IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

Joe Touch <touch@strayalpha.com> Mon, 15 July 2019 22:01 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7879F120108 for <tsvwg@ietfa.amsl.com>; Mon, 15 Jul 2019 15:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Level:
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dow2OGrdZa7l for <tsvwg@ietfa.amsl.com>; Mon, 15 Jul 2019 15:01:12 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 853C712002E for <tsvwg@ietf.org>; Mon, 15 Jul 2019 15:01:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Message-ID:References:In-Reply-To:Subject:Cc: To:From:Date:Content-Type:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ka34o0ZrmFAucDK7dVqiEnofJRwZOqQ/6psD+jSuzx0=; b=gLoAvThOHpDKm0k4rD3KiV3XV I2Zl/6jIZ4++x67AxKImLAPhOjrrqYjOmlzL+OQcL7zjFWm19IFTtKvMNLg2TIsJvs8rYaQKyC8tT c0CYQUtSmGrj70RtZmjeMfFJMO1mmqEXiY4oVvMsiRElLw+8ouNMemZwXagFOHnFITzCDGUFwGvMv 1hBNteHkKswOE/x+YIGjwp9EDbIcfDsmFlLkLEQjzRZTdb2X12jgRRS6q1CD8+EBlz02EpA5CseY4 epgEZM2PDRTSY/JRrbshfdayiV9kJp33nj3bw1p0XSJ9DPlSIShSzJ+0vZ2m9cWPLgEjpuCvXqM2P HkZ0mlrSQ==;
Received: from [::1] (port=46494 helo=server217.web-hosting.com) by server217.web-hosting.com with esmtpa (Exim 4.92) (envelope-from <touch@strayalpha.com>) id 1hn91u-001HgL-7Y; Mon, 15 Jul 2019 18:01:11 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_829e46e4bf1770f13b05432cc1e62202"
Date: Mon, 15 Jul 2019 15:01:06 -0700
From: Joe Touch <touch@strayalpha.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: Tom Herbert <tom@herbertland.com>, tsvwg <tsvwg@ietf.org>
In-Reply-To: <CACL_3VE_DkRQdBMYc7pW2oB88p7dE-B6Ev7JPfhxA7nUX7tZKA@mail.gmail.com>
References: <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <CAPDqMeoyNb7vQTdqxLpZpnKb9S7QKeDJNLyQJBmq95yXhB+xfQ@mail.gmail.com> <7D365770-64FE-40BC-901D-B4D7DF6B484B@strayalpha.com> <20190713182554.GB39770@clarinet.employees.org> <CALx6S36mH2M6SYnRSecWXa7k_d1u8O43+CXE-=KqeO0x2e5+qw@mail.gmail.com> <82FF6486-FABF-4D2C-B5E2-178779C720A4@strayalpha.com> <CALx6S34YhtgNNJtHazqJdsGRhiMa4PQXiSOuDz0JhqqyHWfNyA@mail.gmail.com> <757FDD92-EC4A-4AC2-B491-74B75119A951@strayalpha.com> <CALx6S36XCUs-oQVBSBX_KTg5qN4fgTBrrgqZqmwBwo75J3UqUA@mail.gmail.com> <3b6db46d21ac1bb7e6c6761df7501c92@strayalpha.com> <CALx6S37L0gxaUmE5FT=ByvETY6FnzqXDPMU++RpCQaqpwPXEyA@mail.gmail.com> <4bfbcce574679f741e47cacd87919de1@strayalpha.com> <CACL_3VE_DkRQdBMYc7pW2oB88p7dE-B6Ev7JPfhxA7nUX7tZKA@mail.gmail.com>
Message-ID: <193984167bc0b98ffe22da4efe803159@strayalpha.com>
X-Sender: touch@strayalpha.com
User-Agent: Roundcube Webmail/1.3.7
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hkTTE79mQ6WmOzLfH8JNcPQ9tI4>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 22:01:15 -0000

On 2019-07-15 14:43, C. M. Heard wrote:

> ... 
>> NOTE2: *as repeatedly already noted*, again - GIVEN THIS CONTEXT - 
>> there is no utility in the additional pre-option header proposed in 
>> draft-herbert-udp-space-hdr-01. 
> 
> Actually, there is something in the draft that IMO has great utility -- 
> not the pre-option header per-se, but the **functionality** provided by 
> the draft's protocol header packet format. Specifically, that packet 
> format allows options to share fate with the payload data that they 
> accompany (i.e., either both are accepted and processed or neither is).

How is that true? We can't redefine the UDP checksum, which covers the
payload. 

A legacy receiver doesn't care about the surplus area and can ignore it.
At which point, whether the surplus is corrupted or not, a legacy
receiver will accept it. 

