IETF Logo Mail Archive

Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32

"C. M. Heard" <heard@pobox.com> Mon, 29 April 2024 21:24 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B856C14F699; Mon, 29 Apr 2024 14:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aHoJzrqBo44T; Mon, 29 Apr 2024 14:24:34 -0700 (PDT)
Received: from pb-smtp20.pobox.com (pb-smtp20.pobox.com [173.228.157.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43F36C14F689; Mon, 29 Apr 2024 14:24:33 -0700 (PDT)
Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id DAC091884D; Mon, 29 Apr 2024 17:24:32 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=UqAQpp1NU+hsGM3AbpOKNoiN80Hm9aHB frmSxbdcieA=; b=KY4qcjyyE/78ZkYPG5wrbyzDKkSB+QfoFy7MJXDoHSmDHxh7 nf7fHVrXUMM+RlITjPIPhU/hIvZRY4cz/VAvbOkaS4P8NdbFrr7rt6h/vL3w8Z2T SpACRIJ6vze3LpsgrUZGckQCAnqN2XYXoqGnNKzYz85iwUh7kjDlfdWAUlY=
Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id D422E1884C; Mon, 29 Apr 2024 17:24:32 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-ed1-f54.google.com (unknown [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 876FD1884B; Mon, 29 Apr 2024 17:24:28 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-572669fd9f9so3825243a12.0; Mon, 29 Apr 2024 14:24:28 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCVJN9VPgxYeXVEmaiqRMh2lixUdaKoNKgjHChNKEU6gocku+JY6J0eNv0YCXCaFHdvi/zJCuyb+MhYK5Zc72sWcombzDL0XNO9hvzSXmj+mt03IQT+xMRLGj8aXdu6Ivrr/Btzu7TjeD4g=
X-Gm-Message-State: AOJu0Yw47euT+nZm6wpf8R8ItcDmhtMhSuZfLIx/r8MtH/8mv20Zia2a L0nYgAxNiCpUD7AIrCMZJS4qr2RUzLMkQMuO0+oPz5DPzmnNvStYChyBWFZQBg5ihZ//wZvgta3 +tEnjvzJ8SIKagr6UM+jMNfVsvlw=
X-Google-Smtp-Source: AGHT+IEhilz3+oFtMNpN97J3aCNNEwsSxefvFsQF6OckJjXIlgaa/q8hTFTVyOf3xPjR5Kf0bWSOd11az5zEexS5juI=
X-Received: by 2002:a50:d6d8:0:b0:572:72ff:da35 with SMTP id l24-20020a50d6d8000000b0057272ffda35mr3945087edj.12.1714425866324; Mon, 29 Apr 2024 14:24:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxSpwRF5E3Xc_hotgvCSdKVe4BY_zRUKAzHvW48JEtWqTA@mail.gmail.com> <CACL_3VGOLkJU1m7pqSXRRouCKwdQ6yrbmaPwoa22Jr-N3FZNzA@mail.gmail.com> <fccb92b0-dbc8-4cb2-b49c-1f603297d721@huitema.net> <CAEh=tcd2FzQxgbSivuX2cEg2FpsnkoqdFw5gMhrx3pkT_JV88Q@mail.gmail.com> <F36164D6-8685-4AB2-AED3-147E4D6D8FF8@strayalpha.com> <CAEh=tce1nU4P2NZVn7NVsWKgmKLhtUzDpfbf3wzJRjgbryy9+w@mail.gmail.com>
In-Reply-To: <CAEh=tce1nU4P2NZVn7NVsWKgmKLhtUzDpfbf3wzJRjgbryy9+w@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Mon, 29 Apr 2024 14:24:18 -0700
X-Gmail-Original-Message-ID: <CACL_3VGhwuEgHM=nSftYNJBUOm2yHyav+x=NUTZfWTfOeK4XcQ@mail.gmail.com>
Message-ID: <CACL_3VGhwuEgHM=nSftYNJBUOm2yHyav+x=NUTZfWTfOeK4XcQ@mail.gmail.com>
To: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Joe Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c19a7e061742e099"
X-Pobox-Relay-ID: DC670EAC-066E-11EF-BC7D-F515D2CDFF5E-06080547!pb-smtp20.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/R9G844wA9fCSnEPu9SD6EJb5Ll4>
Subject: Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2024 21:24:39 -0000

