IETF Logo Mail Archive

Re: [tsvwg] OCS option in draft-ietf-tsvwg-udp-options-06

Joe Touch <touch@strayalpha.com> Fri, 08 March 2019 07:16 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84E02130EC1 for <tsvwg@ietfa.amsl.com>; Thu, 7 Mar 2019 23:16:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Level:
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n8EXz7HB9ipY for <tsvwg@ietfa.amsl.com>; Thu, 7 Mar 2019 23:16:55 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48929129C6A for <tsvwg@ietf.org>; Thu, 7 Mar 2019 23:16:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=6JcF3FpCno1WWMcZ6JhfnEOImKFrriSUCbpuavkMDl4=; b=P2X/ylnIi4EBpN6peO+YFD4nJA 9Lk/IybHHqf+XmlrB+7irwpSx69+2eBkpLfTGKzKw3vG8/QGMNOmyne383ElJq5HcUclaRk+T8oUw wXFnWcd1/5woy2PEHp/QzZYjan/i3qsw0NRtK4+e/fxQAoQXIu5a2NXjw1ZfBBJtrAIaJ02kK7Xpk N+VA3MTaxauATsjBKcjpT/d859za6Ru7ol9huUJIGsTQ0k71zwP8nw61nvtkHgeRAtjDQmeKxQVPV y29GDuqnH3hPYhgc42utO3CMVHIR5oYNqntl7e7bIGc6Zmn4YQ3hfK2FUzC0cEyc/391/P6EUty1A WAIZgayw==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:65278 helo=[192.168.1.250]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1h29kO-000bol-DR; Fri, 08 Mar 2019 02:16:50 -0500
To: gorry@erg.abdn.ac.uk
Cc: Derek Fawcus <dfawcus+lists-tsvwg@employees.org>, tsvwg <tsvwg@ietf.org>
References: <CACL_3VE62sfpyF8CyCv4=XrzQDnJU=y11Rag_x0bXSpfLZZe5g@mail.gmail.com> <7D37562E-0375-4EDE-845C-013A4C2E56BC@strayalpha.com> <e8fbc82d70ff620b96d710e854285863@erg.abdn.ac.uk> <20190307212311.GA95604@bugle.employees.org> <EDEEEEAD-A139-4AD8-A5C0-AD1C84B31B22@strayalpha.com> <5C821546.1020401@erg.abdn.ac.uk>
From: Joe Touch <touch@strayalpha.com>
Message-ID: <491381c9-b355-5c8d-dde0-5ce8a3a4420e@strayalpha.com>
Date: Thu, 07 Mar 2019 23:16:48 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <5C821546.1020401@erg.abdn.ac.uk>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/N0NlViDfkQuOFeN9MSs8awaM5BA>
Subject: Re: [tsvwg] OCS option in draft-ietf-tsvwg-udp-options-06
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2019 07:16:56 -0000

Hi, Gorry,

Designing for deployability to me involves adapting to MAYs and
exceptions to SHOULDs - i.e., legitimate deployment options.

Designing to overcome bugs or deliberate deviations from specs is a
losing battle. It helps endorse and entrench bad behavior and undermines
the very nature of specs.

If that's where we are, let's all save each other's time and call it the
"wild west".

In this specific case, there's a cost to requiring OCS - additional
effort exactly where it users decide it isn't needed (e.g., when UDP
CS=0 or the entire packet is covered by another layer, such as protected
tunneled transit) or where they decide the IP sum isn't enough (e.g,
when using ACS).

The default can be to include it, but IMO that's as much as we should do
here.

Joe

On 3/7/2019 11:09 PM, Gorry Fairhurst wrote:
> On 08/03/2019, 03:47, Joe Touch wrote:
>> Hi, Derek,
>>
>>> On Mar 7, 2019, at 1:23 PM, Derek Fawcus
>>> <dfawcus+lists-tsvwg@employees.org
>>> <mailto:dfawcus+lists-tsvwg@employees.org>> wrote:
>>>
>>> I believe the result of the CCO experiment was that it, or this new
>>> OCS,
>>> would always have to be present in order to guarentee a packet passes
>>> through certain middleboxes.  Except possibly th the case where the
>>> UDP header checksum is zero?
>>>
>>> Given that wouldn't it make sense for this option to be both
>>> mandatory to
>>> implement, and always present in the options area?
>>>
>>> DF
>>
>> You’ve already partly answered your own question.
>>
>> The other case is ACS, in which case (currently) there would be no
>> OCS. It would be somewhat wasteful in both space and computation to
>> include both, unless passing such middle boxes is needed.
>>
>> Note - traversal of incorrectly implemented middle boxes is not a
>> primary design consideration for UDP options. We are absolutely not
>> designing a “byzantine” protocol, i.e., one that survives arbitrary
>> attacks by intermediate boxes, whether deliberate or accidental.
>>
>> Joe
>>
> To be clear: This is not just a middlebox, NAT, etc consideration,
> there are also hosts that offload UDP option checks, that can
> black-hole the UDP Options that do not have the "CCO" like OCS value.
>
> As an individual in the IETF (rather than the WG Chair), I think your
> note is a fair point for more discussion about whether we should
> design for deployability. It seems that a large number of people in
> the QUIC WG are specifically designing their new transport to optimise
> the chance of working through network paths that have middleboxes. At
> least with respect to IPv4, I could see merit in requiring the OCS in
> the options area.
>
> Gorry
>
>

v2.23.0 | Report a Bug | By Email