IETF Logo Mail Archive

[tsvwg] Re: [Technical Errata Reported] RFC9260 (7988)

Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com> Tue, 18 June 2024 20:38 UTC

Return-Path: <zahed.sarker.ietf@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFDACC18DB82; Tue, 18 Jun 2024 13:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TatPOd2a4FE; Tue, 18 Jun 2024 13:38:11 -0700 (PDT)
Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61EE4C18DB9D; Tue, 18 Jun 2024 13:38:11 -0700 (PDT)
Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2c2dee9d9cfso5026744a91.3; Tue, 18 Jun 2024 13:38:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718743090; x=1719347890; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=B5CMCVp9fRqsApoi8HIsmP+9WdazN8ZBGsB3QgYSbKs=; b=c05/HlblNp7fy2C0LTGkDCJ0cjd1Qot2tEomDKPD3od0e3+hVj4gGrzsbpVnGTWPwr QgbqV+bM/1cjk3ELOWaEqx5SVpMlSi4hYFMGHojFk9EVzA1lwe22DJ7wnkNbV+YxdZiV mro5E2P6CFsmdLD3vrdzXO/vaGH5Djl+3Mf+EJQXK8CCr7Y2DW9OHGvwvnujqYggNwBR fp4REHLK2nIn3P49GEcjanzTjjOjtG+X+oZZK52Xzc2SqKhSVyYEMN7VP2vE0IN0w/dU +nExd0J0t36A8Bqt8bqYBGCO4T6XZ1q8RSt04I+8hH2r/HdxBWEM3JMvvzj+ZMAsaxt7 pyCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718743090; x=1719347890; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=B5CMCVp9fRqsApoi8HIsmP+9WdazN8ZBGsB3QgYSbKs=; b=TOWRugvnIhzqB4+EbNTrUQtbIH2YIpssMr4e4AJF/TUbcZ1dDSExH9Y2oLlFWDpQiN 7RgUXcqYETbRVY6IgJ5d1Fn1w50RSamqt5HnDbz2Rk+KM+5FRqyVzoDRZZtoukyICJJC YX4wiLF/G05ddsMJzPgUx0SRbnaDPleimwdMjxn75YHATXCbPL3DOZNZHz9DL8bQykzF iWdpOZMOmLmPF9I9qQVzKRgqr2tLopScgf/p/aywN7QQQ/rHcqcxMHLpu1aX2CdQdv9r qchi9HFAzgNh+wcdVlgRoPekZk6oQ5mQoeCsPfrGLdLCfUezT2ldWNpN8GwajPCu2MiY LsJQ==
X-Forwarded-Encrypted: i=1; AJvYcCUtX5ld2DTvdgb5nu7hjmgOVJ6DGcx9SpvNvzf7guKBCgxVV99TFdWRaTRTTE7UnV2SHRgJgVynIVE1mbAmJgA2l3ws6Uj/yRud+1IpntmQQvhd
X-Gm-Message-State: AOJu0YyrxlNr6Z/lLPAoXsJ8uVSUQDocAnTERm9Uly3x0hZY/vRi9q5q inL1Zti58BKVxQmJtORsl6zHaWZYQ8w4PNGu6vaGTi9ZeYzeqUcTVt3HlwyTEKy7o7AnRhLpoj3 bPnSZWcKfK9Q5AjcZp7UD+HLzWiM=
X-Google-Smtp-Source: AGHT+IGjnY+boMjcWpjRpM1Kjryfm6WgHctjtWkjc4194zn0ZiSG25bR7vwPIEoLnQ/pZ5tmUGh7muvd+CYN2XCQrjM=
X-Received: by 2002:a17:90b:f90:b0:2c4:aae7:e27 with SMTP id 98e67ed59e1d1-2c7b5cbe384mr915960a91.23.1718743090118; Tue, 18 Jun 2024 13:38:10 -0700 (PDT)
MIME-Version: 1.0
References: <20240613135721.49E7A204E21@rfcpa.rfc-editor.org> <2fbe4420-1121-4de9-8f2b-b74f20c585eb@lakerest.net> <4FEBA794-80C9-4505-95AF-F7200F126386@fh-muenster.de> <e45611bf9aa7456c9615e22f35ef0a8d@huawei.com> <4333FC2B-779A-4F2F-8BAB-96315DDB9807@fh-muenster.de> <208A36A5-A56E-4107-A07E-67AEBCD68837@fh-muenster.de>
In-Reply-To: <208A36A5-A56E-4107-A07E-67AEBCD68837@fh-muenster.de>
From: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>
Date: Tue, 18 Jun 2024 13:37:59 -0700
Message-ID: <CAEh=tcdaagPCmT3JyZfq_XhzMf=VHsY3unmgviDn6y29imXDcA@mail.gmail.com>
To: tuexen@fh-muenster.de
Content-Type: multipart/alternative; boundary="00000000000058cb4a061b300fa5"
Message-ID-Hash: JUJVDORNLL23APRUUBHKJOQAKPBIAT6K
X-Message-ID-Hash: JUJVDORNLL23APRUUBHKJOQAKPBIAT6K
X-MailFrom: zahed.sarker.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Milen Hristov <milen.hristov@huawei.com>, Randall Stewart <randall@lakerest.net>, RFC Errata System <rfc-editor@rfc-editor.org>, tsvwg-ads <tsvwg-ads@ietf.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: [Technical Errata Reported] RFC9260 (7988)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Yju789-xNn7c49wKIiMtwciwjSQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>

