[tsvwg] BCP 14 uppercase words vs. ">>" markers in draft-ietf-tsvwg-udp-options-22
Erik Auerswald <auerswal@unix-ag.uni-kl.de> Thu, 29 June 2023 12:15 UTC
Return-Path: <auerswal@unix-ag.uni-kl.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C472C151072 for <tsvwg@ietfa.amsl.com>; Thu, 29 Jun 2023 05:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iuLrfn5ln_mo for <tsvwg@ietfa.amsl.com>; Thu, 29 Jun 2023 05:15:26 -0700 (PDT)
Received: from mailgw1.uni-kl.de (mailgw1.uni-kl.de [IPv6:2001:638:208:120::220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81FB2C14CE29 for <tsvwg@ietf.org>; Thu, 29 Jun 2023 05:15:26 -0700 (PDT)
Received: from sushi.unix-ag.uni-kl.de (sushi.unix-ag.uni-kl.de [IPv6:2001:638:208:ef34:0:ff:fe00:65]) by mailgw1.uni-kl.de (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 35TCFR2V027226 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tsvwg@ietf.org>; Thu, 29 Jun 2023 14:15:27 +0200
Received: from sushi.unix-ag.uni-kl.de (ip6-localhost [IPv6:::1]) by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id 35TCFNH2006398 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 29 Jun 2023 14:15:23 +0200
Received: (from auerswal@localhost) by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Submit) id 35TCFM8Q006393; Thu, 29 Jun 2023 14:15:22 +0200
Date: Thu, 29 Jun 2023 14:15:22 +0200
From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
To: tsvwg <tsvwg@ietf.org>
Message-ID: <20230629121522.GA30001@unix-ag.uni-kl.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Author: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/eCZro0M2yxAsoF1HQrRO08-Cb0g>
Subject: [tsvwg] BCP 14 uppercase words vs. ">>" markers in draft-ietf-tsvwg-udp-options-22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 12:15:32 -0000
Hi, draft-ietf-tsvwg-udp-options-22 uses ">>" as a marker to indicate paragraphs with BCP 14 nomenclature. This seems to be not yet completely consistent. A) There seem to be four instances where the marked paragraph does not contain BCP 14 key words: A.1) In section 8 on page 12: >> UNSAFE options are used only with the FRAG option, in a manner that prevents them from being silently ignored while still passing up potentially modified UDP payload. This ensures their safe use in environments that might include legacy receivers (See Section 10), because the UDP payload occurs inside the FRAG option area and is silently discarded by legacy receivers. A.2) In section 9.4 on page 18: >> During fragmentation, the UDP header checksum of each fragment remains constant and does not depend on the fragment data (which appears in the surplus area), because all fragments have a zero- length user data field. A.3) In section 11 on page 27: >> UNSAFE options can both depend on and vary user data content because they are contained only inside UDP fragments and thus are processed only by UDP option capable receivers. A.4) In section 11 on page 28: o >> Only FRAG and UNSAFE options are permitted to modify the UDP body. B) There seem to be twelve instances where a paragraph containing BCP 14 key words is not marked with ">>": B.1) In section 8 on page 13: Receivers cannot generally treat unexpected option lengths as invalid, as this would unnecessarily limit future revision of options (e.g., defining a new APC that is defined by having a different length). The exception is only for lengths that imply a physical impossibility, e.g., smaller than two for conventional options and four for extended length options. Impossible lengths SHOULD be treated as an indication of a malformed surplus area and all options SHOULD silently be discarded. Lengths other than those expected should result in safe options being ignored and skipped over, as with any other unknown safe option. B.2) In section 9.4 on page 20: Process these UDP options before the rest of the fragmentation steps below. Note that the OCS value of the original packet SHOULD be zero if each fragment will have a non-zero OCS value (as will be the case if the UDP checksum is non-zero). B.3) In section 9.4 on page 21: The OCS value for the reassembled datagram SHOULD be zero, because either the original UDP CS=0 or OCS!