On Thu, Apr 11, 2024 at 4:16 AM Zaheduzzaman Sarker <
zahed.sarker.ietf@gmail.com> wrote:

>
>
> On Tue, Apr 9, 2024 at 5:01 PM touch@strayalpha.com <touch@strayalpha.com>
> wrote:
>
>> Hi, all,
>>
>> On Apr 9, 2024, at 3:31 AM, Zaheduzzaman Sarker <
>> zahed.sarker.ietf@gmail.com> wrote:
>>
>> The questions I would like to get answer is  -
>>
>>       Is it OK for the endpoints to send information in UDP options which
>> can be read (only) by the transit nodes and react to it? if NO,  then how
>> to prevent that to happen?
>>
>> //Zahed
>>
>>
>> We can prevent that if/when we proceed with the UDP encryption option or
>> using IPsec.
>>
>
> I wanted to make sure we have a consensus here that it is good enough to
> do so.
>
>
>>
>> But all this talk about transport protocols and their vulnerability to
>> on-path mods strikes me as hollow. We have had such protections for TCP for
>> a generation (over 25 yrs) with TCP-MD5 and its successor TCP-AO. Neither
>> one protects packets from on-path tampering with IP options, but we’ve had
>> that for just as long too.
>>
>> What we don’t have is a widely enough deployed key infrastructure. Until
>> that happens, it’s difficult to understand how raising these issues
>> obligates protocol designers.
>>
>
> (I am not sure why that is not widely deployed yet :-).)
>
> The obligation here is that we have thought about the possibilities,
> understand the pros and cons, made the right choice, and well describe them
> on what we published.  I am not AD reviewing the document now, but I would
> not like wait till my AD review to express what I would be looking for. Now
> you know and can just tell me yes we have done those thoughts and in
> section XXX we have described it well.
>

This is now Issue #45
<https://github.com/tsvwg/draft-ietf-tsvwg-udp-options/issues/45> in the
github tracker.

As was noted earlier in this thread, the issue was discussed previously on
the TSVWG mailing list:

On Fri, Apr 5, 2024 at 9:49 AM Martin Duke wrote:

> On Thu, Apr 4, 2024 at 2:22 PM C. M. Heard  wrote:
>
>> TSVWG went over this ground, to some extent at least, during the initial
>> discussions of the initial versions of draft-reddy-tsvwg-explcit-signal
>> (now expired) and draft-kaippallimalil-tsvwg-media-hdr-wireless (still
>> active). After several threads in which the merits of using UDP options for
>> host-to-network signaling was discussed (see, e.g., Challenges for host
>> to network signaling via UDP Options
>> <https://mailarchive.ietf.org/arch/msg/tsvwg/SpcVd6EB1Zi6FUhhyn2-o6nxuq4/> and
>> other messages in that thread), I think most in the WG came around to the
>> position of *not* wanting to see UDP options used for host-to-network
>> signaling, The chairs are, or course, the folks who can make authoritative
>> statements, but that was my impression, at least. The current version of
>> draft-kaippallimalil-tsvwg-media-hdr-wireless does propose to use UDP
>> options for signaling, but as part of a tunnel encapsulation arrangement,
>> which does not conflict with the desired E2E nature of UDP options.
>>
>
> Thanks for the pointer. I'm glad that the WG has already done what I've
> asked.
>

I cited only one of the relevant threads. Would it be helpful if I were to
go back through the mailing list archives and add links to all of the
relevant threads in a comment? That will be a fair amount of work, but I am
willing to do it, *if* it will help the AD, the chairs, and the WG.

Please let me know.

Mike Heard

v2.35.0 | Report a Bug | By Email | System Status