Re: [tsvwg] Rregarding soft-state and UDP options

Joe Touch <> Mon, 06 January 2020 00:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C078C1200DB for <>; Sun, 5 Jan 2020 16:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.218
X-Spam-Status: No, score=-1.218 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LzkfRZXtyZ2Y for <>; Sun, 5 Jan 2020 16:50:45 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7389A1200D6 for <>; Sun, 5 Jan 2020 16:50:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ORBJYg23KDRAPL2pTJ71PDiF+Zn/q7uSTX8oiWm9olc=; b=CGGMWNeIKQjKYMtm6Ih6A/aEK 0OC0sNvVlpBhTYjb3cgNQNA6W84XWIGbf5yOpOF9pCzA3WNWeqeBP2OFTwiAgoBUi/hhIIuJW1R3p UQ5j/mUk2Y32/X5WoIyCqVCmTBLiDTln+tkbwdyofKBB45tEDdYTuGzpzNDt6/SDFJTxUtPQlBmDy Q2uRAhDRbY7S8Imj6MokBeEBpjScEflNIOOyElmi3nTWZ2j/1Rpm6s3p5jEkDv7nuHYJSByZRrgHd vznJsVW59PUuJgO4etkFJziCr0XCHLGWGJpbTEwr9SNez/Ipkd0egr+OhRKjB7WUIMST7iyS9gGhK T5dwji0xg==;
Received: from ([]:54877 helo=[]) by with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <>) id 1ioGbQ-002vqx-5s; Sun, 05 Jan 2020 19:50:44 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_17AD8A9D-4238-4727-BDE4-69B259B6AE62"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.\))
From: Joe Touch <>
In-Reply-To: <>
Date: Sun, 05 Jan 2020 16:50:39 -0800
Cc: Tom Herbert <>, TSVWG <>
Message-Id: <>
References: <> <> <> <> <> <> <>
To: "C. M. Heard" <>
X-Mailer: Apple Mail (2.3608.
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
X-From-Rewrite: unmodified, already matched
Archived-At: <>
Subject: Re: [tsvwg] Rregarding soft-state and UDP options
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Jan 2020 00:50:47 -0000

> On Jan 5, 2020, at 3:50 PM, C. M. Heard <> wrote:
> On Sun, Jan 5, 2020 at 12:58 PM Joe Touch wrote:
> As I just posted, at best it would mean “if the following option is not recognized, drop all options”. It should never mean anything else.
> If payload data accompanying options that are not safe to ignore is firewalled behind FRAG+LITE, then dropping all options will accomplish the goal of not delivering data that has not been processed as intended.

Yes - that’s what I’ve been saying.

> Any application that cannot tolerate zero-length messages should never use those options. Any app that handles zero-length options should then work on hosts that support or do not support options that way.
> s/Any app that handles zero-length options/Any app that handles zero-length messages/

Yes…(sorry - that was a typo on my part)

> > I'm open to discussion as to whether a socket read should signal a zero-length datagram and whether delivery of other options in the packet should be suppressed
> Now you’re getting into issues we cannot; it’s all or nothing:
> - all options in the regular space MUST individually be ignored if not supported
> - options in the 253-codepoint space would then cause the options - as a whole - to be dropped
>         if you just wanted the option to be dropped, then the regular code point space would have been sufficient
> I think I see a problem in the above statement of what happens to options in the regular space when it is applied to AE.

AE has two behaviors: E needs to be used with FRAG+LITE. A doesn’t.

> In the case where AE is used only for authentication, the above implies that an option-aware receiver that does not support AE would ignore a received AE option and deliver the payload data whether or not it was firewalled by FRAG+LITE. That behavior is different from TCP-AO, at least in the absence of TCP-FO: any data in a SYN segment sent to a receiver that does not understand TCP-AO will not be delivered,

That depends on the final ACK of the three-way handshake. Actually, if the SYN-AO, SYN-ACK-no-AO, ACK completes, then the connection simply downgrades to not using AO. Whether this is allowed by the receiver depends on the AO configuration of the receiver. A non-AO receiver would accept the data just fine.

> since the 3-way handshake will never complete (as you correctly noted, the initiator will drop the SYN-ACK returned by the receiver because it is not signed).

That’s a policy decision by the sender; the sender can send RST or can send ACK - it’s up to the configuration.

> Is this difference intentional? It seems wrong.
> Again, we cannot cause the PACKET to be dropped. If the packet contains regular data, it MUST be delivered to the application.
> Modulo the issue with AE noted above, that works for me as long as the payload data accompanying any option that is not safe to ignore gets firewalled behind FRAG+LITE.

It would.

>  It is up to the receiving application to decide what to do. A receiving app that wants to enforce authentication would drop the packet THEN. UDP cannot.
> If that means that the application will be provided with a configuration parameter (e.g., socket option) that specifies whether datagrams with the AE option that do not match any MKT are accepted or discarded,

Yes, that’s the assumption - we stated the requirement that “senders decide which options to include, receivers decide which options to require” a LOOONG time ago.  The rules I’m explaining here are consistent with that - i.e., it’s up to an option-aware receiver to decide whether options are “all or none” or cause packets to be dropped. That can happen at the app layer or be a configuration of the UDP implementation. 

> I'm OK with that, provided that it applies to all implementations of UDP options. In this case a receiver that implements UDP options but does not support AE is just considered to have an empty set of MKTs.

It does according to the “receiver decides” - that could happen with any option.

> If I have correctly understood what I read, this is the behavior mandated for TCP-AO: RFC5925 Section 7.3 mandates that there be a configuration parameter that can be set to discard segments with the AO option not matching an MKT.

Yes, but that’s not the same as the sender forcing it. We’ve always asserted that receivers can decide what to require - and yes, that can be buried in the OS or UDP implementation. 

> Mike Heard
> P.S. The current draft is unclear whether AE encrypts options or just the payload, as specified in draft-touch-tcp-ao-encrypt. I presume the latter since encrypted options cannot be parsed; but there would then need to be a special provision for payloads that are firewalled behind FRAG+LITE. Hopefully this will be clarified in the next version of the draft.

Just payload. That can be clarified, as you suggest.