Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

Tom Herbert <tom@herbertland.com> Tue, 16 July 2019 22:42 UTC

MIME-Version: 1.0
References: <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <CAPDqMeoyNb7vQTdqxLpZpnKb9S7QKeDJNLyQJBmq95yXhB+xfQ@mail.gmail.com> <7D365770-64FE-40BC-901D-B4D7DF6B484B@strayalpha.com> <20190713182554.GB39770@clarinet.employees.org> <CALx6S36mH2M6SYnRSecWXa7k_d1u8O43+CXE-=KqeO0x2e5+qw@mail.gmail.com> <82FF6486-FABF-4D2C-B5E2-178779C720A4@strayalpha.com> <30c17e9c174f6b0da3ecc6b503a8cb17@strayalpha.com> <CACL_3VGs7j+y5vFNT3OL9OKX8ue4rv-Cxi467KR-vbhnMdx86g@mail.gmail.com> <2f71a292f924a9b8de4227c4bbc2f809@strayalpha.com> <CACL_3VGrF5UnbVsSzZZoy1i57WKiQKBX2T3a16UyEVHY=Kr3XA@mail.gmail.com> <0ce46e21249f0dc55310b192d382f50a@strayalpha.com> <CALx6S36gaMqNRo_hYKr45T_vTkUB-vRrYRYJz2_KgvejNsJtLQ@mail.gmail.com> <efbf65646a0e0d2535dc5726b34f3472@strayalpha.com> <CALx6S37sZxmGQJq5mxDiF88NeUjj2HMRnQG5KyZA_4ujrLJkqg@mail.gmail.com> <079d7d849d0e6260497a6c0ed37595a2@strayalpha.com>
In-Reply-To: <079d7d849d0e6260497a6c0ed37595a2@strayalpha.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 16 Jul 2019 15:42:23 -0700
Message-ID: <CALx6S37wOkz0436CmevOjSe=VwAxKstSR9Jc66PUmXwUKK4vBw@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: "C. M. Heard" <heard@pobox.com>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/gKux6PjqEdlj_sIac9ZlZ9x7vzY>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
Precedence: list

On Tue, Jul 16, 2019 at 3:15 PM Joe Touch <touch@strayalpha.com> wrote:
>
>
>
>
>
> On 2019-07-16 15:06, Tom Herbert wrote:
>
> On Tue, Jul 16, 2019 at 2:44 PM Joe Touch <touch@strayalpha.com> wrote:
>
>
>
>
>
> On 2019-07-16 14:37, Tom Herbert wrote:
>
> On Tue, Jul 16, 2019 at 2:25 PM Joe Touch <touch@strayalpha.com> wrote:
>
> ...
> We CAN easily set a limit IF we went.
>
> We don't need to design that into the protocol structure. And we don't need to start with something that already impacts things like fragmentation/reassembly, LITE, etc. where the final user data is inside the options area.
>
> Additionally, the comparison to IP is misleading; these are endpoint options and should not have the same kinds of limits as per-hop.
>
> IPv6 has destination options for which limits are applied by Linux.
>
>
> Linux is not an example of how to follow specs; if anything, it's THE example to the contrary.
>
That statement is not at all true nor remotely constructive.

>
>
> Finally, the "realities of deployment" should not be designed or limited by what is currently available. UDP hasn't been updated in many decades; I hope we won't need to come back and re-do this in 5 years just because we're too focused on current technology.
>
>
> Tell that to the IPv6 guys ;-) It has taken years to derive a
> deployable solution and that has included real world considerations
> like DOS. IMO, it is wise to learn from that experience.
>
> Consider in the UDP options draft:
>
>  [NOTE: Tom Herbert suggested we declare "more than 3 consecutive
>    NOPs" a fatal error to reduce the potential of using NOPs as a DOS
>    attack, but IMO there are other equivalent ways (e.g., using
>    RESERVED or other UNASSIGNED values) and the "no more than 3"
>    creates its own DOS vulnerability)
>
> Okay, so there is no limit to number of NOPs in a packet.
>
>
> No, it's still under discussion.

As it has been for over year :-( In any case, I don't think I'll
comment any more on this until someone tries to push UDP Options into
Linux without any reasonable limits for DOS mitigation.

>
> The problem is the cost of the limit creates its own DOS.
>
>
> So per the
> draft we could full up an MTU or even a maximum size IP packet with
> NOPs. That's going to wreak havoc on a receiver and hence is a great
> DOS attack. If you don't believe, please run the experiment in your
> implemenation and see what happens to your CPU utilization.
>
>
> Receivers can do whatever they want to check without us setting protocol limits.
>
> A good implementation (of anything) checks resources and limits overuse. Period. We should not need to set limits to make that happen.
>
> Besides, such limits *change over time and depend on a particular system's resources* anyway.
>
> One size does not fit all for all time.
>
> Joe

[tsvwg] Fwd: New Version Notification for draft-h… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
Re: [tsvwg] New Version Notification for draft-he… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… Tom Herbert
[tsvwg] draft-ietf-udp-options issues from IETF 1… Joe Touch
Re: [tsvwg] New Version Notification for draft-he… lloyd.wood@yahoo.co.uk
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Wesley Eddy
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
[tsvwg] design assumptions - draft-ietf-udp-optio… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… mohamed.boucadair
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Derek Fawcus
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… mohamed.boucadair
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Gorry Fairhurst
Re: [tsvwg] draft-ietf-udp-options issues from IE… Gorry Fairhurst
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Gorry Fairhurst
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… mohamed.boucadair
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Gorry Fairhurst
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Gorry Fairhurst
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Gorry Fairhurst
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Gorry Fairhurst
Re: [tsvwg] draft-ietf-udp-options issues from IE… Gorry Fairhurst
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Gorry Fairhurst
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Gorry Fairhurst
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] design assumptions - draft-ietf-udp-o… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Joe Touch
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] draft-ietf-udp-options issues from IE… Tom Herbert
Re: [tsvwg] draft-ietf-udp-options issues from IE… C. M. Heard
Re: [tsvwg] design assumptions - draft-ietf-udp-o… Derek Fawcus
Re: [tsvwg] draft-ietf-udp-options issues from IE… Black, David
Re: [tsvwg] design assumptions - draft-ietf-udp-o… C. M. Heard