IETF Logo Mail Archive

Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32

Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com> Tue, 09 April 2024 13:09 UTC

Return-Path: <zahed.sarker.ietf@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99769C14F681; Tue, 9 Apr 2024 06:09:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OuJBcGUQXdeG; Tue, 9 Apr 2024 06:09:21 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A15CAC14F6A0; Tue, 9 Apr 2024 06:09:16 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1e2178b2cf2so50096195ad.0; Tue, 09 Apr 2024 06:09:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712668156; x=1713272956; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=T13CIc3WlXxEiIuAknIDzq7Hi/7PnIwQXJmQCgrRVnM=; b=S7cNXvCpIiz2He9dYAR8hR3xcQjETcQQve9TOlogJRW8T5XGagp0J+N5w77BTpk3h+ CvJEK14JV5vHzmV6jwAD/uPiEazQdaqMs5fjq1oRkCZObXcKjOGOExPMlpJhkLbjvfXq B9aISoEJW95gELXcpe3zHkvUDmyCl2rAXcdhYyIQlHNXFgN8nrt+kf0kB7XVaSq5BTzt JvcDkWR2uHhnX6TCBO+14mccvqoYKzWrSLPDfvljUhh/drHxeMvKzjfcp0xXarosJAbF 1lfaYRaKMlxFAMQukhkoaTwDsTV4aFkY3hts4dIMIN0CLdeUA7ftjxppuNdnWcG69i+m Gl2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712668156; x=1713272956; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=T13CIc3WlXxEiIuAknIDzq7Hi/7PnIwQXJmQCgrRVnM=; b=WBwIA+z7Tv33F7YpMbirZ20Duy7j2D0B1DG27SHZsXziyjFoI6o7ZEibreZ5zcgdtp 36YMnlIeploiiVjLfEpKrPf9mUE0r5O/X3snNM1X4rEE3rgeLb1wnsBAf+E2EZA9mHML Boe3EluNLpfmBdmSgL31KQnbvJ0J8TpJvri3XsLX9YZOIzULbyTpeROhpcrQaXzgZVk0 2X4HFg1DSSdO2p+X8rxj1t1jaP4yr+HAOarOcs2trh6GUIBN22gXW6TUEi7lV71ZFqdG H0SSu6tZ6r5R9HVpBoIQojqOlV3rWIrMtaqKVhlqWZjcWCFexBgjIg5YKTqehpKAgANt XS9g==
X-Forwarded-Encrypted: i=1; AJvYcCV5y2rL7h5DYf6BC3y9feW4wGsHqrlnZ7HsbWAWB4cUCiK7Q0XZxevx0JgdZO7cMWvGWPukO0Z+pB7vn9LGd0wfNC6LJ8zTfqoPHbbweJ7Pt28Z4D6Qcb9TTJNz1bSFLfVu+Ywrdcg66HU=
X-Gm-Message-State: AOJu0Yxrzg5SFmQQ0VMDkUqXZyZXIKs6ydQH3nlUYKtHt9gOKCwrNKlh bSRO/hN1b6TFEOJhYfGRTfUbDjK3MBL3bwlD+KmdoXshYn50qYEnJSj60/k8Hlcgr7hdIKOBLYm FxxIWIiTErtVeGphT6u8hVEb8k6Q=
X-Google-Smtp-Source: AGHT+IFSLgwkYy/cTUOBY3C+r+TvId1nj8HQK4/KmMsWoG0jd63d3CMmlvju8XhqN1Mtvt5IhUs2lEywB/52Cl5FXRA=
X-Received: by 2002:a17:902:d2c2:b0:1e3:cd26:cf16 with SMTP id n2-20020a170902d2c200b001e3cd26cf16mr14626604plc.51.1712668155755; Tue, 09 Apr 2024 06:09:15 -0700 (PDT)
MIME-Version: 1.0
References: <CAEh=tcd2FzQxgbSivuX2cEg2FpsnkoqdFw5gMhrx3pkT_JV88Q@mail.gmail.com> <2BEB5CC3-BB54-4119-A20F-8497ED4B5AE2@erg.abdn.ac.uk>
In-Reply-To: <2BEB5CC3-BB54-4119-A20F-8497ED4B5AE2@erg.abdn.ac.uk>
From: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>
Date: Tue, 09 Apr 2024 15:09:04 +0200
Message-ID: <CAEh=tccKg7YHYkwKZ978uaXmTkBu3zyA+WBAW=eBMKAh2PSVDw@mail.gmail.com>
To: "Gorry (erg)" <gorry@erg.abdn.ac.uk>
Cc: Christian Huitema <huitema@huitema.net>, "C. M. Heard" <heard@pobox.com>, Martin Duke <martin.h.duke@gmail.com>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000add750615a9a1fc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/WxJ2pWGT-XBJVskWXqxGLcG5KtQ>
Subject: Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 13:09:25 -0000

