Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
Christian Huitema <huitema@huitema.net> Tue, 09 April 2024 15:29 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89DE5C14F5F9; Tue, 9 Apr 2024 08:29:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oNPw-1Rwv-hr; Tue, 9 Apr 2024 08:29:44 -0700 (PDT)
Received: from semf08.mfg.siteprotect.com (semf08.mfg.siteprotect.com [64.26.60.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D017C14F5E3; Tue, 9 Apr 2024 08:29:44 -0700 (PDT)
Received: from smtpauth01.mfg.siteprotect.com ([64.26.60.150]) by se02.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1ruDPn-00EQwk-FC; Tue, 09 Apr 2024 11:29:40 -0400
Received: from [192.168.1.102] (unknown [172.56.169.185]) (Authenticated sender: huitema@huitema.net) by smtpauth01.mfg.siteprotect.com (Postfix) with ESMTPSA id 4VDVHx2S8pz162NvV; Tue, 9 Apr 2024 11:29:33 -0400 (EDT)
Message-ID: <017b6905-d56c-4821-a313-644f003f2925@huitema.net>
Date: Tue, 09 Apr 2024 08:29:32 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Tom Herbert <tom@herbertland.com>
Cc: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>, "Gorry (erg)" <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
References: <CAEh=tcd2FzQxgbSivuX2cEg2FpsnkoqdFw5gMhrx3pkT_JV88Q@mail.gmail.com> <2BEB5CC3-BB54-4119-A20F-8497ED4B5AE2@erg.abdn.ac.uk> <CAEh=tccKg7YHYkwKZ978uaXmTkBu3zyA+WBAW=eBMKAh2PSVDw@mail.gmail.com> <b7f7b836-c625-445d-bd38-f5ed8f4ba757@huitema.net> <CALx6S34=5CCDY_Wj1+9Moj0NMnZr=gBjpT3NBfom6r6oouGJEw@mail.gmail.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <CALx6S34=5CCDY_Wj1+9Moj0NMnZr=gBjpT3NBfom6r6oouGJEw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.150
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.06)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT+GsMBZGQ+nh+Q32LHnxiD/PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5z5W83tr/6vNQtj+4/xevXoW95spUSdK3VnU+g2XY9jxtqG 1OdKLK9CK9haUsE78VyOvEc/lOQBjdEi9z2Y/BVY5/LD2g4mUo4Dbk4/l8IQHbyyMZOmEDgX6xV3 lQblnjq+LzRXdJ1YqdfatOCcqltxJOxOjR0ukcYY3oUWkOlDyz1/9zj2k5FXUATjIZ74enpPZDez DN9a/J+reU9kttGlX0vXC+rEaeGi2eD5Xf3Joc1Fcs0SC8nblZenCVIev6lgr8xvzLDaRSc9eiji LL8obV7BxxPBKzU39/yjS6/oyVEu5C5Qpt+ySX+arCVy82MVoKan+n/RNkihWEY9fqXQhaUHyuMr hMOgFibBDgffCjxvOFsZtiumh0uu8B3QoJGaVs2c1Tq+ByoZMREACQxLeojJCimrFgJg48+TIHuv ZTQGAMrrTbtqaiS1SstPlN2yGf9cCvIdooB6k0a0807VqmqFAo87iPgwXjSZgtJYfr2cTA3dsuWI QitrJuuk0g+3QM22Wm73+PngL70p9A+Wb9dYDDnKXVLIVIlzIQf7nQRWnlCuVd/azL8F4K4Nury8 Ksk+aedMfNWSnJswrtlNS87h4lKCwD/NGHcUTRljLVHuAq4k7PqG9M5idz7joR5wmQf9cgFUgdFJ 0BSVzvcZ4exMJTW1cRLuCgKRuG4mt3MhuFWv1ncsgMffAZBRnhSUEd3bAnnes+zbrnBytZciV1CY WRJ1Q8UJMgZYFNjZFSDSzN559B4Yeo3BSxhgpGasfvb5KPhZrKE4R3WRADwZMlhFSGOSgMb4Ksdr uPR1UXOwK6vRcBOFxeMs/w071h4usDyLvokxtMASEJgCA3vrQoKdJKNIB5sQWa7OUAEYCtdvBDTn OTjBiQxnB6xW4IcURZUp8O7sSoXMAYYKzVg5Ux0q+mKpeyk22UgO3o9UYjui6aTcmgkzSGNNCjF7 7qpy2DNwOgV373pfDhBQ21OdCgZhRFFHnhPb3RWMN/14rsvXM4+UoMvWl+F4zfbBclZe1BHI/RJa DL+5WxaVd0U9nJ2rhFQmZ4f7y75y21ZHFH7nvaSSAXIbJiVqolw0h6Bi6i9rgM2bOkddbSPARoPu a7X/CX9/5OOSfZtD8DykThFlpIn/hi+29TNbQAfExDUDI/CtZtprHrOXK6bygwRgtUnRM43wTVPb os0UB2tm+A==
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/SIrwhSd48p5wyr487FwIgwuUR3I>
Subject: Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 15:29:48 -0000
On 4/9/2024 8:17 AM, Tom Herbert wrote: > On Tue, Apr 9, 2024 at 7:29 AM Christian Huitema <huitema@huitema.net> wrote: >> >> >> >> On 4/9/2024 6:09 AM, Zaheduzzaman Sarker wrote: >>> >>> >>> On Tue, Apr 9, 2024 at 12:48 PM Gorry (erg) <gorry@erg.abdn.ac.uk >>> <mailto:gorry@erg.abdn.ac.uk>> wrote: >>> >>> See below for my 2c. >>> >>> > On 9 Apr 2024, at 11:31, Zaheduzzaman Sarker >>> <zahed.sarker.ietf@gmail.com <mailto:zahed.sarker.ietf@gmail.com>> >>> wrote: >>> > >>> > Hi all, >>> > >>> > Putting my AD hat on, if we specify protocol features only for >>> endpoints to >>> > consume and not for endpoints to network, then we should make >>> sure that is >>> > case when we design and describe it. We cannot expect all the >>> > intermediaries are well behaved or features are used as intended when >>> > designed. From that point of view it is not good enough to send >>> information >>> > in clear and just say "UDP Options are for Transport, Not >>> Transit". With >>> > the current, well placed, scrutiny of privacy and security on all the >>> > protocols that IETF is producing- It would require a huge >>> exception to get >>> > it published. >>> > >>> > The questions I would like to get answer is - >>> > >>> > Is it OK for the endpoints to send information in UDP >>> options which >>> > can be read (only) by the transit nodes and react to it? if NO, >>> then how >>> > to prevent that to happen? >>> > >>> > //Zahed >>> >>> this is a transport/encapsulation that can be used without the >>> benefits of encryption.To me, this