Re: [tsvwg] Regarding DTLS and UDP options
Tom Herbert <tom@herbertland.com> Mon, 17 April 2017 22:00 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C73313157A for <tsvwg@ietfa.amsl.com>; Mon, 17 Apr 2017 15:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8UFMyIuUiIj for <tsvwg@ietfa.amsl.com>; Mon, 17 Apr 2017 15:00:40 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70A9F1292D0 for <tsvwg@ietf.org>; Mon, 17 Apr 2017 15:00:40 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id h67so116090823qke.0 for <tsvwg@ietf.org>; Mon, 17 Apr 2017 15:00:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NtBZ/8H8pF6TEnQDRC05IzAcwvdYFz7elIzcDSTDxYc=; b=g1J9LTIJFEXadoLDa+wEyS8uO/2gb9iw59xju5IbXywpvfhddJq4wZ1yOP6LWlWbk2 w/DipSe1UaPGnjzdpKT1snU4bA3TkPMu6MBgGPN8jRzHh1RKaVzJ3onFDZadEktW1r2T DE8SCfTCfi9IWzKSUV1wVElCQrUDOJcx8kB5PidYDfnx/UzqpzKJTdOOkNNJe83TMpIs ISXrGTOWRVwvw1RqR2SmGaDOLMD1Ye0MRndwGFgapGa1WPGYw7N7mPxo7QYd6idi6N9D zzl9IfiQHXJHTHmCaxk+qcelq38WkfqM+nzrEP0ZgFuInxNhVLic1//oVqxlvmj/VpEF H8CA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NtBZ/8H8pF6TEnQDRC05IzAcwvdYFz7elIzcDSTDxYc=; b=aVK6+HEEGE2rrq91yVjFW6ocHtY4uuXqV+ft6+jVkLEWVXWBblSUPVSFoy7Zs1dmrX djI//Gc3COZjtWKNJzDC8nwmArzUq8Ru07H3UIocIA2NUP38VMKlLFa9QXNTPQ+gjwRh 52xnwQb2q4R4vL1okjddV5yxcPpCHhIIpTRKIONvAh+wZllMRL8lJUJOBrgcRZy74hrm RnjX1OCAZt2f4YIg+2SLfvFiLQfm/kDc6M2Khg8HHeGwXWdiOscBEtKlZA8JAA3v1Vfx 5ahL8tdRwkFg6X/qLkjaxxPgDqd7jfJH2HY5gnS6O3j/0KJX7VtxbkY/NlMxBR9vWgVO CbRQ==
X-Gm-Message-State: AN3rC/7jdSC6w/0jfIViu2Q2BiomuRQ4KS/cT/QRW0iHEc506HJstWD9 ii9H5QHPkIhALuLboRpBWHch1DGUPg==
X-Received: by 10.55.191.69 with SMTP id p66mr10388868qkf.77.1492466439534; Mon, 17 Apr 2017 15:00:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.97.10 with HTTP; Mon, 17 Apr 2017 15:00:38 -0700 (PDT)
In-Reply-To: <8378ae17-c023-25a2-76e7-07b858916849@isi.edu>
References: <CACL_3VFeJs7KzG9Bchh15bfZ3CmaOPWcfisEreNoGYK5CsEJ+g@mail.gmail.com> <3a4a6b78-8146-de4c-6246-7bd09de44f1c@isi.edu> <CACL_3VFkr3mGe-yTbvHrTZcKVCpEv3FeSOyoShUxCK5+9Tdqqg@mail.gmail.com> <c79fe3d0-8567-ea7d-72fc-bd33732df60e@isi.edu> <CACL_3VHmoCSo23OWqQFq7upw749CqMK7iazXrBKZARzwbzY5mw@mail.gmail.com> <f97f08d4-0070-437a-e22a-8782497c76eb@isi.edu> <4e36af95-84c3-bc7e-b18a-614f8bfab662@isi.edu> <58F48403.8080302@erg.abdn.ac.uk> <a0f656e8-e847-db54-6046-2078364d428b@isi.edu> <CALx6S36HYHdbGoJHNb+mVY6reu9RLikLxDJqrPgwO9tF1EfSgQ@mail.gmail.com> <8b1829ba-4e8d-5ee1-e24c-f42962f47dde@isi.edu> <CALx6S36=7KbTtv9QNUBTg6gPYQQighsPD_+mWNc=wUQTX70VBQ@mail.gmail.com> <8378ae17-c023-25a2-76e7-07b858916849@isi.edu>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 17 Apr 2017 15:00:38 -0700
Message-ID: <CALx6S35chiqMtqKa+zahfZnLZrQzfYUF7D9m0QGbkwFVpRwHag@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Cc: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/fYFtHMgZGDCGSK_LakdEjcg0sho>
Subject: Re: [tsvwg] Regarding DTLS and UDP options
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 22:00:42 -0000
On Mon, Apr 17, 2017 at 2:07 PM, Joe Touch <touch@isi.edu> wrote: > > > On 4/17/2017 1:47 PM, Tom Herbert wrote: >> ... >>> >>>> One thing that might be missing from the draft is middle box handling. >>> This is already discussed extensively in the document, including in >>> response to previous TSVWG discussion. That's why we now default to >>> using the OCS and a length validation. Do you have specific concerns? > ... > >>> >>>> and so middleboxes must pass packets with UDP options, >>>> should not attempt to parse the UDP options, and must not modify >>>> options. >>> We already addressed that in the doc. >> I'm sorry, which section is this info in? > The doc talks about legacy issues throughout. > > Sec 5.3 talks about the option checksum and Sec 9 talks about > interactions with legacy devices in general. > > Section 7 explicitly indicates that these are for transport endpoint use > only. > > I don't think we should be writing rules to indicate who should NOT be > changing them, if we already have rules indicating the only parties that > can. (granted, the requirement in 7 needs to be revised in 2119-speak). > Joe, You may want to look at IPv6 EH description for guidance. Even with all the words about how extension headers can't be examined or processed with the exception of HBH options, there still has been considerable discussion on what intermediate devices can or can't do. Clarifying the exact requirements upfront is beneficial. In the absence of such clarity, we need to assume that anything in clear text is subject to inspection and possible modification so that the end result is often ossification of what might have otherwise been a useful feature (although even with clear requirements abuse and ossification is still a possibility). Neither can we expect middleboxes to always know what they're doing. Fundamentally, if I, as an application developer, can't trust the network not do mess with my UDP options, it's likely I simply wouldn't use them (hence ossification even before deployment). Tom > Joe > > > > > >
- [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Gorry Fairhurst
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Gorry Fairhurst
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- [tsvwg] Fwd: New Version Notification for draft-t… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- [tsvwg] summary of issues for draft-touch-tsvwg-u… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Gorry Fairhurst
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Gorry Fairhurst
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch