IETF Logo Mail Archive

Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-31.txt

Tom Herbert <tom@herbertland.com> Wed, 06 March 2024 19:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F9A0C14F5FD for <tsvwg@ietfa.amsl.com>; Wed, 6 Mar 2024 11:19:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YzGmJkHP9lAp for <tsvwg@ietfa.amsl.com>; Wed, 6 Mar 2024 11:19:02 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4439C14F5F9 for <tsvwg@ietf.org>; Wed, 6 Mar 2024 11:19:02 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5640fef9fa6so94908a12.0 for <tsvwg@ietf.org>; Wed, 06 Mar 2024 11:19:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1709752741; x=1710357541; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=4uZujg20bmb9PTe0xM+2kq0TXoE4GrPS0QOOq9qpzrg=; b=WxnPySzsULZDoEz69SEp5KXBqKv3cvln8Z60UqQCIrIIuIF2FE2D0PTqtnaRr/ZPVn kpF1K7kF8cAcog2gZbSyHjKVJauLTQs/dkAo/Cg62Jy2vT7Iu2tfbEoDJBwed0dkZznV qziUJ1xanbBLT1pix+SlAjjpkXpmyOOq7jnU2R9k+6jo2qatzjFVUJaTf4IDBVoq4604 iDK9dZkyaF3P21kht+x43qddEKJVOvNuPPz/M2mv+kAgyHFum1cZeUaK15k+Fyfg9vJf Wow8+1cW9kKpjjr5iNi27FbmBp7frXmOvOg2ZGxTYcEnTae07LzJGy2nbImds4EOnLUO AhkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709752741; x=1710357541; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4uZujg20bmb9PTe0xM+2kq0TXoE4GrPS0QOOq9qpzrg=; b=b94op83Tw86eOmB+J8p+EzQOTKjwEdEglJc61tXY+FJh4+EadgKHW58sGSqPHpSij9 kFlhPRe5pM+38Wngmz6RiJg0AuI5pNPejOO6+KmFX8Pym/Md/ySlwaiErX22b3Xj/IhP xna+LagmQxT/kxPv89XL3g7lo0hOPsoGg6Qmgg3spTLTd1YHMsN6TSeuEb7vO7qcitUX 6M64Qvpex5AVHDg7rCd5e/OkpUx9tuk7GcankKqccna+O7VFnGfqgyOpwQXJGszVugfQ nFcm3yfJ5miHkHZQeocciaJmDMlz3NpyQz25Io1mOstMOH/tM1FwV0tPPPEfwef5CxxM 3bMw==
X-Forwarded-Encrypted: i=1; AJvYcCWXu/wZKF6HHj9N05WxGn6+SBW2DaAAgBkN4pgoadDzlwRbfzIutPb9qMx3rJS7BIrsfp+vgAqpBiqLvKJNYA==
X-Gm-Message-State: AOJu0Yye9gXJeJAe4dbmcJ6PGH28rMRtCHSUYNlcidwozXG2Rkqe/gUS Rg3Sbtpo2JrnfIIcRt6IhhDnRm116hQDzzqZVu1M+7Rd2kzD85k0hxcMdJImw9e7QeX8TvLnnMz STahbgBvSauX2/GtOt2VlgNO4UKhA10nY2llvlIG38EAkM7rkOQ==
X-Google-Smtp-Source: AGHT+IEt5YwsbTbLZmr2e5aU4d/QiP0IRG+uNbfpRhoob3MlVMAZ2Ccii+Yg7fcB5x59wKB0HuzjQLM7LEJNCjtGyS4=
X-Received: by 2002:a05:6402:22b6:b0:568:b18:ee19 with SMTP id cx22-20020a05640222b600b005680b18ee19mr570076edb.16.1709752740795; Wed, 06 Mar 2024 11:19:00 -0800 (PST)
MIME-Version: 1.0
References: <CALx6S37S61eKrPTefdBTKfw=BoV31_C4nwadP+QxrctfduF0iw@mail.gmail.com> <E82B3F27-CD79-4ED0-9FE6-27CAAB8E41AE@erg.abdn.ac.uk> <CALx6S360sPwOxkAiqxtJquZ=H8fJW6BTf5wmgdwxy85xZSb0Tw@mail.gmail.com> <CACL_3VF-FT6pVg+A_L=Gto53H0=dNMWeb9JRXXAf-E039hR=Qw@mail.gmail.com>
In-Reply-To: <CACL_3VF-FT6pVg+A_L=Gto53H0=dNMWeb9JRXXAf-E039hR=Qw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 06 Mar 2024 11:18:49 -0800
Message-ID: <CALx6S37fJ9j1W_yAZoSEHvqdMLJWj-URt8G08ccd0-fR3q4Uig@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: "Gorry (erg)" <gorry@erg.abdn.ac.uk>, TSVWG <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/iCpmDAbc7E16S2z05wUlT0ysGIY>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-31.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 19:19:07 -0000

On Wed, Mar 6, 2024 at 10:05 AM C. M. Heard <heard@pobox.com> wrote:
>
> On Wed, Mar 6, 2024 at 8:18 AM Tom Herbert  wrote:
> > The implication is that we can use an alternate CRC when the UDP
> > checksum is either not used or considered too weak. I think it's also
> > implied that any alternate to UDP checksum would need meet the same
> > salient requirements as UDP checksum which are:
> >
> > 1) Use of the checksum or CRC is optional only by the sender not the
> > receiver. From RFC1122: "Unlike the TCP checksum, the UDP checksum is
> > optional; the value zero is transmitted in the checksum field of a UDP
> > header to indicate the absence of a checksum."
> > 2) If a checksum or CRC is received then the receiver MUST either
> > validate that it is correct or drop the packet: From RFC1122 "If a UDP
> > datagram is received with a checksum that is non-zero and invalid, UDP
> > MUST silently discard the datagram."
>
> The requirements that you cite certainly apply to the UDP checksum, but
> where does 1122 or any other IETF standard say "or CRC"?

Mike,

There are many protocols that have CRCs. My point is that if we tell
users that APC is an alternative to the UDP checksum then it seems
likely to me that they'll expect it to basically work the same way. If
they miss some of the differences then that could lead to silent data
corruption as we've discussed.

>
> Admittedly, the way that we have traditionally written our
> specifications creates that expectation. But an expectation is not
> necessarily a requirement. As currently specified, APC (and AUTH,
> when it is completed) will allow mutually consenting endpoints to
> use a stronger integrity check (or authentication).

There's no such thing as mutually consenting endpoints in UDP, there
is no negotiation that would allow this (except maybe for the very
limited use case of a simple request/response protocol).

> That makes them
> useful building blocks. And there is something to be said for having
> them be incrementally deployable. I recall a long-ago comment of Michael
> Richardson's that it was a historic mistake for the IP AH specification
> to require mandatory drop for authentication failures because doing so
> inhibited incremental deployment.

Considering AH requires SAs to be set up at both endpoints to be
useful I'm not sure why that would be needed. But even if AH was
optional, would you REALLY want a receiver to ever ignore it? For
instance, if an app is sending bank transactions over the Internet
with AH, would it ever be acceptable for the server to just ignore the
AH without authenticating the request? In my view, absolutely not! If
I send an AH I definitely want the receiver to validate it, because if
they just ignore it then that means they ignore all AH which basically
means there's no security in the system which guarantees the system
will be breached and I will be receiving a letter of apology from my
bank saying their system was breached (although they might neglect
telling me the part about ignoring AH because that would make them
look incompetent, but of course they're not going to get that past
regulators :-) ).

Tom


>
> Mike Heard

v2.23.0 | Report a Bug | By Email