was already clear when the >>> working group asked to start this work (it certainly was made clear >>> after the work was adopted), and this spec developed over many years. >>> >>> >>> Right, many years have past and we should then recheck the consensus on >>> this. From the mentioned email discussions and views expressed here I am >>> not sure it is clear to me what consensus we have now. Could you also >>> please provide me any reference to the consensus? >>> >>> >>> >>> So. I think given this, it is OK for the endpoints to send >>> information in UDP options which can be read (only) by the transit >>> nodes and they can indeed react to this. That has always been >>> possible with tunnels, extension headers, and transports - at least >>> those not using transport encryption. This comes with positive and >>> negative impacts. >>> >>> In today’s world, a designer can choose to protect all of the >>> transport eg using QUIC - and many designs will follow that path. >>> Although, there is a large body of work in the IETF that still >>> directly uses UDP. That to me is OK if that best fits the use. >>> >>> >>> Yes, UDP should be considered as transport protocol. It would be good to >>> have a view on how many of those large body of work uses or envision to >>> use UDP options in clear. This would boost the motivation for this work >>> and back up the need of UDP options. >> >> Depending on the application stack, UDP is either a transport protocol >> or a transparent pass-through. Indeed, this is pretty much the intended >> design of UDP, as stated in RFC 768: "This protocol provides a procedure >> for application programs to send messages to other programs with a >> minimum of protocol mechanism." >> >> If the application stack is including its own transport protocol, then >> we are in the "pass-through" case. This is absolutely the case if the >> application stack includes QUIC, SCTP or DTLS, but there are other examples. >> >> In the pass-through examples, and especially when the application >> transport uses encryption, adding clear-text options does not add value. >> It destroys it, re-enabling surveillance despite encryption of the >> application. >> >> I think there should be a very clear mechanism for application to >> "opt-in" the usage of clear-text application, and that for applications >> that did not opt in the reception of clear-text options should be >> treated as a protocol error. >> > > Christian, > > In current host stack implementation, when a UDP packet is received > with surplus area we truncate the packet down to UDP Length and > otherwise ignore the surplus area bits. Are you suggesting that the > default behavior should be to drop packets with a UDP surplus area? If the application did not opt-in, yes, because that's the best way to prevent "off standard" deployment of clear-text options. > > IMO, this might be worth considering. I agree that this would tighten > security. Also, I would point out that even truncating the surplus > area like we do today is not without cost. If we are doing protocol > agnostic checksum offload, the preferred method, then we need to > compute the checksum over the surplus area when truncating and so we > do this in the CPU. For a large surplus area this can burn a lot of > cycles to process data that is useless to the receiver; conceivably, > this could be a basis for a DoS attack on CPU resources. Yes, there is also a security aspect. Adding option processing does increase the attack surface, and even simple options like Ping have caused issues like Heartbleed. Add the extra CPU requirements that you mention, and I can see why security conscious application would want to not use any clear-text addition to UDP packets. -- Christian Huitema
- [tsvwg] Review of draft-ietf-tsvwg-udp-options-32 Martin Duke
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Martin Duke
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Martin Duke
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Gorry (erg)
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Tom Herbert
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Tom Herbert
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Joe Touch
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Sebastian Moeller
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Martin Duke
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Erik Auerswald
- [tsvwg] Discarding the UDP surplus area when prot… C. M. Heard
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
- Re: [tsvwg] Discarding the UDP surplus area when … Tom Herbert
- [tsvwg] github issue long term archiving[ wa… Sebastian Moeller
- Re: [tsvwg] Discarding the UDP surplus area when … Gorry Fairhurst
- Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker