[tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22
"C. M. Heard" <heard@pobox.com> Sun, 18 June 2023 23:13 UTC
Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09203C151066 for <tsvwg@ietfa.amsl.com>; Sun, 18 Jun 2023 16:13:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcjPqsy3Iyhd for <tsvwg@ietfa.amsl.com>; Sun, 18 Jun 2023 16:13:46 -0700 (PDT)
Received: from pb-smtp1.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B427FC14CF0D for <tsvwg@ietf.org>; Sun, 18 Jun 2023 16:13:46 -0700 (PDT)
Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 618FE1844BE for <tsvwg@ietf.org>; Sun, 18 Jun 2023 19:13:45 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:from:date:message-id:subject:to:content-type; s= sasl; bh=kItBlECqWaAJ5MzLx4rznZ2iIi+r4vvXEcYP1LBkJNY=; b=qtu6N8l Xsmw5stba9FOzEz3gs7KJvA+OHVmyYW2A5EaszinsJMWfCaa3C8am7iLBnYVtH8V H8v8s+MIEA8kQ8AhnR7U4vdP7vGwiizehxv1L4DQ66eYZcDaxL/9Vvw3WFLxXh7w S1YMJRh/uyLTGvLlweYLoNeV4a2ws09rIfw4=
Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 48CFC1844BD for <tsvwg@ietf.org>; Sun, 18 Jun 2023 19:13:45 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-ej1-f49.google.com (unknown [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 976321844BC for <tsvwg@ietf.org>; Sun, 18 Jun 2023 19:13:44 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-9829b12b80fso451420766b.2 for <tsvwg@ietf.org>; Sun, 18 Jun 2023 16:13:44 -0700 (PDT)
X-Gm-Message-State: AC+VfDyEg3UoxU9b2umEngS1qUApg5K4dBSBacBKdi8u6rleBGgDdhtm 3qsEKVD0GyeMFo6TbcmPmPj90YhT+9d/QY0pO28=
X-Google-Smtp-Source: ACHHUZ5RtsgHHK9c7rYvr9wDNTt1YEWKW1EKpr9/r5TK9xlQCJPcNi9XqEELskgDBLuUfO0y9/tpHQz+nLr+yKIgyFY=
X-Received: by 2002:a17:907:742:b0:982:83b1:4f3 with SMTP id xc2-20020a170907074200b0098283b104f3mr7089159ejb.47.1687130023593; Sun, 18 Jun 2023 16:13:43 -0700 (PDT)
MIME-Version: 1.0
From: "C. M. Heard" <heard@pobox.com>
Date: Sun, 18 Jun 2023 16:13:27 -0700
X-Gmail-Original-Message-ID: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com>
Message-ID: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com>
To: TSVWG <tsvwg@ietf.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Joe Touch <touch@strayalpha.com>
Content-Type: multipart/alternative; boundary="000000000000bf0d2105fe6f9184"
X-Pobox-Relay-ID: C595C176-0E2D-11EE-B98A-C65BE52EC81B-06080547!pb-smtp1.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/ocDWz4jWZdqVP6CTuAhsBXer2Bc>
Subject: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2023 23:13:52 -0000
On Mon, May 22, 2023 at 6:21 AM Gorry Fairhurst wrote: > I have just read version 20, and I have some questions as a working > group member. I hope this helps. [ ... ] > > 12. "Values should "increase" (allowing for rollover) according to a > typical 'tick' time" > - explain rollover in terms of the modulo the field size? and in draft-ietf-tsvwg-udp-options-22 Section 9.8 we now see: o Values should "increase" (allowing for rollover, i.e., modulo the field size) according to a typical 'tick' time where "modulo the field size" is new text. But later on (in text that has been around for several versions) we see: Rollover can be handled as a special case or more completely using sequence number extension [RFC9187], however zero values need to be avoided explicitly. >> TIME values MUST NOT use zeros as valid time values, because they are used as indicators of requests and responses. Since the value zero is not a value time value, it is incorrect to say that values should increment modulo the field size, i.e., modulo 2^32. At most they can increment modulo 2^32 - 1. In fact, though, if time values are incremented modulo 2^32 - 1, using output values in the range 1 through 2^31-1, what you have is nothing more than conventional ones complement arithmetic, and the difference between an echoed time stamp received in a response and the current time value when it that response is received can be reliably calculated through a rollover event by using ones complement arithmetic. I've commented on this point before, and I've received resistance on the grounds that such an interpretation is unnecessarily constraining. Well, I don't agree. I think being explicit on this point will enhance interoperability and predictability with insignificant constraints. If there is disagreement, I'd like to hear of an alternative scheme that accomplishes the same things within the constraints of a 32-bit field width and avoidance of the value zero. In any case, "modulo the field size" is not correct ======================================================================= In draft-ietf-tsvwg-udp-options-22 Section 9.1 we see >> Bytes after EOL in the surplus area MAY be checked as being zero on receipt, but MUST be treated as zero regardless of their content and are not passed to the user (e.g., as part of the surplus area). Do the words "MUST be treated as zero regardless of their content" mean that an implementation that does not verify that bytes after EOL are in fact equal to zero have to exclude them from the OCS validation? Doing so would not play well checksum offload (see https://mailarchive.ietf.org/arch/msg/tsvwg/9_1YWp-TApI9mcCuia8U6jfCwTA/). I therefore propose this replacement text: >> Bytes after EOL in the surplus area MAY be checked as being zero on receipt but MUST NOT otherwise be