Re: [tsvwg] UDP source ports for HTTP/3 and QUIC

"Rodney W. Grimes" <ietf@gndrsh.dnsmgr.net> Tue, 20 July 2021 14:10 UTC

Return-Path: <ietf@gndrsh.dnsmgr.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E28923A242F for <tsvwg@ietfa.amsl.com>; Tue, 20 Jul 2021 07:10:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNJIXb61JK-Q for <tsvwg@ietfa.amsl.com>; Tue, 20 Jul 2021 07:10:26 -0700 (PDT)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D0EB3A242C for <tsvwg@ietf.org>; Tue, 20 Jul 2021 07:10:26 -0700 (PDT)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 16KEAOWv087619; Tue, 20 Jul 2021 07:10:24 -0700 (PDT) (envelope-from ietf@gndrsh.dnsmgr.net)
Received: (from ietf@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 16KEAMKv087618; Tue, 20 Jul 2021 07:10:22 -0700 (PDT) (envelope-from ietf)
From: "Rodney W. Grimes" <ietf@gndrsh.dnsmgr.net>
Message-Id: <202107201410.16KEAMKv087618@gndrsh.dnsmgr.net>
In-Reply-To: <8235BE77-7849-49A3-A709-EB32EB039982@strayalpha.com>
To: Joseph Touch <touch@strayalpha.com>
Date: Tue, 20 Jul 2021 07:10:22 -0700 (PDT)
CC: Mark Nottingham <mnot@mnot.net>, tsvwg@ietf.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/MR8jn7LCPfZJe8UKDpPaEGIMmA8>
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 14:10:33 -0000

Hello Joe, Mark, etc,

  I have to support Joe's possition here, there have never been
this restriction placed on source address ports by the IETF or IANA,
even though most implementations do impose them.

  It would, in my opinion, be a mistake to try and impose this now.

Regards,
Rod Grimes

> Hi, Mark,
> 
> > On Jul 19, 2021, at 8:43 PM, Mark Nottingham <mnot@mnot.net> wrote:
> > 
> > Hi Joe,
> > 
> >> On 20 Jul 2021, at 1:15 pm, Joseph Touch <touch@strayalpha.com> wrote:
> >> 
> >> Hi, Mark,
> >> 
> >> All ports are permitted as *source* ports. They are not assigned by IANA nor do any have special meaning, AFAICT.
> >> 
> >> Port values have meaning most specifically in socket pairs; they are assigned/reserved by IANA and have meaning for a RFC793-style socket ONLY when there is a corresponding RFC793-style listen listen that allows the source port to float AND when there is no more specific binding to a socket pair.
> > 
> > And yet, we have text like this in RFC5905:
> > 
> >> dstport: UDP port number of the client, ordinarily the NTP port
> >   number PORT (123) assigned by the IANA.  This becomes the source port
> >   number in packets sent from this association.
> 
> This is consistent with my definition above. See notably the definition for srcport, which is 123 only in symmetric mode (which makes sense - both sides can receive requests).
> 
> > and this in RFC6762:
> > 
> >> A compliant Multicast DNS querier, which implements the rules
> >   specified in this document, MUST send its Multicast DNS queries from
> >   UDP source port 5353 (the well-known port assigned to mDNS)
> 
> It is sending from the port on which it listens, as noted in the remainder of that paragraph:
>    , and MUST
>    listen for Multicast DNS replies sent to UDP destination port 5353 at
>    the mDNS link-local multicast address (224.0.0.251 and/or its IPv6
>    equivalent FF02::FB).
> 
> I.e., it is sending from a server. 
> 
> >> This suggests we should neither create a registry nor document this approach, to avoid either giving the impression of endorsing this behavior.
> > 
> > I don't follow. 
> > 
> >> At best, we should document why this behavior is incorrect and should be avoided.
> > 
> > Based upon the preliminary discussions we've had on the QUIC list, I don't think there's consensus to do that.
> 
> Well, there?s no consensus on reserving ports as source ports UNLESS that is the port on which the service listens. I.e., IANA ports are defined as listening ports and are thus used in packets emitted from that listener.
> 
> There should be no prohibition on using any port number for source unless a listen exists on that port. There?s no precedence for that decision and no registry where those values would be indicated. 
> 
> Joe
-- 
Rod Grimes                                                 rgrimes@freebsd.org