Hi Michael,

Yes, you are accurate about the process ( for more information see :
https://datatracker.ietf.org/doc/statement-iesg-iesg-processing-of-rfc-errata-for-the-ietf-stream-20210507/)
What I need to see is the proposed text then decide on whether the change
is technical or not. I am expecting here, from the discussions, is "*hold
for document update*" status. Let me know if that not the correct status
for this errata.

So, please proposed the text so we can agree on the text.

//Zahed

On Tue, Jun 18, 2024 at 11:45 AM <tuexen@fh-muenster.de> wrote:

> > On 18. Jun 2024, at 20:39, Milen Hristov <milen.hristov@huawei.com>
> wrote:
> >
> >
> > Hello,
> >
> > if everyone agree with this statement, can be written in the RFC ?
> You cannot change an RFC. And only ADs can change Erratas. So I can propose
> some text change, we can agree on it, and then either an AD has to put
> that text change in your errata or I (or you) file a new one. That would
> (in my view) be classified as Editorial and can be approved by an AD, if
> the AD agrees with it.
>
> So should I propose some text change?
>
> Best regards
> Michael
> >
> >
> > Regards
> > Milen Hristov
> >
> > From:Milen Hristov <milen.hristov@huawei.com>
> > To:tuexen <tuexen@fh-muenster.de>
> > Cc:Randall Stewart <randall@lakerest.net>;RFC Errata System <
> rfc-editor@rfc-editor.org>;kee <kee@kamstrup.com>;tsvwg-ads <
> tsvwg-ads@ietf.org>;Gorry Fairhurst <gorry@erg.abdn.ac.uk>;Marten Seemann
> <martenseemann@gmail.com>;tsvwg <tsvwg@ietf.org>
> > Date:2024-06-14 12:10:32
> > Subject:RE: [Technical Errata Reported] RFC9260 (7988)
> >
> > Hello, yes, the Secondary path to be used, because the Primary is
> unavailable
> >
> > Regards
> > Milen Hristov
> >
> > From:tuexen <tuexen@fh-muenster.de>
> > To:Milen Hristov <milen.hristov@huawei.com>
> > Cc:Randall Stewart <randall@lakerest.net>;RFC Errata System <
> rfc-editor@rfc-editor.org>;kee <kee@kamstrup.com>;tsvwg-ads <
> tsvwg-ads@ietf.org>;Gorry Fairhurst <gorry@erg.abdn.ac.uk>;Marten Seemann
> <martenseemann@gmail.com>;tsvwg <tsvwg@ietf.org>
> > Date:2024-06-14 12:04:49
> > Subject:Re: [Technical Errata Reported] RFC9260 (7988)
> >
> > > On 14. Jun 2024, at 10:24, Milen Hristov <milen.hristov@huawei.com>
> wrote:
> > >
> > > Hello All,
> > >
> > > Thank you for  the quick reply
> > >
> > > The errata is not intended to change any network element function, but
> only to make the RFC more clear
> > > I am not sure in which section is better to be, you decide
> > >
> > > The multihoming SCTP description by Oracle is very clear and same is
> implemented by most of big vendors like Huawei and other
> > >
> https://docs.oracle.com/cd/E57516_01/docs.70/Transport_Manager/concepts/c_transport_mgr_multihoming.html
> > >
> > > but some small vendors do not accept INIT sent via  the Secondary path
> by Secondary IP Address
> > > they consider Secondary path to be used only for failover , but not to
> re-establish the SCTP association
> > >
> > > this issue was raised by the following scenario:
> > >
> > > endpoint C (acting as a client) has two IP addresses -IP1_client and
> IP2_client
> > > and
> > > endpoint S (acting as a server) two IP addresses- IP1_server and
> IP2_server
> > >
> > > Primary SCTP path1 (IP1_client- IP1_server)
> > > Secondary SCTP path2 (IP2_client- IP2_server)
> > >
> > > Both paths  use  separate IP transmissions
> > > Initially the association was  established by Primary SCTP path1
> > >
> > > There was  transmission outage, affecting both SCTP paths-  SCTP
> association was down
> > > Later only the transmission for  Secondary SCTP path2 was recovered
> > > Endpoint C detected IP2_server is reachable and started sending INIT
> (via Secondary SCTP path2 )
> > > but endpoint S rejected the INIT sent by IP2_client
> > Assuming that the server is bound to both addresses, it should accept
> the INIT and
> > send an INIT ACK back using IP2_client and IP2_server. This should work
> even in the
> > restart case.
> >
> > Is that what you want to clarify?
> >
> > Best regards
> > Michael
> > >
> > > Best Regards
> > > Milen Hristov
> > >
> > >
> > > -----Original Message-----
> > > From: tuexen@fh-muenster.de <tuexen@fh-muenster.de>
> > > Sent: 14 June 2024 09:10
> > > To: Randall Stewart <randall@lakerest.net>
> > > Cc: RFC Errata System <rfc-editor@rfc-editor.org>; kee@kamstrup.com;
> tsvwg-ads@ietf.org; Gorry Fairhurst <gorry@erg.abdn.ac.uk>; Marten
> Seemann <martenseemann@gmail.com>; Milen Hristov <milen.hristov@huawei.com>;
