IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

"C. M. Heard" <heard@pobox.com> Tue, 16 July 2019 20:42 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5764120133 for <tsvwg@ietfa.amsl.com>; Tue, 16 Jul 2019 13:42:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7L99mma6MwH for <tsvwg@ietfa.amsl.com>; Tue, 16 Jul 2019 13:42:17 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE4D012012E for <tsvwg@ietf.org>; Tue, 16 Jul 2019 13:42:17 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 5B3ED6F7C7 for <tsvwg@ietf.org>; Tue, 16 Jul 2019 16:42:17 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=mGRpfNbL1FrqZ5tZ7g+iigw8Adk=; b=vf/8+W 8nlfZgsa2G4VG0rdFVDeIItzj6CmKJPBpMEAWY1ch/zkaQYGlcbW6sI9uL57AMHt oq7AMjUbZiScm+xVWs7l/FCHQoKjt/baXUDGpuS6GQi8j9P1ES7XCI+CcS5UkaQ1 0MiXCZE+ScSg5KY0o22LH7qmeoEpqBpBERN6w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=TCPW+J7EkYFstflgqKZiK9oJ/rZc8pcu vyf9SR1l0uK4N/WbJT6+Nd/fQuzRBJVllE/BJFAbDreYqeGs42sU019nVnHgq8ut l8hypA/+oFQC8qf7QFNZQN2nCyXx0OnHH38ezpySI20JYWriQU1wh5Xqe5LOwiyl Za/6kGCw4Rw=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 53A946F7C6 for <tsvwg@ietf.org>; Tue, 16 Jul 2019 16:42:17 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-io1-f48.google.com (unknown [209.85.166.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id E26346F7C5 for <tsvwg@ietf.org>; Tue, 16 Jul 2019 16:42:14 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-io1-f48.google.com with SMTP id z3so42253018iog.0 for <tsvwg@ietf.org>; Tue, 16 Jul 2019 13:42:14 -0700 (PDT)
X-Gm-Message-State: APjAAAUZXfzYSZZ/2wt1vMtwflQV3rsdh8AdEyOpLx4L9dq5HimMvCtu nS4cIfWz7jogEoV9SBZKJatjT35iTFc4iLHVSbM=
X-Google-Smtp-Source: APXvYqxogpHL20vgcg3/oOd8jgSISTvub9xh2ERWIGmuWd+jwnWKQndMcEisyNt7OWKidUaIp8a1I1ryElIV2bKdwZ0=
X-Received: by 2002:a02:b883:: with SMTP id p3mr38374331jam.79.1563309733751; Tue, 16 Jul 2019 13:42:13 -0700 (PDT)
MIME-Version: 1.0
References: <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <CAPDqMeoyNb7vQTdqxLpZpnKb9S7QKeDJNLyQJBmq95yXhB+xfQ@mail.gmail.com> <7D365770-64FE-40BC-901D-B4D7DF6B484B@strayalpha.com> <20190713182554.GB39770@clarinet.employees.org> <CALx6S36mH2M6SYnRSecWXa7k_d1u8O43+CXE-=KqeO0x2e5+qw@mail.gmail.com> <82FF6486-FABF-4D2C-B5E2-178779C720A4@strayalpha.com> <30c17e9c174f6b0da3ecc6b503a8cb17@strayalpha.com> <CACL_3VGs7j+y5vFNT3OL9OKX8ue4rv-Cxi467KR-vbhnMdx86g@mail.gmail.com> <2f71a292f924a9b8de4227c4bbc2f809@strayalpha.com>
In-Reply-To: <2f71a292f924a9b8de4227c4bbc2f809@strayalpha.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Tue, 16 Jul 2019 13:42:01 -0700
X-Gmail-Original-Message-ID: <CACL_3VGrF5UnbVsSzZZoy1i57WKiQKBX2T3a16UyEVHY=Kr3XA@mail.gmail.com>
Message-ID: <CACL_3VGrF5UnbVsSzZZoy1i57WKiQKBX2T3a16UyEVHY=Kr3XA@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005ab6eb058dd2691f"
X-Pobox-Relay-ID: 31C184E0-A80A-11E9-9031-8D86F504CC47-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/dLKmJzPXDSVUfyV9TKtUQsm0yLY>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 20:42:21 -0000

In-line followups where where they seem to be warranted.

On Tue, Jul 16, 2019 at 9:08 AM Joe Touch wrote:
> On 2019-07-16 07:37, C. M. Heard wrote:
> > >  - the OCS field is now manditory (not signalled with a KIND field
> > > or optional as a field)
>
> > As mentioned in
> > https://mailarchive.ietf.org/arch/msg/tsvwg/XZxL29UA-95ReA72mxv5-kEytK0,
> > for use in the trailer I'd prefer leaving it as an option so that NOPs
> > can be prepended for alignment, at the discretion of the sender
>
> Yes, that's the trade-off. If it's mandatory, we need to decide its
> alignment (none, 16-bit, 32-bit) ahead of time for all time. AND it has
> to be there even if it's not used.
>
> If we use the 1-byte flag, the alignment can be at the user's discretion
> and we save space when not in use.