=0 in each of the fragments. B.4) In section 9.4 on page 21: Reassembly failures at the receiver result in silent discard of any per-fragment options and fragment contents. To emulate the behavior of a legacy host, any initial fragments received but not successfully reassembled SHOULD each generate a zero-length UDP application message. B.5) In section 9.4 on page 21: Finally, because fragmentation processing can be expensive, the FRAG option SHOULD be avoided unless the original datagram requires fragmentation or it is needed for "safe" use of UNSAFE options. Users MAY also select the FRAG option to support limited header processing. B.6) In section 9.5 on page 21: The Maximum Datagram Size (MDS, Kind=4) option is a 16-bit hint of the largest unfragmented UDP packet that an endpoint believes can be received. As with the TCP Maximum Segment Size (MSS) option [RFC9293], the size indicated is the IP layer MTU decreased by the fixed IP and UDP headers only [RFC9293]. The space needed for IP and UDP options need to be adjusted by the sender when using the value indicated. The value transmitted is based on EMTU_R, the largest IP datagram that can be received (i.e., reassembled at the receiver) [RFC1122]. However, as with TCP, this value is only a hint at what the receiver believes; it does not indicate a known path MTU and thus MUST NOT be used to limit transmissions. B.7) In section 9.5 on page 21: The UDP MDS option MAY be used as a hint for path MTU discovery [RFC1191][RFC8201], but this may be difficult because of known issues with ICMP blocking [RFC2923] as well as UDP lacking automatic retransmission. It is more likely to be useful when coupled with IP source fragmentation or UDP fragmentation to limit the largest reassembled UDP message as indicated by MRDS (see Section 9.6), e.g., when EMTU_R is larger than the required minimums (576 for IPv4 [RFC791] and 1500 for IPv6 [RFC8200]). It can also be used with DPLPMTUD [RFC8899] to provide a hint to maximum DPLPMTU, though it MUST NOT prohibit transmission of larger UDP packets (or fragments) used as DPLPMTU probes. B.8) In section 13 on page 30: o Extend the method to create receive ports to include per-packet and per-fragment receive options that are required as indicated by the application. Datagrams not containing these required options MUST be silently dropped and MAY be logged. B.9) In section 13 on page 30: o SAFE options associated with fragments are accumulated when associated with the reassembled packet; values MAY be coalesced, e.g., to indicate only that an AUTH failure of a fragment occurred or not rather than indicating the AUTH status of each fragment. B.10) In section 14 on page 31: UDP options are transport options. Generally, transport headers, options, and data are not intended to be modified in-transit. UDP options are no exception and here are specified as "MUST NOT" be altered in transit. However, the UDP option mechanism provides no specific protection against in-transit modification of the UDP header, UDP payload, or surplus area, except as provided by the OCS or the options selected (e.g., AUTH, or UENC). B.11) In section 23 on page 37: Although option nicknames are not used in-band, new UNSAFE safe option names SHOULD commence with the capital letter "U" and avoid either uppercase or lowercase "U" as commencing safe options. B.12) In appendix A on page 43: The following option is included for debugging purposes, and MUST NOT be enabled otherwise. Regards, Erik P.S. I have used "rfcstrip" from Henrik Levkowetz and "awk" to check this: rfcstrip draft-ietf-tsvwg-udp-options-22.txt | awk -v RS='' -v ORS=$'\n--\n' '/>>/ && !/MUST|SHOULD|REQUIRED|SHALL|RECOMMENDED|MAY|OPTIONAL/' rfcstrip draft-ietf-tsvwg-udp-options-22.txt | awk -v RS='' -v ORS=$'\n--\n' '!/>>/ && /MUST|SHOULD|REQUIRED|SHALL|RECOMMENDED|MAY|OPTIONAL/'
- [tsvwg] BCP 14 uppercase words vs. ">>" markers i… Erik Auerswald