> tsvwg@ietf.org
> > > Subject: Re: [Technical Errata Reported] RFC9260 (7988)
> > >
> > >> On 13. Jun 2024, at 18:32, Randall Stewart <randall@lakerest.net>
> wrote:
> > >>
> > >> Hello:
> > >>
> > >>
> > >> So I have just had a look at this "Errata". I disagree with it.
> Section 3 defines data formats and
> > >>
> > >> does not specify what IP addresses are accepted or used in sending an
> INIT. Section 5 has details
> > >>
> > >> on association setup. Note also that Section 5 explicitly states that
> the receiver of an INIT must
> > >>
> > >> respond to the senders IP address NOT any of the IP addresses listed
> within the INIT chunk. This
> > >>
> > >> is an important security concern. A secondary listed address cannot
> be used until a heart beat
> > >>
> > >> validates the address by sending a HB to the address and receiving a
> response from the address.
> > >>
> > >>
> > >> The Errata IMO is invalid ... Michael? Do you agree or am I missing
> something??
> > > I agree with content of your answer: the destination address of the
> packet containing
> > > the INIT ACK chunk MUST be the source address of the packet containing
> the INIT chunk.
> > > This is stated in
> > > https://www.rfc-editor.org/rfc/rfc9260.html#section-5.1-4
> > >
> > > But I am not sure if this is what Milen is referring to. He only
> refers to the packet
> > > containing the INIT chunk. SO I guess it would be best if Milen can
> clarify, which
> > > problem he is experiencing.
> > >
> > > Just to be clear:
> > > Assume the endpoint C (acting as a client) has two IP addresses
> P_client and S_client, the
> > > endpoint S (acting as a server) two IP addresses P_server and S_server.
> > > If the application tells C to initiate an association towards S and
> provides both IP addresses
> > > (doing someting like sctp_connectx(P_server, S_server)), the packet
> containing and INIT
> > > chunk sent by C can use P_client or S_client as the source address and
> P_server and S_server
> > > as the destination address. The server S would except all possible
> four combination and would
> > > send a packet containing an INIT ACK chunk in response to the source
> address of the incoming
> > > packet as described above.
> > > I am wondering if Milen has observed a problem related to this
> description.
> > > Please note: whether or not the networks between C and S will forward
> packets with all
> > > four combinations is a different question.
> > >
> > > Best regards
> > > Michael
> > >>
> > >>
> > >> R
> > >>
> > >>
> > >> On 6/13/24 9:57 AM, RFC Errata System wrote:
> > >>> The following errata report has been submitted for RFC9260,
> > >>> "Stream Control Transmission Protocol".
> > >>>
> > >>> --------------------------------------
> > >>> You may review the report below and at:
> > >>> https://www.rfc-editor.org/errata/eid7988
> > >>>
> > >>> --------------------------------------
> > >>> Type: Technical
> > >>> Reported by: Milen Hristov <milen.hristov@huawei.com>
> > >>>
> > >>> Section: 3.3.2.  Initiation
> > >>>
> > >>> Original Text
> > >>> -------------
> > >>> not clearly specified  sending IP Address for INIT
> > >>>
> > >>> Corrected Text
> > >>> --------------
> > >>> INIT can be accepted from either the Primary or Secondary IP Address
> > >>>
> > >>> Notes
> > >>> -----
> > >>> Oracle explained clear
> > >>>
> > >>>
> https://docs.oracle.com/cd/E57516_01/docs.70/Transport_Manager/concepts/c_transport_mgr_multihoming.html
> > >>>
> > >>> Some vendors do not accept INIT sent by Secondary Peer IP Address
> > >>>
> > >>> Instructions:
> > >>> -------------
> > >>> This erratum is currently posted as "Reported". (If it is spam, it
> > >>> will be removed shortly by the RFC Production Center.) Please
> > >>> use "Reply All" to discuss whether it should be verified or
> > >>> rejected. When a decision is reached, the verifying party
> > >>> will log in to change the status and edit the report, if necessary.
> > >>>
> > >>> --------------------------------------
> > >>> RFC9260 (draft-ietf-tsvwg-rfc4960-bis-19)
> > >>> --------------------------------------
> > >>> Title               : Stream Control Transmission Protocol
> > >>> Publication Date    : June 2022
> > >>> Author(s)           : R. Stewart, M. Tüxen, K. Nielsen
> > >>> Category            : PROPOSED STANDARD
> > >>> Source              : Transport and Services Working Group
> > >>> Stream              : IETF
> > >>> Verifying Party     : IESG
> > >
>
>

v2.35.0 | Report a Bug | By Email | System Status