IETF Logo Mail Archive

Re: [tsvwg] Remaining issues for draft-ietf-tsvwg-udp-options-22

Erik Auerswald <auerswal@unix-ag.uni-kl.de> Sun, 02 July 2023 12:28 UTC

Return-Path: <auerswal@unix-ag.uni-kl.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE458C151083 for <tsvwg@ietfa.amsl.com>; Sun, 2 Jul 2023 05:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.194
X-Spam-Level:
X-Spam-Status: No, score=-4.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m89ksCROccdk for <tsvwg@ietfa.amsl.com>; Sun, 2 Jul 2023 05:28:48 -0700 (PDT)
Received: from mailgw1.uni-kl.de (mailgw1.uni-kl.de [IPv6:2001:638:208:120::220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F549C151078 for <tsvwg@ietf.org>; Sun, 2 Jul 2023 05:28:47 -0700 (PDT)
Received: from sushi.unix-ag.uni-kl.de (sushi.unix-ag.uni-kl.de [IPv6:2001:638:208:ef34:0:ff:fe00:65]) by mailgw1.uni-kl.de (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 362CSk8B175221 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 2 Jul 2023 14:28:46 +0200
Received: from sushi.unix-ag.uni-kl.de (ip6-localhost [IPv6:::1]) by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id 362CSgS9022017 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 2 Jul 2023 14:28:42 +0200
Received: (from auerswal@localhost) by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Submit) id 362CSgb5022016; Sun, 2 Jul 2023 14:28:42 +0200
Date: Sun, 02 Jul 2023 14:28:42 +0200
From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: "C. M. Heard" <heard@pobox.com>, TSVWG <tsvwg@ietf.org>, Joe Touch <touch@strayalpha.com>
Message-ID: <20230702122842.GA20114@unix-ag.uni-kl.de>
References: <CACL_3VFNHVLc89BO_n12gKid6p0Y2tJ+-ThB0x_wGkMCMnSESA@mail.gmail.com> <14F6EC62-311B-46B3-8B80-7263345BCB80@gmx.de> <CACL_3VH4Zw_vVudO5WiFrD7AC5JhHXiSWfhW5Wu5O7W_rBYfMA@mail.gmail.com> <026B4018-4F96-49B4-B73A-E7F33FEE8A15@gmx.de> <CACL_3VEw4koyJSX3xA3UJ1Vikg+F9PPw1G030jQPHhZdoOETSA@mail.gmail.com> <d34aa821-207d-78eb-ead2-e2d918939dcf@erg.abdn.ac.uk> <20230629162807.GA8600@unix-ag.uni-kl.de> <20230701204510.GA29872@unix-ag.uni-kl.de> <CACL_3VG_c-+zqoEhufyLvDqCV1ZkUoS9ZoknxJWwvH2RddOD=A@mail.gmail.com> <8a7a4eb6-aaf2-edb6-8684-09d11f172dd0@erg.abdn.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <8a7a4eb6-aaf2-edb6-8684-09d11f172dd0@erg.abdn.ac.uk>
Author: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/qlcFuZjzlzxyoFg2UOhv-PK8Kag>
Subject: Re: [tsvwg] Remaining issues for draft-ietf-tsvwg-udp-options-22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jul 2023 12:28:49 -0000

