IETF Logo Mail Archive

Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32

Christian Huitema <huitema@huitema.net> Fri, 05 April 2024 00:29 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE89C16943D; Thu, 4 Apr 2024 17:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9fQJSZEfnSJ; Thu, 4 Apr 2024 17:29:42 -0700 (PDT)
Received: from semf10.mfg.siteprotect.com (semf10.mfg.siteprotect.com [64.26.60.173]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF1D7C14F71A; Thu, 4 Apr 2024 17:29:41 -0700 (PDT)
Received: from smtpauth02.mfg.siteprotect.com ([64.26.60.151]) by se03.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rsXSc-00FkOA-C6; Thu, 04 Apr 2024 20:29:40 -0400
Received: from [10.32.61.24] (unknown [192.0.32.236]) (Authenticated sender: huitema@huitema.net) by smtpauth02.mfg.siteprotect.com (Postfix) with ESMTPSA id 4V9fWJ5nglz2YQR6s; Thu, 4 Apr 2024 20:29:32 -0400 (EDT)
Message-ID: <fccb92b0-dbc8-4cb2-b49c-1f603297d721@huitema.net>
Date: Thu, 04 Apr 2024 17:29:31 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: "C. M. Heard" <heard@pobox.com>, Martin Duke <martin.h.duke@gmail.com>
Cc: tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
References: <CAM4esxSpwRF5E3Xc_hotgvCSdKVe4BY_zRUKAzHvW48JEtWqTA@mail.gmail.com> <CACL_3VGOLkJU1m7pqSXRRouCKwdQ6yrbmaPwoa22Jr-N3FZNzA@mail.gmail.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <CACL_3VGOLkJU1m7pqSXRRouCKwdQ6yrbmaPwoa22Jr-N3FZNzA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.151
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.12)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8NjsGdXj0pij7NUchFqf6yPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xsmtdiAZbZiuMCerytZwrUsm2kHQE0pv2Z/0ZsPzhu2Ch+ zH8b4v2E2dCX3k6PiSEfll2FcwXg4WjzKdSpGjx/5mdtfV1DGT077xKEhNQYWATpTHlbm45OdX4z HBiCTe+HNhAssEww+1GOm5NW3bVL0uklXEw37uMwN0/87jeHA96cClDr5rbq7mfj/+JnYyy5OST3 gDj4J/pDB5x0B8MstBqS6/Vc+4YcRF/Rxnx/lssqre6Cpw+p7LpxyTiCG8zn6xlkrUeNgeZTR+na wYvm4XaVrV1y/OxJrPBsLR4SqM4LKertIUqnHEGgX8tF1bXZ9949yd/tCAYklwN5Mt3Uwf3kcooy RQfkzRtXhjdarCmle6bopl7h4xRMuNefcG+OdCeFwl7HxXWzD4LbGoysBtnKSd5bzslnuN2kCVdB UAMOBg2jYvaKSKQgmZcD4Qkon0IOPImrAyS/oEkHaXO0t0DNtlpu9/j54C+9KfQPlvz9tyoItdVj g23JjFed/BGkIDJ+MiVFRiOp2cMOF3I6vCrJPmnnTHzVkpybMK7ZTfO83MGZM9yxqNV+rlDm96lR 7gKuJOz6hvTOYnc+46EeQT0AXwwsvAvW01FEshGioVR1gruAwvrd9pqGhId42dLq41h5otgwFqDg 6bESES9REaRwDlvWMdokrozkJaUgdZ9YFzT1MP46aI1upawtTMX7GP7eAJYRoHmIcSN9vpFUdShA zZ97jLQbQpsgcshpujY3z9GXDtvEGyObtNaoeg/tOmLDkpHZQxweu6xeuXIZDf9qIi0Jz54cZOrY KdJom3vcxPJLuQNTeiw7WVdFibgE4mVK/YyYYCK2tZM8Dmea5Gm/UcDvroHfiRor+KujpS+jHh+u RaRVCEl+I9CPX43PRHPIMdymRfcFVVbLx1yDctgzcDoFd+96Xw4QUNtTnb4IuvjcvZndftuT+KtN 2tLvy0Fsfcx0+H7eYIM6XY2DvH6sJqoNNMGJCPI+SNUYrcpQTeg1FsdCLj5jm+lJmfRKtg02PSF1 0EYn/h4Tm76S1SyyLyuCzamI6nc7Du1UwWu1/wl/f+Tjkn2bQ/A8pE4MozUpJ2c4IHBMmJHvDTuq LWrUPPb+2DvSSpHb/t8XEieXXDwkgwplHpWpDsMMUoA=
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/EfC7cM6wE-KksNsDYGTo9HKWXuU>
Subject: Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 00:29:47 -0000