A UDP-option-aware receiver would do the same thing with OCS (as
currently defined) as with the one in draft-herbert. Remember, OCS was
already redefined before the last IETF to have the same "zero out"
property as in draft-herbert-00. 

> ... 
> Besides defining a UDP surplus header (USH, Section 2), the draft also 
> defines two variations of is usage: a protocol trailer variant (Section 
> 2.1) and a protocol header variant (Section 2.2). 
> 
> In the trailer variant the UDP user data (and padding bytes as needed 
> for alignment) precede the USH and trailing options appear at the the 
> offset indicated by the UDP Length. It applies only when UDP Length > 8. 
> It provides functionality similar to the packet format defined in 
> draft-ietf-tsvwg-udp-options-07. 
> 
> In the header variant the UDP Length is set to 8. The USH immediately 
> follows the UDP header (with no padding), the options are next, and the 
> payload is last. This is functionally similar to what you get if you 
> start with draft-ietf-tsvwg-udp-options-07 and add a "user data" option 
> that consumes all trailing bytes, like the modified FRAG proposed in 
> https://mailarchive.ietf.org/arch/msg/tsvwg/Wv--BLVMPAX6g5umok9BQsXAEGg. 
> 
> One can reasonably ask, why on earth would we want both formats? My 
> answer is that they provide different but complementary functions.

Didn't you just prove they're equivalent to, in essence, LITE and
non-LITE? 

> - The trailer variant can be sent to a legacy receiver with a reasonable 
> expectation that the user data will be processed normally and the 
> options will be ignored.

that's how UDP options already work... 

> ... 
> - The header variant can be used to safely send options that need to 
> share the fate of the payload data that they accompany (the options 
> and payload share the same checksum, so both will be discarded if 
> the checksum fails).

How is this not LITE? 

Note, however, that a packet still shows up (albeit zero length) with
either approach. So this isn't exactly the same as true fate-sharing. 

> Options that cause the payload to be handled 
> differently when they are present fall into that category. Examples 
> include FRAG (for obvious reasons), ACS (as data failing the alternate 
> checksum would normally be discarded instead of being passed to the 
> application), and AE (as data failing authentication or decryption would 
> normally be discarded instead of being passed to the application). 
> 
> Note that draft-herbert-udp-space-hdr-01 stipulates that options which 
> cause the payload to be handled differently when they are present may 
> reside in the header variant only. 
> 
> Why is this important? 
> 
> Clearly, for legacy receivers, options in the trailer cannot be 
> guaranteed to share fate with the payload because they discard all 
> options. Similarly, if a new option option that affects data 
> handling is defined in the future, option-aware receivers that do 
> not recognize it will skip over it. These issues can in principle 
> be dealt with by insisting (as draft-ietf-tsvwg-udp-options-07 does) 
> that options that are not safe to ignore must not be sent without 
> prior knowledge (obtained by negotiation or configuration) that the 
> target receiver can properly handle them. 
> 
> BUT, it's not just legacy receivers that feel the impact; option-aware 
> receivers treat the entire options trailer as being absent if the option  
> checksum fails. If the UDP checksum passes, and there are options that 
> change the handling of the preceding payload data, then that data will 
> be handled incorrectly. In other words, a correctly implemented receiver 
> that recognizes all options nonetheless has the potential to pass 
> corrupted data to the application. In my opinion that's not acceptable.

That's not a feature of draft-herbert vs the exising UDP options; that
is a choice in Sec 8 of udp-options. 

We chose to have that case ignore options to emulate legacy receivers;
if that's not what we want, we change that rule. 

If that rule is changed, then you'd get the fate sharing you seek. 

But you can't have it both ways - with either solution. They're the same
here. Either failed options means "act like legacy" or it means "fail",
but that means that incorrect options would succeed in a legacy receiver
but fail in an options-aware one - EITHER WAY. 

> AFAICT, draft-ietf-tsvwg-udp-options-07 currently has no means for 
> providing the fate-sharing of options and payload.

' 
It does, as shown above. 

> The protocol header 
> format in draft-herbert-udp-space-hdr-01 does. I'd like to see 
> draft-ietf-tsvwg-udp-options-07 revised to provide that functionality. 
> 
> I have my own ideas on how best to do that, but I am going to hold them 
> in abeyance for a later time because I think it's much more important 
> for us to discuss whether I am correct to insist on the need for an 
> option and payload fate-sharing capability for protocol correctness.

I agree with that - let's decide what functionality we want and THEN
figure out how to deliver it. Or at least separate those two discussions
where possible. 

However, header/trailer is a misnomer. It's really about whether and how
much to use LITE. 

Joe

v2.23.0 | Report a Bug | By Email