On Tue, Apr 9, 2024 at 12:48 PM Gorry (erg) <gorry@erg.abdn.ac.uk> wrote:

> See below for my 2c.
>
> > On 9 Apr 2024, at 11:31, Zaheduzzaman Sarker <
> zahed.sarker.ietf@gmail.com> wrote:
> >
> > Hi all,
> >
> > Putting my AD hat on, if we specify protocol features only for endpoints
> to
> > consume and not for endpoints to network, then we should make sure that
> is
> > case when we design and describe it. We cannot expect all the
> > intermediaries are well behaved or features are used as intended when
> > designed. From that point of view it is not good enough to send
> information
> > in clear and just say "UDP Options are for Transport, Not Transit". With
> > the current, well placed, scrutiny of privacy and security on all the
> > protocols that IETF is producing- It would require a huge exception to
> get
> > it published.
> >
> > The questions I would like to get answer is  -
> >
> >      Is it OK for the endpoints to send information in UDP options which
> > can be read (only) by the transit nodes and react to it? if NO,  then how
> > to prevent that to happen?
> >
> > //Zahed
>
> this is a transport/encapsulation that can be used without the benefits of
> encryption.To me, this was already clear when the working group asked to
> start this work (it certainly was made clear after the work was adopted),
> and this spec developed over many years.


Right, many years have past and we should then recheck the consensus on
this. From the mentioned email discussions and views expressed here I am
not sure it is clear to me what consensus we have now. Could you also
please provide me any reference to the consensus?


>
>
> So.   I think given this, it is OK for the endpoints to send information
> in UDP options which can be read (only) by the transit nodes and they can
> indeed react to this. That has always been possible with tunnels, extension
> headers, and transports - at least those not using transport encryption.
> This comes with positive and negative impacts.
>
> In today’s world, a designer can choose to protect all of the transport eg
> using QUIC - and many designs will follow that path. Although, there is a
> large body of work in the IETF that still directly uses UDP. That to me is
> OK if that best fits the use.
>

Yes, UDP should be considered as transport protocol. It would be good to
have a view on how many of those large body of work uses or envision to use
UDP options in clear. This would boost the motivation for this work and
back up the need of UDP options.

>
> The backwards compatibility with UDP was considered important in the
> development of this Spec.
>

This point is absent, AFAIK in Section 16 of the draft now.

//Zahed

>
> Gorry
>
> >
> >> On Fri, Apr 5, 2024 at 2:29 AM Christian Huitema <huitema@huitema.net>
> >> wrote:
> >>
> >>
> >>
> >>> On 4/4/2024 2:22 PM, C. M. Heard wrote:
> >>>> On Tue, Apr 2, 2024 at 2:23 PM Martin Duke wrote:
> >>>
> >>>    ...
> >>>
> >>>    - I appreciate the work to make this an end-to-end signal, and that
> >>>    UDP has pre-existing limitations in this regard. I also think the
> >>>    use cases are probably valuable.
> >>>
> >>>    But in 2024, if we want to make rules about what the network can and
> >>>    can't do, we enforce it with encryption and authentication. I
> >>>    recognize that these were originally in the draft, and were removed
> >>>    for very good reasons. But I'm also worried that, if successful:
> >>>    - This will attract "helpful" middlebox functions like MSS clamping
>

v2.23.0 | Report a Bug | By Email