Re: [tsvwg] Remaining issues for draft-ietf-tsvwg-udp-options-22
Tom Herbert <tom@herbertland.com> Sun, 09 July 2023 16:16 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD88C151061 for <tsvwg@ietfa.amsl.com>; Sun, 9 Jul 2023 09:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfkXdvxFpnOT for <tsvwg@ietfa.amsl.com>; Sun, 9 Jul 2023 09:16:02 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42C89C14CE31 for <tsvwg@ietf.org>; Sun, 9 Jul 2023 09:16:02 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-5577004e21bso1274526a12.2 for <tsvwg@ietf.org>; Sun, 09 Jul 2023 09:16:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1688919362; x=1691511362; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9aR1zYlqSxkVSFbPlMur8nFVru0t7c0XUdq9dbM9a3o=; b=c8p071K97FezB/QD9Uba7tF4iqIImPBVnwIWFK04DimQWamKR0niT/Q9MVGVCsBFub ZvFIheasVbz8cWnTPhpuGbYLFeL/+s13mXo4bI6cXOVF+6F8lDTTGu1UpnI2GQqnJ1Rt jMmuK3vpkv3jHO/4kUB1cbIB7A953lHAK/9sdu9rec8PQvj5f2vkc1Qq3yk5Q6IMn1DU 5aSHbwHJ/Qt23R+/5SgLhAjsRllLGBlLvNpCUmLEi7tldbr+dTI1/B3oIVMZJpG7cjVr g91cqckSr4WivyJPReZrRkknMuk/Rd6lCsGuZeNuIQwlJ+H7uRe7k5YVpDRe/ZFuY1ux i7+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688919362; x=1691511362; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9aR1zYlqSxkVSFbPlMur8nFVru0t7c0XUdq9dbM9a3o=; b=keX1vWG4HtzhocRsR9cD2/K3VhIeGwwwquoV1k+zmu+3V9gyAnoCphW9KqWderttjE vM7qxU2SnGihPBnsl05AszPXEH80GADE3vQ65yaTxIPooAnS33MDUQjrgQcqfu132qUW lLhCq7iJgINJx4+k1Dk7xp+Do+5Fvaz3lekCmqYgLq1eGd16IQoGE4oLpmKZmr1SdNxQ 9m8GIa3HCTPjZRczrX4qCwBNBYx4DttIL20Bgopff6jGTKpKIFRNXtuPj5fPQuwGNsa5 sL6A+gqp28tQE137qo5vS77B9pRnH2iyddemPjEzMJALLw2ktLiq/y0rL9wAD9usfQK0 Up2g==
X-Gm-Message-State: ABy/qLaaC7xBj0xuy8uwu6evL11RP1ZLUDnXNousU23NwsL7dzYqDO8t hvafATU4E9k6knO5YVnsBixdCVcNG3Nr6tH4etniZ5Srbyhm4PE7tZo=
X-Google-Smtp-Source: APBJJlFaEnT7vECHyWjJSqn2mViWUfPjULmx4yLuILb8XvAx9I5I4sTQnLM+Cr6RPPso3zWnih4HAadrNTZfj/sp32Q=
X-Received: by 2002:a17:90b:1215:b0:262:ebfd:ce44 with SMTP id gl21-20020a17090b121500b00262ebfdce44mr8508604pjb.34.1688919361636; Sun, 09 Jul 2023 09:16:01 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com> <CACL_3VEw4koyJSX3xA3UJ1Vikg+F9PPw1G030jQPHhZdoOETSA@mail.gmail.com> <d34aa821-207d-78eb-ead2-e2d918939dcf@erg.abdn.ac.uk> <CALx6S36+igMg+9_w15VqnswRxHxRnm5QMmdWTxS0=Xnr05aO0A@mail.gmail.com> <ba799501-44c7-e953-4d47-ae6c237c98af@erg.abdn.ac.uk> <CACL_3VF1OsFc03O9PUFtpDnsQWZUib1KtrQ07nD7h5qdPHNMsQ@mail.gmail.com> <CALx6S37qbXXJpS2SHsTUZjBKcTUfupqZU59z0H6m=Ovki9q-Sg@mail.gmail.com> <CACL_3VHT92HAFTmJUGe8LCZgyNTuBSu815_ERzq6Z=y=9h942g@mail.gmail.com> <CALx6S37LcuzrybcqU3BbxxnghDfUFqbpvh8C4pc34e6tYeT1ug@mail.gmail.com> <10957962-226f-031b-fdc6-75f27dbfc1c0@erg.abdn.ac.uk> <CALx6S346BN5krv+CRDpXmkVCCcf6UOg=LTtcyoKNGYMPz3QJbQ@mail.gmail.com> <a1baaa27-1585-6f8d-5519-0751a8d5fa6c@erg.abdn.ac.uk> <CALx6S37reuTxTGO20q1xY_RzuyxV=Osjda0UeibRUsmkKw5MdA@mail.gmail.com> <737ee87d-f140-9984-aa2d-d05849f92954@erg.abdn.ac.uk> <CALx6S35z_TZCZKz=N+SpXJ18E0F5hQWkxqSa3v3jDJidCFUBuQ@mail.gmail.com> <8a4adbfd-7ca2-c421-e738-a5a0670b0ca0@erg.abdn.ac.uk> <CACL_3VHjW_UYx4=wkky6UgOga+SXQZqTp8Kh0qU0uTitcvwHUw@mail.gmail.com> <CALx6S3470NC_kaGBZ5UQvG9i7vyvOf_JqH+VTgTboDANqY7P4A@mail.gmail.com> <CACL_3VH7KJSKtzGHsHCMaZpWWDHFso_8ymAfbVP5pY_j2Mrt3A@mail.gmail.com>
In-Reply-To: <CACL_3VH7KJSKtzGHsHCMaZpWWDHFso_8ymAfbVP5pY_j2Mrt3A@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 09 Jul 2023 09:15:51 -0700
Message-ID: <CALx6S35qC9tnRKv9Cp6rOJvnuaywAXe3u=Nhn9JrQRAyCvdoTw@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Joe Touch <touch@strayalpha.com>, TSVWG <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/V_oIxX8itTU0LPAI7P6jehCi_kw>
Subject: Re: [tsvwg] Remaining issues for draft-ietf-tsvwg-udp-options-22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2023 16:16:07 -0000
On Mon, Jul 3, 2023 at 5:27 PM C. M. Heard <heard@pobox.com> wrote: > > On Mon, Jul 3, 2023 at 4:50 PM Tom Herbert wrote: > > Considering that this is a new protocol for which there is no > > deployment and no one yet understands all the security and deployment > > ramifications, just saying "let the user decide" seems trite to me > > without providing some meaningful guidance. The discussions about the > > interactions with UDP checksum and RFC6936, and firewalls have been > > very nuanced and complicated to the extent that I wouldn't know the > > conditions that it's safe to not use a surplus checksum in my > > deployment-- I think a typical user trying to figure this out for > > their deployment would be lost. > > > > So, to simplify the things, > > ... in an utterly trite way ... > > > I'd like to suggest this text: > > > > "By