+3kp3Hq1SJUP71BGfZM1sgfCjf/04fSp9sefU/ZnwEp 5UsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709741907; x=1710346707; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YoH+rknSuWOadnY8SnLlyATzsTf+mLHjoLWO1T7cgAs=; b=u8mXOzKbsGrPBka9kWuf9DxOiFtN7oYbcnJRoeYhz6NZiU/uKvYpCimFmGCt+8La1q FaFLQqEyX2HqTkeDGkrjIPmWHAmSwizGUYx8FZPc2d2lKtSBMijmComCG9uRQBKfKnMd Y3/OB851I1xvexTRQIqSszXcQFossiGkvcGLBrrjPtkhHv1iL6GCxM/yxNMsxQtNNmKt CNHpOsE8FdsCgqmbJ4Uvl6tdVclo+e/WPjzYgtINpN01g85YbqxkxZRUNYcmRCmaGVUR yQyK08MMaWhDgBrGamtEia1Gv19IBDJ487qZP51gG9RGntZD+H8bLHCjbkaJKZkU64lt rQRA==
X-Forwarded-Encrypted: i=1; AJvYcCVEOQI9dLr0Vvrk26E6h4nbNBNW67PMZvpd07i7i5tfR7ILR5kYwUZ9vorbjBEjaYOMHewsqHt2RB//uDQmng==
X-Gm-Message-State: AOJu0YyWpkAG+aUuXVTblXUBlBcOA7H6rLyHP+G/r/zGRiVlA+1KjRK+ x6/roTp/RkScMIfpmJy/AMWoqW7X1F+ZkShBAONIr1ZMxCKH7ifqrE9Fmmi+5o4YV6Y6IkAFD9m 2AzuzjSTdU/yeUEeuIAqoNDHRjOe3Fv3mvCmoJlZ4Z5E1w0W/1g==
X-Google-Smtp-Source: AGHT+IG8rnvEkDjpumbDrH1b2ydIIDIR6FopnQKHPMPffwgAS8KzoGq+mJKVUNlC2VBEs1viquB0ZS/1yDsnmza3Vl0=
X-Received: by 2002:a05:6402:222a:b0:567:1bf4:a189 with SMTP id cr10-20020a056402222a00b005671bf4a189mr5797386edb.13.1709741907304; Wed, 06 Mar 2024 08:18:27 -0800 (PST)
MIME-Version: 1.0
References: <CALx6S37S61eKrPTefdBTKfw=BoV31_C4nwadP+QxrctfduF0iw@mail.gmail.com> <E82B3F27-CD79-4ED0-9FE6-27CAAB8E41AE@erg.abdn.ac.uk>
In-Reply-To: <E82B3F27-CD79-4ED0-9FE6-27CAAB8E41AE@erg.abdn.ac.uk>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 06 Mar 2024 08:18:30 -0800
Message-ID: <CALx6S360sPwOxkAiqxtJquZ=H8fJW6BTf5wmgdwxy85xZSb0Tw@mail.gmail.com>
To: "Gorry (erg)" <gorry@erg.abdn.ac.uk>
Cc: "C. M. Heard" <heard@pobox.com>, TSVWG <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/ECy5grh5NdO3j2t0UjHabS6Rd58>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-31.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 16:18:34 -0000

