Re: [tsvwg] Review comments for draft-ietf-tsvwg-udp-options-07
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 24 July 2019 18:15 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6EF7120316; Wed, 24 Jul 2019 11:15:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t01yfNvOHXg2; Wed, 24 Jul 2019 11:15:23 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10068.outbound.protection.outlook.com [40.107.1.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1750B1202A5; Wed, 24 Jul 2019 11:15:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eA/ug6fwZ0+kqPUeOhjXGM/FhvjveNUpW4daqJWCe/I8KHaVMvOMeW/F/YBTpuDZGjcdMMOZkWCLlcKkgNqRr8ScsHUcwWt+KedJg5gE2djkPugOgy4Xrq6txNUXIsZf9NpqSI0GeaUzi9fAEo35do5LwY0awbIUO5sePU0TTGrfnXkwtje4GU02Bpwr34YxWQHB41vuhy8Fj5/7TcaYfJfGp0rCevSsp6R++o/vdTKm960JElvMgJfPNpBFugZXhiXnPh/zhv7AMaVfaSJ1NZLqcMW6lVmMjmQkeJoMwMAFw+oXsNU1lJpgpju5XullcJsEhhozfoDUfm+Tw40Ulw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DFhc62COCDx/v3BHQX22isFDZxPWh7halIJgqEgIQOE=; b=MI7Za+KYVpRa56P4Ftv1bZZj9qo1B7gB0XKYpkbzzHWU4RfYrG5iUIr2B/K10Jgx66hWqm/WZ6MJXZcJxst7PaD1V64ZwzJF3LOv07SMVf56D7RCv51u1+mhi+zN/cvxlOUWm/HBmXCzj8YPxdTuERfZlJPtu/QUGSfEaUsMrmN0z0UUgLiRyuXAnJ3XBKrTWdH85F23OmU84pnzp3cRK+EpVMPFtdu1jXhOOvBPpkvjF/GIqD8DHPnFWPytfutqIBoYKv7+Ls1aGxwMIHZUJb5m1rx2Hy4nxjCL5aieXryTyKWeawrrbtvn2PAz3kNh8fSakMOhePQ2M7eggqcrFA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ericsson.com;dmarc=pass action=none header.from=ericsson.com;dkim=pass header.d=ericsson.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DFhc62COCDx/v3BHQX22isFDZxPWh7halIJgqEgIQOE=; b=VfC5vPEArWy9hJ6H/RASwHhDwim7EFSbcUXSzmpnqF9qytFm7rs8Q0OkxnFeFh+HDl7ardqkFnbXvMBpOyT1BhRT5NTnzMbAfEgnKpD3TYmGOELGOum4Ug1ab7+SDHszWI1sGZc8uko/fq25L5kT8eiwGhLn3XejUYOrrjJkiL8=
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com (10.168.128.149) by HE1PR0701MB2955.eurprd07.prod.outlook.com (10.168.92.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Wed, 24 Jul 2019 18:15:20 +0000
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::b9ec:6368:2a23:30fb]) by HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::b9ec:6368:2a23:30fb%6]) with mapi id 15.20.2115.005; Wed, 24 Jul 2019 18:15:20 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>, "touch@strayalpha.com" <touch@strayalpha.com>, "draft-ietf-tsvwg-udp-options@ietf.org" <draft-ietf-tsvwg-udp-options@ietf.org>
Thread-Topic: [tsvwg] Review comments for draft-ietf-tsvwg-udp-options-07
Thread-Index: AQHVPyrtx+V3Kauy3Eqt1ytCh+uKN6bYfPcAgAGcJgA=
Date: Wed, 24 Jul 2019 18:15:19 +0000
Message-ID: <ff556d72ee2ae7f88c5bb1d2427b3624789ae3fd.camel@ericsson.com>
References: <17dd72ce7443fd2fa6695f0fb91566e591f32f3c.camel@ericsson.com> <b40e7899-d2bc-c299-7a7b-10157a70ca70@strayalpha.com>
In-Reply-To: <b40e7899-d2bc-c299-7a7b-10157a70ca70@strayalpha.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [31.133.156.93]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e8cd6b89-76c8-4108-a48f-08d71062e343
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:HE1PR0701MB2955;
x-ms-traffictypediagnostic: HE1PR0701MB2955:
x-microsoft-antispam-prvs: <HE1PR0701MB2955C9E355C6E70E815DC2BD95C60@HE1PR0701MB2955.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(346002)(136003)(396003)(366004)(51444003)(199004)(189003)(66946007)(71200400001)(486006)(71190400001)(110136005)(14454004)(44832011)(8676002)(81156014)(99936001)(68736007)(81166006)(99286004)(6486002)(6116002)(256004)(6512007)(66066001)(6436002)(316002)(476003)(5024004)(7736002)(14444005)(305945005)(86362001)(3846002)(2616005)(446003)(11346002)(66574012)(229853002)(66556008)(26005)(25786009)(66616009)(53936002)(118296001)(186003)(6246003)(36756003)(2201001)(478600001)(66476007)(91956017)(2501003)(53546011)(6506007)(64756008)(102836004)(2906002)(76176011)(66446008)(5660300002)(8936002)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2955; H:HE1PR0701MB2522.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: FDKCY+2I+OVaqLSLGJ9cP9wEBIIkmBBVoVPnf+/AazEHcsWFGqP7BubjwYADeQNJ0stEU0rT1Jyb0seQ3DH6jjKXJy8cE6lRb+/B6rfBzLYLWWTA2jxJf46cOIANQ0SecOH48OPNeVezGMDVSmwyA6erFUxdeu8MP/53Mb59V4Lv+G+d21pWyr93ziST9DM/fhBAaglIctHQQ/+Dn5BU8MWUyeR+1nik9PIH38GKGiHVhkhElv2zR1h76OIkDgnHzRnJ9t75MS8XHlP3cQYGAcBCcb3mVqaq7hxUzJGM/Rya/tSIurxjGNhAU80xDoJk6KCjB6Py/OYg9RTxnlfTbkIyUxGfBjFPCM6sm4B/hojtFvF6EYuexvjBZ5g9jqg3x4X3Ek7j7WuVPwfseNJEWL4wYsetUtVP+ItYa+orXRc=