Hi,

On Sun, Jul 02, 2023 at 09:11:55AM +0100, Gorry Fairhurst wrote:
> On 01/07/2023 22:39, C. M. Heard wrote:
> >On Sat, Jul 1, 2023 at 1:45 PM Erik Auerswald wrote:
> >> On Thu, Jun 29, 2023 at 06:28:07PM +0200, Erik Auerswald wrote:
> >> > On Mon, Jun 26, 2023 at 10:03:00AM +0100, Gorry Fairhurst wrote:
> >> > * Section 22: The second to last paragraph on page 35 states that
> >> >   "no options (including ECHO) ever initiate UDP responses in the
> >> >   absence of user transmission."  I think "ECHO" means "REQ", but
> >> >   draft-ietf-tsvwg-udp-options-dplpmtud-08 allows for REQ to create
> >> >   responses without use data, specifically when DPLPMTUD is
> >implemented
> >> >   inside the "Packetization Layer of UDP Options". This seems to be
> >> >   inconsistent.
> >>
> >> The description of REQ and RES in section 9.7 does not mention that the
> >> RES option is only to be sent if some other data is to be sent anyway.
> >> To the contrary, the description
> >>
> >>   "The echo request (REQ, Kind=6) and echo response (RES, Kind=7)
> >>    options provide a means for UDP options to be used to provide UDP
> >>    packet-level acknowledgements."
> >>
> >> seems to suggest that RES is sent as an acknowledgement when there would
> >> be none otherwise.  Today, request-response protocols use the receipt
> >> of the response as acknowledgement for the receipt of the request by
> >> the receiver (e.g., DNS and RADIUS do this).  The additional capability
> >> REQ and RES options could provide would be to elicit a response when
> >> there would be none otherwise.  This is definitely the assumption made
> >> for DPLPMTUD implemented in the "UDP Options Packetization Layer" (as
> >> opposed to the application) in draft-ietf-tsvwg-udp-options-dplpmtud-09.
> >
> >Good catch.
> >
> >I did actually flag the issue with the Security Considerations in
> >https://mailarchive.ietf.org/arch/msg/tsvwg/ocDWz4jWZdqVP6CTuAhsBXer2Bc/:
> >
> >=======================================================================
> >In draft-ietf-tsvwg-udp-options-22 Section 22, 3rd paragraph, we see:
> >
> >   UDP options create new potential opportunities for DDOS attacks,
> >   notably through the use of fragmentation. Except when enabled, UDP
> >   options cause no additional work at the receiver. At most, the
> >   required options (if enabled) result in a responding option in the
> >   next transmitted packet, but no options (including ECHO) ever
> >   initiate UDP responses in the absence of user transmission.
> >
> >Corrected:
> >
> >   UDP options create new potential opportunities for DDOS attacks,
> >   notably through the use of fragmentation. When enabled, UDP options
> >   may cause some additional work at the receiver; however, of the
> >   must-support options, only REQ (when used on a DLPMTUD probe [Fa22])
> >   will initiate a UDP response in the absence of a user transmission.
> >
> >Note that [Fa22] needs to be updated to [Fa23].
> >
> >This comment was made originally against -19 on 27-Jan-2023 but was not
> >addressed.
> >=======================================================================
> >
> >However, I didn't mention the need to bring this up in Section 9.7
> >
> >Perhaps a reference to the last paragraph in Section 6 of
> >draft-ietf-tsvwg-udp-options-dplpmtud would help. See
> >
> >https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-udp-options-dplpmtud#name-examples-with-different-rec
> >
> >I think this applies no matter whether DLPMTUD is implemented within
> >the UDP transport service or by an upper layer protocol or application.
> >
> >Mike Heard
> 
> I wonder if it may be better to explain this as when "explicitly" enabled:
> 
> NEW:
> 
>    UDP options create new potential opportunities for DDOS attacks,
>    notably through the use of fragmentation. When enabled, UDP options
>    may cause some additional work at the receiver; however, of the
>    must-support options, only REQ (when explicitly enabled
> 
>    for a DLPMTUD probe (Section 6 of [Fa22])
>    will initiate a UDP response in the absence of a user transmission.

Yes, I think that would be better for the security considerations section.
I would suggest to designate DPLPMTUD as an example by inserting "e.g., "
directly after the opening parenthesis:

    (e.g., when explicitly enabled for DPLPMTUD probing (Section 6 of
    [Fa22]))

I still think that this behavior needs to be explicitly described in
the sections before the security considerations.

The idea that REQ does in general not result in RES, even after enabling
UDP Option processing, unless application data were to be sent from the
receiver of the REQ option irrespective of this REQ, or unless some
additional mechanism (e.g., a DPLPMTUD State Machine sitting between
the application and UDP Options) were to process the REQ and create a
response including a RES, does not seem to be obvious from reading the
UDP Options specification as currently written.  I'd say that it should
be made obvious.

Regards,
Erik

v2.23.0 | Report a Bug | By Email