[tsvwg] Re: Ketan Talaulikar's Discuss on draft-ietf-tsvwg-usr-exp-12: (with DISCUSS and COMMENT)
"touch@strayalpha.com" <touch@strayalpha.com> Tue, 16 September 2025 14:59 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@mail2.ietf.org
Delivered-To: tsvwg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 854B163A747D; Tue, 16 Sep 2025 07:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 1.238
X-Spam-Level: *
X-Spam-Status: No, score=1.238 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_SBL_CSS=3.335, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGK9APAh3QEU; Tue, 16 Sep 2025 07:59:45 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 926ED63A7476; Tue, 16 Sep 2025 07:59:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4hL7N5TumaxDwUghQV+Vzxt8+cgDm5SwM1XBBGM1sd0=; b=sS8IFhjn7m5+6Qmaj6EHn1pKsc Xot10wKKCZOMIgeNA9qGCZJlnehGngFneLcqW8+Gcn+zY6Ay8fycQPY1a/DD5KS6B5JVXEp/58381 r1UxdT8q8GqImtqFgdo28mhZuB48K9mtRp8brI9VwHxE9MNbeSLtC5OmOgECiqFkT4DazRz1NAfKZ /fWWTxy9WaO+T24Ofrsg0W/NbMNNx8H57zODO6lJosuoTnIiLZB8snXEDhXdQOl8Pd3vuhgBTkEIc NBoubX3VTHyuTDoEmDh3KU6AbobKitoPna+d5APxycAlpBPFoAxdEateUWOQKtsLAhf+qB7hReCZ2 AdotEXIw==;
Received: from [172.56.54.165] (port=1207 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from <touch@strayalpha.com>) id 1uyX9k-00000005REO-1uBD; Tue, 16 Sep 2025 10:59:42 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_1F9D749B-78B0-443C-A7EE-D8FC77E7F942"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <175768255028.1539171.9155365398552734204@dt-datatracker-f7c8fdcb7-pjx77>
Date: Tue, 16 Sep 2025 07:59:30 -0700
Message-Id: <C1486B05-009C-49EF-80AC-4DCB998924C0@strayalpha.com>
References: <175768255028.1539171.9155365398552734204@dt-datatracker-f7c8fdcb7-pjx77>
To: Ketan Talaulikar <ketant.ietf@gmail.com>
X-Mailer: Apple Mail (2.3826.700.81)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
X-Rspamd-Queue-Id: 1uyX9k-00000005REO-1uBD
Message-ID-Hash: QKVFNQMRP2UQCYAVKCZTH6FVSZJWJCXM
X-Message-ID-Hash: QKVFNQMRP2UQCYAVKCZTH6FVSZJWJCXM
X-MailFrom: touch@strayalpha.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-tsvwg-usr-exp@ietf.org, tsvwg-chairs@ietf.org, tsvwg@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tsvwg] Re: Ketan Talaulikar's Discuss on draft-ietf-tsvwg-usr-exp-12: (with DISCUSS and COMMENT)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/amqAXYaKDgCr3_0Z-WKNwlYPODU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
Hi, Ketan, Thank you for your review. Responses are included below. Joe — Dr. Joe Touch, temporal epistemologist www.strayalpha.com > On Sep 12, 2025, at 6:09 AM, Ketan Talaulikar via Datatracker <noreply@ietf.org> wrote: > > Ketan Talaulikar has entered the following ballot position for > draft-ietf-tsvwg-usr-exp-12: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-usr-exp/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks to the author and the WG for their working on the document. I support > efforts to make experimenting easier and more effective. > > However, there are some implications of the proposal in the document that I > have concerns about and like to understand if they have been considered. > > Disclaimer: I am not a transports or security expert, so please bear with me. > > discuss#1 > The IANA registry for experimental codepoints (what is proposed for the PExIDs) > seems odd. From a quick reading both RFC4340 and RFC6335 that cover similar > port numbers for experimenting/testing do not allow for registration. I find > the argument in the document for registration unconvincing. The unavailability > of registration is a good motivation for new protocols to move to the use of > "standard" registration/allocation procedures and moving away from the > experimental code points once the experiment has been conducted and proved > successful. RFC4340 and 6335 do not allow for registration of assigned ports for individual experiments. This document does not do that. This document registers two new ports for *all* experiments, in the “user” space rather than the “system” space (the latter was already done). This document creates a registry within the use of those ports, which neither RFC above prohibits. The purpose of this registry is, as described, to help alleviate the frustration of experimenters in not being able to obtain ports form the assignable space. As background, there are 48K assignable ports - 1K in the system range of which 70% are assigned, the remainder in the user range of which 14% are assigned, as described in detail in RFC7605. Even though there are approximately 43K remaining user ports, that is not enough to support the number of experiments that would need them without impacting a resource needed to sustain the Internet for public use. The PExID space allows for 4B concurrent uses of the experiment ports, a resource that can then be assigned for more ephemeral purposes that would not qualify for a port assignment per RFC 6335 or 7605. > discuss#2 > My other concern is that the proposal uses well-known ports for such > experimentation. The doc does not introduce that concept; it has been around for decades, The use of assigned codepoints for experiments goes back to RFC 739 in 1977 (for link fields). The system experiment port numbers were assigned in 2006 by RFC 4727. > …I get the impression that this is being done to circumvent to > go around firewalls and filters - does that not have security implications? In > conjunction with the registration feature, could this be not just an experiment > but a way to go around those security infrastructure? Why not instead pick > something from the registered port range instead? I'd like to discuss this with > the SEC ADs. Ports and port assignments themselves do not get around firewalls. Firewalls are generally configured to block all ports not explicitly allowed. There are some experiments that firewall administrators WANT to open their firewalls to - e.g., experiments by a company involving a group of alpha testers. However, some firewalls are designed to prohibit entry of port numbers outside the assignable range (in the dynamic/self-assigned range) and some users want to do experiments without privileged (root) access; that’s the case in which the new user port assignments would be useful. > discuss#3 > IANA considerations section 8 says: > > This document directs IANA to create a "Port Experimental Option > Experiment Identifiers (PExIDs)" registry linked under the IANA > ports registry [SP-reg], using the same format and structure as the > TCP option ID registry [TCP-reg]. The registry records PExIDs as > 32-bit unsigned integers, including a brief description, document > pointer (if available), assignee name, and e-mail contact for each > entry. > > However, a look at the TCP-reg does not match the desired registry record. Why > not specify the precise table desired in the document? The “same format” is a precise description of that table. The text has been updated in coordination with IANA to be sufficiently unambiguous to them. > discuss#4 > IANA considerations section 8 says: > > IANA will also record known duplicate uses to assist the > community in both debugging assigned uses as well as correcting > unauthorized duplicate uses. > > How will IANA come to know of this?' We (I as team lead for the ports review, in specific) get reports of such duplicate uses of assigned ports occasionally via email. > Why would there be duplicates if everyone > is being asked to register. It happens for assigned ports; it will happen for PExIDs. It happens for all codepoints. A rule is not a law; IANA is not an enforcement agency. > And if there are duplicates, then does the argument > for having a registry itself not fail? See above; registries are cooperative agreements among consenting parties. They are there to help those who want to be helped. We do not create laws for the lawless - doing so, as you note, would be useless. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I support the DISCUSS position from Med.
- [tsvwg] Ketan Talaulikar's Discuss on draft-ietf-… Ketan Talaulikar via Datatracker
- [tsvwg] Re: Ketan Talaulikar's Discuss on draft-i… touch@strayalpha.com
- [tsvwg] Re: Ketan Talaulikar's Discuss on draft-i… Ketan Talaulikar
- [tsvwg] Re: Ketan Talaulikar's Discuss on draft-i… touch@strayalpha.com