On 4/4/2024 2:22 PM, C. M. Heard wrote:
> On Tue, Apr 2, 2024 at 2:23 PM Martin Duke wrote:
> 
>     ...
> 
>     - I appreciate the work to make this an end-to-end signal, and that
>     UDP has pre-existing limitations in this regard. I also think the
>     use cases are probably valuable.
> 
>     But in 2024, if we want to make rules about what the network can and
>     can't do, we enforce it with encryption and authentication. I
>     recognize that these were originally in the draft, and were removed
>     for very good reasons. But I'm also worried that, if successful:
>     - This will attract "helpful" middlebox functions like MSS clamping.
>     - This is an attractive nuisance for various path signaling schemes.
>     They are going to come here because other avenues (DSCP, IPv6
>     Extension Headers) have been blocked. And that eventually UDP
>     options will be blocked for the same reason that those were blocked.
>     I suppose that enough fortitude in TSVWG can forestall this
>     happening. Personally, I would strongly encourage these efforts to
>     use encapsulation, or any other mechanism, to avoid compromise of
>     the E2E channel you are building here.
>     - To the extent that new options are "opt-in" by the endpoint, I'm
>     fine with it. But if we reach a point where identifying signals are
>     required by the network to participate, that's not so great. I'm not
>     sure that this architecture has much in the way of safeguards to
>     prevent that outcome.
> 
>     This isn't really actionable because I genuinely don't know what to
>     do, and luckily for me, I don't have to decide anymore. But I ask
>     the proponents and the working group to reflect on this a bit more.
>     And we should consciously decide, as a community, if path signaling
>     over UDP is a thing we support or not.
> 
> 
> TSVWG went over this ground, to some extent at least, during the initial 
> discussions of the initial versions of draft-reddy-tsvwg-explcit-signal 
> (now expired) and draft-kaippallimalil-tsvwg-media-hdr-wireless (still 
> active). After several threads in which the merits of using UDP options 
> for host-to-network signaling was discussed (see, e.g., Challenges for 
> host to network signaling via UDP Options 
> <https://mailarchive.ietf.org/arch/msg/tsvwg/SpcVd6EB1Zi6FUhhyn2-o6nxuq4/> and other messages in that thread), I think most in the WG came around to the position of *_not_* wanting to see UDP options used for host-to-network signaling, The chairs are, or course, the folks who can make authoritative statements, but that was my impression, at least. The current version of draft-kaippallimalil-tsvwg-media-hdr-wireless does propose to use UDP options for signaling, but as part of a tunnel encapsulation arrangement, which does not conflict with the desired E2E nature of UDP options.

I think that the WG is well meaning, but as Martin says, this is 2024. 
Just saying that a protocol is mean to be end-to-end is no guarantee 
that it will not actually be used and abused by intermediaries. After 
all, the TCP headers are clearly end-to-end similar intermediaries have 
been abusing TCP headers for a long time. Intentions are nice, but in 
2024 if the protocol does not enforce its end to end nature then it is 
not end-to-end.

In the absence of features like end-to-end encryption or, at a minimum, 
end-to-end cryptographic checksums, this protocol is open to 
intermediaries, even if the intent was end-to-end.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email