Good. We agree on the trade-offs, I've said where I stand, so for now I
move on.

> > > - OCS *SHOULD be computed, but MAY be set to zero (e.g., when UDP
> > > CS=0, at user discretion and peril)
> >
> > Partly agree. I do not want to see any receiver obligated to accept
> > packets with UDP trailers that don't have a computed OCS if UDP CS<>0
> > (it's fine to allow a mode that does otherwise as long as it's an
> > optional-to-implement capability).
>
> Optional to implement seems odd; it seems fine to say the receiver can
> treat ignore the surplus area in that case (i.e., act like a legacy
> receiver).

What I advocate to be "optional to implement" are the ability for a receiver
to turn off verification of OCS when UDP CS<>0 and the ability for a
receiver turn on verification of OCS when UDP CS=0. This allows a receiver
to determine whether and how to do an OCS verification by looking only at
the IP Payload Length and the fields in the UDP header -- there is no need
to inspect, or worse still, loop through the options trailer to make that
determination. And if OCS does need to be verified, it can be done by a
simple and well-understood Internet checksum computation (adjusted by the
compensation pseudo-header and conceptually prepending/appending zero bytes
when the trailer starts or ends on an odd byte boundary). As a bonus, CS
offload can be done as for a TCP segment (with appropriate adjustment for
the protocol number in the pseudo-header) since the combination of that
checksum and OCS being valid is mathematically equivalent to the combination
of the UDP checksum being valid and OCS being valid. And finally, the API
can be simpler because there are fewer combinations to support.

If the above receive capabilities are optional to implement, the
transmit capabilities to generate OCS when UCP CS<>0 and to omit OCS when
UDP CS=0 can also be optional to implement. The primary benefit in this
case is simplification of the API.

Granted, this is another tradeoff; we would reduce implementation
complexity at the cost of flexibility. My judgment call is that the
capabilities in question are not likely to be wanted and so are not
worth inducing implementation complexity.

> > Remember, in IPV6 the IP Payload Length is NOT protected by an IP
header
> > checksum or by the pseudo-header in the UDP checksum,
>
> Good point - that needs to be noted.
>
> > so the ONLY protection against corruption of the computed trailer length
> > is the OCS.
>
> Again, this is certainly a risk, but why isn't it just a choice? When UDP
> picks CS=0, they're saying they are willing to take that risk.

And to make it clear, I'm OK with saying that OCS can be omitted if
UDP CS=0 is selected. Under the appropriate circumstances (and in
conformance with RFC 6936) that selection is indeed a valid user choice.

> > > - with LITE, OCS might be transmit-side computed and receive-side
> > > ignored to allow for the intended NON-ROBUST capability (at least
> > > when NOT transiting buggy middbleboxes; see below) of LITE
> > >
> > > (if LITE data doesn't change, that will transit middleboxes; if the
> > > LITE data does change, there's no way to help it transit middleboxes
> > > anyway)
> >
> > As a point of clarification: this means that OCS would include the LITE
> > data (which it does NOT do now) and the options; OCS would not be
> > checked on receive; is that correct?
>
> That is what I'm thinking, but there are certainly variants of what might
> or might not be covered.
>
> I.e., we could do things a few different ways:
> - in the current draft text OCS is "all or none" for the CS area, where
>   LITE is "not covered" because it's jumped over completely
> - if we want protection for PART of the surplus area, we would need two
>   different CS. That argues for going back to Gorry's CCO proposal.

Thanks for the clarification. I'll respond presently with an update to
the other (long) message.

> As a note, I think we're diverging from our intended goals. Those might
> be useful to include in udp-opts. My recollection was:
>
> - support a version of what LITE does, if possible
> - support frag/reassy
> - support single-packet (each way) exchanges with legacy receivers
>   (notably for the DNSSEC case, e.g., send a request with a null option to
>   allow enabled receivers to respond directly either in legacy mode or
>   option-enabled-mode)
> - support transport-level security (akin to TCP-AO)
> - support PLPMTUD (via the echo exchange)

To that last add MTU probing, which draft-ietf-tsvwg-udp-options-07
actually handles just fine, but yes, it would be good to write down
the goals in -08.

> Many of these simply won't work as automatically legacy-compatible with
> draft-herbert; the legacy data can easily exceed its limits, at a minimum.

My take (as stated in the long message) is that we probably want both the
trailer format pretty much as defined in draft-ietf-tsvwg-udp-options-07
for the backward compatible / safe to ignore  options (MSS, TIME, REQ, RES,
dummy FRAG used for negotiation) and and a variant of the header format as
defined in draft-herbert for the others. I do have to admit that that this
has an unwanted level of complexity, but I don't think it's unwarranted
given the goals. In the end "unwarranted" is a judgment call, and YMMV.

Mike

>

v2.23.0 | Report a Bug | By Email