On Wed, Mar 6, 2024 at 1:10 AM Gorry (erg) <gorry@erg.abdn.ac.uk> wrote:
>
> See below
>
> On 6 Mar 2024, at 05:38, Tom Herbert <tom=40herbertland.com@dmarc.ietf.org> wrote:
>
> 
>
>
> On Tue, Mar 5, 2024, 8:22 PM C. M. Heard <heard@pobox.com> wrote:
>>
>> On Tue, Mar 5, 2024 at 5:57 PM Tom Herbert wrote:
>> > I don't understand the intent of this new text:
>> >
>> > "Another reason is because APC may fail even where the user data has
>> > not been corrupted, such as when its contents have been overwritten.
>> > Such overwrites could be intentional and not widely known; defaulting
>> > to silent ignore ensures that option-aware endpoints do not change how
>> > users or applications operate unless explicitly directed to do
>> > otherwise."
>>
>> I had a similar question and commented on that when closing Issue #25.
>>
>> See https://github.com/tsvwg/draft-ietf-tsvwg-udp-options/issues/25#issuecomment-1977823570
>> and https://github.com/tsvwg/draft-ietf-tsvwg-udp-options/issues/25#issuecomment-1977982512
>>
>> The gist is that middleboxes have been known to overwrite embedded IP
>> addresses and ports. In that case the middlebox could reasonably be
>> expected to update the UDP checksum, but an implementation that predates
>> the specification of APC could not be expected to update it. I see that
>> a clarification is forthcoming in -32, but we are now past the I-D
>> submission cutoff date, so it won't appear for a couple of weeks.
>>
>> > I am not familiar with any IETF protocol that allows UDP payload to be
>> > updated in flight. In fact, RFC7605 states that UDP port numbers
>> > cannot be correctly interpreted in the network, so there is no way to
>> > implement a robust protocol that changes UDP payload inflight. Because
>> > of this, an intermediate node that is overwriting the UDP payload *is*
>> > in fact corrupting the UDP payload. So this new provision is seemingly
>> > accommodating this non-standard, potentially harmful behavior as the
>> > default.
>>
>> There are middleboxes that are known to rewrite the embedded IP
>> addresses in FTP. That's not endorsed by any standard, but it's
>> a fact of life that we live with. And I see that Dan Wing has named
>> some UDP-based protocols that do this, too.
>
>
> If that's the case, wouldn't it be easier to just advise the developers of these handful of protocols like TFTP to not send APC, instead of making it the default for all receivers to ignore APC on the off chance that they might hit one legitimate case in all their traffic?
>
> Tom
>
>>
>> Mike Heard
>
>
> My suggestion is that we do not need to add a new UDP requirement, but to say something like:
>
> Section 3.4 of RFC 8085 advises developers to use additional payload protection when “  where data integrity is important”.

Gorry, that advice is in regards to the UDP checksum being a weak
algorithm. RFC6936 has similar advice when the UDP checksum is set to
zero for UDP6 tunnels:

"If a tunnel transports other inner payloads that do not use IP, the
assumptions of corruption detection for that particular protocol must
be fulfilled.  This may
 require an additional checksum/CRC and/or integrity protection of the
payload and tunnel headers."

The implication is that we can use an alternate CRC when the UDP
checksum is either not used or considered too weak. I think it's also
implied that any alternate to UDP checksum would need meet the same
salient requirements as UDP checksum which are:

1) Use of the checksum or CRC is optional only by the sender not the
receiver. From RFC1122: "Unlike the TCP checksum, the UDP checksum is
optional; the value zero is transmitted in the checksum field of a UDP
header to indicate the absence of a checksum."
2) If a checksum or CRC is received then the receiver MUST either
validate that it is correct or drop the packet: From RFC1122 "If a UDP
datagram is received with a checksum that is non-zero and invalid, UDP
MUST silently discard the datagram."

APC as defined does not meet either of these requirements. It can be
ignored by the receiver and packets with a bad APC can be received all
the way to the application. Even if the APC is known to be bad, the
draft doesn't require the data to be dropped neither as a MUST or a
SHOULD; from the draft:  "UDP packets with incorrect APC checksums
MUST be passed to the application by default, e.g., with a flag
indicating APC failure."

IMO, APC doesn't meet the requirements to be an alternative to the UDP
checksum per the requirements of RFC8085 and RFC1122.

Tom


>
> The APC option can be used to provide this by applications  enabling this at the sender and also requiring the presence of a valid APC crc at the receiver.
>
> Gorry (as a WG member, not a chair)

v2.23.0 | Report a Bug | By Email