Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14

[Joseph Touch <touch@strayalpha.com>]

> On Apr 7, 2020, at 8:34 AM, Tom Herbert <tom@herbertland.com> wrote:
> 
> On Tue, Apr 7, 2020 at 8:12 AM Joseph Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> wrote:
>> 
>> Hi, Tom,
>> 
>>> On Apr 7, 2020, at 7:40 AM, Tom Herbert <tom@herbertland.com> wrote:
>>> 
>>> On Mon, Apr 6, 2020 at 6:42 PM Joseph Touch <touch@strayalpha.com> wrote:
>>>> 
>>>> Hi, Gorry,
>>>> 
>>>> I’d suggest as follows (just to follow through on the changes):
>>>> 
>>>> 
>>>> In some uses, an assigned transport port (e.g., 0..49151) can identify the protocol [RFC7605]. However, port information alone is not sufficient to guarantee identification. Applications can use arbitrary ports and do not need to use assigned port numbers. The use of an assigned port number is also not limited to the protocol for which the port is intended.
>>> 
>>> Joe,
>>> 
>>> RFC7605 acknowledges that port numbers are used to identify the
>>> application protocol, but clearly doesn't condone the practice. I
>>> suggest the text should just paraphrase RFC7605:’
>> 
>> I don’t quite understand the above, esp. the use of “condone”. Port numbers are assigned *exactly* for endpoints to identify application protocols *in the absence of any other more explicit coordination* (the draft doesn’t say it so directly, but that’s the summary).
>> 
> Joe,
> 
> I meant by using port numbers at intermediate nodes for identifying
> application protocols.

Oh, sorry. I didn’t get that from the text, but agreed.

> For example, QUIC is assigned UDP port number
> 80 and the spinbit was created to be visible and processed by
> intermediate nodes. The only generic way intermediate nodes can
> identify QUIC is by matching the assigned UDP port number. RFC7605
> says that such matching may not be correct, so consideration needs to
> be taken what happens if things are misinterpreted (IIRC, processing
> of spinbit for a packet misinterpreted as being QUIC is considered
> innocuous).

Agreed.

> Also, a corollary should be the hard requirement: "Intermediate nodes
> MUST NOT ever modify transport payload”.

As a general principle, yes - agreed. There’s always the caveat that it’s always OK *with the consent of the endpoints*, e.g., if an enterprise wants to set up the network that way for their users. But in the arbitrary “middle” of the network, it *should* IMO always be MUST NOT.

> I don't believe this draft
> mentions the fact that some intermediate nodes modify unencrypted
> transport layer headers in flight, but this does happen. For instance,
> there are devices that will modify the TCP receive window to optimize
> traffic flow (I believe there are some routers for satellite links
> that do this).

Yes, and they then complain that mechanisms like IPsec “interfere” with that “feature”. Some of what they do might be relatively innocuous, but some - esp. forging ACKs to reduce endpoint-perceived RTT - runs a significant risk of undermining TCP semantics of reliable delivery.

> If this technique were applied to QUIC where the
> network modified some "exposed" fields in the QUIC header then this
> would risk systematic data corruption for UDP packets misinterpreted
> as QUIC (putting the transport layer in a modifiable HBH option would
> not have this problem).
> 
> Tom
> 
> 
>> That said, I was OK with the resolved text I had suggested, with or without the text below - which is also fine.
>> 
>> Joe
>> 
>>> 
>>> "Port numbers are sometimes used by intermediate devices on a network
>>> path to interpret transport protocol payload, however any
>>> interpretation of port numbers -- except at the endpoints -- may be
>>> incorrect, because port numbers are
>>> meaningful only at the endpoints [RFC7605]."
>>> 
>>> Tom
>>> 
>>>> 
>>>> 
>>>> Joe