IETF Logo Mail Archive

Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32

"C. M. Heard" <heard@pobox.com> Tue, 09 April 2024 18:26 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9DB5C14CEFE; Tue, 9 Apr 2024 11:26:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Afa6pt5oQyIG; Tue, 9 Apr 2024 11:26:04 -0700 (PDT)
Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43320C14CF17; Tue, 9 Apr 2024 11:26:03 -0700 (PDT)
Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id F42271D5B09; Tue, 9 Apr 2024 14:26:02 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=eJ9c4eloADq8gRknXf6uXBD7spn7dxz+ Gs6jN8JtgmM=; b=vu17OxZzq5t3wL5AFFelQdx0Alqcl4/NK2Iaq+eai8T/+N6j UoflqZTaC0zkZhHP3m2XmYT+fOm7xLnA63iarGLrTXcXADA72whLAqWKYBJQdvAW 7hg1kF/g3mECKMVFmJERizBScxfYuxooFn4yE/7rGPJiyvIHGtyM7ux3l+w=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id E79E71D5B08; Tue, 9 Apr 2024 14:26:02 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-ed1-f44.google.com (unknown [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 29EB11D5B05; Tue, 9 Apr 2024 14:26:02 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-56829f41f81so8524423a12.2; Tue, 09 Apr 2024 11:26:02 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCWQsNAlzpn1VZA9hC/2ASE2nbUsSFHtlHVTfPEdo+b9ExjYazbr9s1o33IKCgKyyGnZnC3orkgRHu45/e9SWWLiUAc7FpizBLiWlqk/770Y4ljr6pc5HN75t2EuWZ/5COO9GHYoyufsNFQ=
X-Gm-Message-State: AOJu0YxT3zoLD3gAwno+VyZ3q09/Mo5zau2OROC8oDUn62mGXL179yos li59RiF6QxBMkryAiMDh6PJpKFUE8jio0jVpfBlPh/lJJpeesNBdyuKzw5yK9GGQ7bjNTaLOCIa KTbrLV7Z/e6tzXNaDCx/hp8py4Y4=
X-Google-Smtp-Source: AGHT+IHcIyz/44Uir6PtJZPo05+ufQvKMSx1amrXcNu2liWjnQo0Q4o97RP/B63/MIOe4v/AlmrsbLW3Ns0+PXePVyk=
X-Received: by 2002:a50:cdd4:0:b0:56b:b66d:5bfe with SMTP id h20-20020a50cdd4000000b0056bb66d5bfemr239406edj.31.1712687160260; Tue, 09 Apr 2024 11:26:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAEh=tcd2FzQxgbSivuX2cEg2FpsnkoqdFw5gMhrx3pkT_JV88Q@mail.gmail.com> <2BEB5CC3-BB54-4119-A20F-8497ED4B5AE2@erg.abdn.ac.uk> <CAEh=tccKg7YHYkwKZ978uaXmTkBu3zyA+WBAW=eBMKAh2PSVDw@mail.gmail.com>
In-Reply-To: <CAEh=tccKg7YHYkwKZ978uaXmTkBu3zyA+WBAW=eBMKAh2PSVDw@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Tue, 09 Apr 2024 11:25:47 -0700
X-Gmail-Original-Message-ID: <CACL_3VG6k9Rg4316dZUd5ksQ2pLZHxzDc2dZqVD0Z9yPQBo3Yw@mail.gmail.com>
Message-ID: <CACL_3VG6k9Rg4316dZUd5ksQ2pLZHxzDc2dZqVD0Z9yPQBo3Yw@mail.gmail.com>
To: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>, Christian Huitema <huitema@huitema.net>
Cc: "Gorry (erg)" <gorry@erg.abdn.ac.uk>, Martin Duke <martin.h.duke@gmail.com>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000cc88480615ae0d0e"
X-Pobox-Relay-ID: 9EAD0F42-F69E-11EE-A695-25B3960A682E-06080547!pb-smtp2.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hEkqcCarwyydEOt-4uLWDISnzBM>
Subject: Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 18:26:09 -0000

On Tue, Apr 9, 2024 at 6:09 AM Zaheduzzaman Sarker <
zahed.sarker.ietf@gmail.com> wrote:

> On Tue, Apr 9, 2024 at 12:48 PM Gorry (erg) <gorry@erg.abdn.ac.uk> wrote:
>
[ ... ]

> So.   I think given this, it is OK for the endpoints to send information
>> in UDP options which can be read (only) by the transit nodes and they can
>> indeed react to this. That has always been possible with tunnels, extension
>> headers, and transports - at least those not using transport encryption.
>> This comes with positive and negative impacts.
>>
>> In today’s world, a designer can choose to protect all of the transport
>> eg using QUIC - and many designs will follow that path. Although, there is
>> a large body of work in the IETF that still directly uses UDP. That to me
>> is OK if that best fits the use.
>>
>
> Yes, UDP should be considered as transport protocol. It would be good to
> have a view on how many of those large body of work uses or envision to use
> UDP options in clear. This would boost the motivation for this work and
> back up the need of UDP options.
>


It was recognized early in the development of the UDP options that they
would be useful for DPLPMTUD. This use case is documented
in draft-ietf-tsvwg-udp-options-dplpmtud, which has actually been ready for
publication for quite some time.

Another potentially attractive use case was use of UDP options to allow
UDP-based request/response protocols such as DNS to send large responses
without relying on IP fragmentation (especially IPv6 fragmentation). Here's
how this would work: client includes the MRDS option in the request;
responder ignores said option unless it is option aware and has UDP options
enabled, in which case it can use the option to determine how to send a
large response using UDP fragmentation. This is incrementally deployable as
long as legacy applications ignore the UDP surplus area. We don't have an
I-D describing this use case. but one could be written if it would help to
back up the need for UDP options.



> The backwards compatibility with UDP was considered important in the
>> development of this Spec.
>>
>
> This point is absent, AFAIK in Section 16 of the draft now.
>


Adding such a discussion is a reasonable request; IMO the best place would
be Section 6 (Design Principles).


 On Tue, Apr 9, 2024 at 10:16 AM Christian Huitema wrote:

> On 4/9/2024 9:09 AM, Tom Herbert wrote:
> > I believe that processing of the options is already opt-in. Accepting
> > UDP surplus area (at least ignoring it and not dropping packet) and the
> > checksum processing I described are currently mandatory.
>
> And that's probably what need to change before this draft is published.
> Using the surplus area without the explicit consent of the application
> is an attack. The proper way to stop such attacks is to drop the whole
> packet, because only that inflicts a cost to the attacker.



I disagree that use of the surplus area without the explicit consent of the
receiver automatically constitutes an attack, as long as the surplus area
is ignored by default.

The attitude of dropping whatever you don't have a predetermined use for is
exactly what has made IPv4 options and IPv6 extension headers essentially
unusable in the open internet.

Mike Heard

v2.23.0 | Report a Bug | By Email