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-KMVcd6y6BXxp9RFjlDbu"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e8cd6b89-76c8-4108-a48f-08d71062e343
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2019 18:15:20.0005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: magnus.westerlund@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2955
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/gg7CyDHYLva74vy1bDA-oi6wZRg>
Subject: Re: [tsvwg] Review comments for draft-ietf-tsvwg-udp-options-07
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 18:15:27 -0000
Hi, Trying to answer and comment on the issues that appears to need it. On Tue, 2019-07-23 at 10:40 -0700, Joe Touch wrote: > Some notes... > > On 7/20/2019 11:42 AM, Magnus Westerlund wrote: > > ... > > 4. Section 5. > > > > "Future options MUST NOT be > > defined as having a value dependent on the contents of the > > option > > area. Otherwise, interactions between those values, OCS, and AE > > could be unpredictable." > > > > Is this MUST NOT required? > > MUST NOT depend on the value of other options - certainly can depend > on their own option field. > > Because it creates circularities between options and affects the > order > in which they appear and/or are completed. The only dependencies > could > be those between options defined at the same time, but they ought to > be > sub-fields of a single option IMO. > > I.e., options should be able to be processed independently, and this > rule follows from that. Yes, there are complexities with allowing new options that are dependent on the options area. However, it might be required, thus I think we should think about if we can enable this. I think some forms are clearly possible assuming that you have a way of indicating that support of an option is required. > > > Or is it that it simply MUST define any > > interactions with the option area prior to OCS and AE. Any if any > > additional such options exist, they need to define there realtive > > interaction. Making it harder and harder to extend this type of > > options > > but not impossible. > > > > > > 8. Section 5.3: > > The Option Checksum (OCS) is conventional Internet checksum that > > covers all of the UDP options. > > > > Shouldn't this be explicit that this is an 16-bit Internet > > checksum? > > It will be, but Internet checksums are 16 bit, ones' complement, > inverted. I can cite the RFC . Please include a citation. > > > > > 11. Section 5.4: > > > > I know that it has been discussed somewhat, isn't a 16-bit a bit > > weak > > for the potential UDP payload lengths? > > No more weak than for TCP. ACS is available if desired as an > alternative. > This is about the length of the ACS. I think using a 16-bit CRC appears a bit weak for something that may be upto 64k. Thus using CRC32C might be more appropriate for the ACS? > > > > 13. Section 5.3: > > > > 3. If the LITE data area is 4 bytes or longer, swap all four > > bytes > > of the LITE option with the first 4 bytes of the LITE data > > area > > (Figure 11). If the LITE data area is 0-3 bytes long, slide > > the > > LITE option to the front of the LITE data area (i.e., placing > > the > > 0-3 bytes of LITE data after the LITE option). > > > > Is there a reasons to actually send a 0 byte LITE data area? I > > would > > think that would no LITE option? Or is this for indicating support? > > In > > any case a 0 byte LITE data area is a no-operation anyway. > > It's a degenerate case that we don't need to test our way out of or > declare an error. Okay, but I think you should be more explicit that this is allowed. Although I don't see the reason for including a 0 byte LITE area is to signal the capability. > > > 14. Section 5.9: > > > > So if I understand this option, the measurement of the RTT contains > > an > > error factor that is equal to the time between the peer received an > > TS > > options and sending a response. Why not include the peers delay > > between > > reception and sending a response in third field? > > Because that implies that packets are timestamped upon receipt BEFORE > being processed. That's too heavyweight a requirement, IMO. Not necessary. Although an error will build up if you do the timestamping as part of the UDP options processing. However, the issue of having no delta is that it adds the time between reception of the latest packet in the flow and the transmission of the next outgoing packet in the flow. To my understanding this UDP option will be attached to the next outgoing packet, not be initiated by the recepition of the UDP option. Thus, there could easily be many 10's of milliseconds between reception of one Timestamp option and sending a respnse. > > 15. Section 5.10: > > > > So I think the authenticaiton part you at least have some idea of > > how > > to build here. The encryption appears to be missing significant > > parts. > > Yes, it's not intended to be complete. It's a framework in which AE- > like > solutions can exist. > > I would also expect the case where you can get key-reuse could be a > > significant issue for a number of encryption algorithm. > > That's external to the framework. > > > What is the intention here, I see this section as a strawman for > > something that could be done. But are there interest to make it > > really > > well specified, or should it be broken out to an extension draft? > > The intent is a placeholder for crypto capabilities that need an > exception to the "independence" and ordering rules in sec 7 and 8. So, I do find this problematic and needing some important clarifications. For the Authentication option I think it need to be worked through so that it can actually be implemented. For example why has Key-ID been removed? Are there important differences on the key selector for UDP compared to TCP? For example are there always the 5- tuple that matters or are there cases where the destination 3-tuple that matters? When it comes to the encryption I think that is not really working in this context. What are allowed plaintexts, are that UDP payload, Lite DATA or only Options? Thus there are a lot needed to be defined for the plaintext <-> cipher text transformation and how to deal with AEAD's that have larger cipher text than plain text. > > > 16. Section 7. > > > > This was also touched upon, when it comes to new options. I have > > seen > > that for protocol that actually defines new extensions where the > > peer > > really need to understand an extension to be able to process the > > message it is good to have these capabilities. So a potential here > > is > > to enable indication of an "Option requrired to be understood". > > This > > can either be a range in the number space or a bit somewhere. The > > lack > > of an error indication framework do make things more complicated if > > one > > define that one skip to process all options in case one is required > > and > > not understood. > > We've been discussing that. Given - as you note - the need for > coordination, I don't see how the bit is particularly helpful, but > that's the debate. Yes, it is an ongoing debate, and I want to make it clear that I do see usage of it to enable certain type of futre options. But clearly the scope of what it means needs to be defined. > > 17. Section 7. > > > > >> Options MUST NOT be modified in transit. This includes those > > already defined as well as new options. New options MUST NOT > > require > > or intend optionally for modification of any UDP options, > > including > > their new areas, in transit. > > > > I think this should be moved elsewhere where it would be clearer > > that > > this do apply to all options defined or future. > > Where else would it be moved? Defining how new options are defined > is > the whole title and purpose of that section. Yes, it is a requirement on new options. It can also be read as a requirement on other nodes which was why I though it made sense to be moved to another section. > > > 18. Section 8. > > > > The Processing list appears to have an assumption that there is > > only > > one option. Otherwise this leads to not processing all things > > before > > delivering it higher layer. > > I don't see that; can you explain why you do? (the text mentions > multiple options all over the place, including the pseudocode) Sorry, I made a misstake. Cheers Magnus Westerlund ---------------------------------------------------------------------- Network Architecture & Protocols, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [tsvwg] Review comments for draft-ietf-tsvwg-udp-… Magnus Westerlund
- Re: [tsvwg] Review comments for draft-ietf-tsvwg-… C. M. Heard
- Re: [tsvwg] Review comments for draft-ietf-tsvwg-… Joe Touch
- Re: [tsvwg] Review comments for draft-ietf-tsvwg-… Magnus Westerlund
- Re: [tsvwg] Review comments for draft-ietf-tsvwg-… Joe Touch