processed (except for OCS calculation) or passed to the user. This comment was made originally against -19 on 27-Jan-2023 but was not addressed. ======================================================================= In draft-ietf-tsvwg-udp-options-22 Section 9.4 we see: >> Similar to IPv6 reassembly [RFC8200], if any of the fragments being reassembled overlap with any other fragments being reassembled for the same UDP packet, reassembly of that UDP packet MUST be abandoned and all the fragments that have been received for that UDP packet must be discarded, and no ICMP error messages should be sent in this case (to avoid a potential DOS attack turning into an ICMP storm in the reverse direction). and >> UDP reassembly expiration MAY generate an ICMP error, but this MUST NOT use the existing IP reassembly timeout error type and code. [TBD: ?? Should we define a new code for this purpose?] In my opinion, any mention of sending ICMP errors for UDP reassembly failures is totally out of place, and all mention of this should be removed from Section 9.4. Sending ICMP messages is a function of the IP layer, not of the UDP layer (or any other transport layer). My apologies for not commenting on this when it first showed up in -14. ======================================================================= In draft-ietf-tsvwg-udp-options-22 Section 12 we see: if the UDP checksum passes or is zero then if ((OCS != 0 and fails or OCS == 0) and UDP CS != 0) or ((OCS != 0 and passes) and UDP CS == 0) then deliver the UDP user data but ignore other options (this is required to emulate legacy behavior) if OCS != 0 and passes or OCS == 0 when UDP CS != 0 then deliver the UDP user data after parsing and processing the rest of the options, regardless of whether each is supported or succeeds (again, this is required to emulate legacy behavior) Corrected: if the UDP checksum passes or is zero then if OCS != 0 and fails or OCS == 0 when UDP CS != 0 then deliver the UDP user data but ignore other options (this is required to emulate legacy behavior) if OCS != 0 and passes or OCS == 0 when UDP CS == 0 then deliver the UDP user data after parsing and processing the rest of the options, regardless of whether each is supported or succeeds (again, this is required to emulate legacy behavior) This comment was made originally against -19 on 27-Jan-2023 but was not addressed. ======================================================================= In draft-ietf-tsvwg-udp-options-22 Section 22, 2nd paragraph, we see: Note that any user application that considers UDP options to affect security need not enable them. However, their use does not impact security in a way substantially different than UDP options; both enable the use of a control channel that has the potential for abuse. Similar to TCP, there are many options that, if unprotected, could be used by an attacker to interfere with communication. The phrase "substantially different than UDP options" should be changed to "substantially different than TCP options." This comment was made originally against -19 on 27-Jan-2023 but was not addressed. ======================================================================= In draft-ietf-tsvwg-udp-options-22 Section 22, 3rd paragraph, we see: UDP options create new potential opportunities for DDOS attacks, notably through the use of fragmentation. Except when enabled, UDP options cause no additional work at the receiver. At most, the required options (if enabled) result in a responding option in the next transmitted packet, but no options (including ECHO) ever initiate UDP responses in the absence of user transmission. Corrected: UDP options create new potential opportunities for DDOS attacks, notably through the use of fragmentation. When enabled, UDP options may cause some additional work at the receiver; however, of the must-support options, only REQ (when used on a DLPMTUD probe [Fa22]) will initiate a UDP response in the absence of a user transmission. Note that [Fa22] needs to be updated to [Fa23]. This comment was made originally against -19 on 27-Jan-2023 but was not addressed. ======================================================================= The unaddressed comments mentioned above can be found in https://mailarchive.ietf.org/arch/msg/tsvwg/aGOHvmGfSTRs4ATgEEpqHrWAln4/. I also commented there on the need to replace turn [To18] (draft-touch-tcp-ao-encrypt) by a stable, normative reference, but I won't belabor that, since it's part of a larger ongoing discussion. Thanks and regards, Mike Heard
- [tsvwg] Comments on draft-ietf-tsvwg-udp-options-… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- [tsvwg] Comments on draft-ietf-tsvwg-udp-options-… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-opti… C. M. Heard
- [tsvwg] Remaining issues for draft-ietf-tsvwg-udp… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Sebastian Moeller
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Sebastian Moeller
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Christian Huitema
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Gorry Fairhurst
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Erik Auerswald
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… Tom Herbert
- Re: [tsvwg] Remaining issues for draft-ietf-tsvwg… C. M. Heard