default, an implementation MUST send the OCS and an implementation > > MUST expect and validate the OCS checksum on receiving UDP packets > > with a surplus area. An implementation MAY allow the OCS to be > > configurable to both send and validate in receive. A user should fully > > consider the risks and ramifications of disabling the surplus area > > checksum, especially the risks of misinterpreting surplus area as > > containing UDP options when in fact it contains unrelated data" > > > > So basically, this is saying that if the user decides to disable the > > surplus area checksum they are doing it at their own risk. This could > > apply across use cases, so there's no need to tie this to the UDP > > checksum being zero, nor reference RFC6936. If there are concerns > > about some firewalls that want the surplus area to be checksummed, > > that can be mentioned as one thing that should be considered, but if > > user wants to disable checksum anyway they can. > > There's more to it than that, which you decided to ignore. > The issues are encompassed in this paragraph from the draft: "Like the UDP checksum, the OCS is optional under certain circumstances and contains zero when not used. UDP checksums can be zero for IPv4 [RFC791] and for IPv6 [RFC8200] when UDP payload already covered by another checksum, as might occur for tunnels [RFC6935]. The same exceptions apply to the OCS when used to detect bit errors; an additional exception occurs for its use in the UDP datagram prior to fragmentation or after reassembly (see Section 9.4)." About "UDP checksums can be zero for IPv4 [RFC791] and for IPv6 [RFC8200] when UDP payload is already covered by another checksum", this statement is incorrect as RFC8200 requires non-zero UDP checksums since the IPv6 header does not have a checksum and so the checksum pseudo header is the integrity check for the IP addresses to prevent misdelivery. There is *no* RFC that states the IPv6 UDP checksum can be zero based solely on the fact that the payload is already covered by another checksum; this is an obvious forward reference to RFC6936, i.e. "as might occur for tunnels [RFC6935]", however, RFC6935/RFC6936 do not simply say if the payload is covered by an integrity check it's okay to use a zero checksum, they state the specific requirements for setting UDP checksum to zero for tunnels (see the ten requirements in section 5 of RFC6936). Furthermore, specific UDP protocols also need to consider the risks and mitigations of applying RFC6936 using zero UDP6 checksums; in section 6.2 of RFC8086 there are three conditions and ten requirements that must be satisfied to enable zero UDP checksums for IPv6 (it was not sufficient to just say that RFC6936 applies to GRE/UDP). Per "The same exceptions apply to the OCS when used to detect bit errors", as the draft states: "The primary purpose of the OCS is to detect non-standard (i.e., non-option) uses of that area and accidental errors". Bit errors could be considered accidental errors, but non-standard uses of the surplus area are not bit errors. When the OCS is being used to detect non-standard uses of the surplus area, which presumably is needed all the time or at least enabled by default, these exceptions are not applicable. The UDP checksum's purpose is integrity checksum for bits corrupted in transport, the surplus checksum is needed to detect non-standard use cases; for instance, a completely lossless network might justify setting the UDP6 checksum to zero per RFC6396, however the risk of receiving a non-standard use of surplus area is not mitigated in a lossless network. Fundamentally, we *cannot* draw any correlations between the UDP checksum and surplus area checksum since they cover different areas, serve different purposes, and the risks of using a zero checksum are different. This is independent of whether it's IPv4 or IPv6, a tunnel or not. If a zero checksum in the surplus area is allowed then IMO there should be requirements in the draft similar to those of RFC6936 but specific to the risks and mitigation for a zero checksum in the surplus area. Tom
- [tsvwg] Comments on draft-ietf-tsvwg-udp-options-… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- [tsvwg] Comments on draft-ietf-tsvwg-udp-options-… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- [tsvwg] Remaining issues for draft-ietf-tsvwg-udp… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Sebastian Moeller
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Sebastian Moeller
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Christian Huitema
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard