IETF Logo Mail Archive

Re: WGLC Announcement for draft-ietf-tsvwg-source-quench - 18th October 2011,

Joe Touch <touch@isi.edu> Thu, 20 October 2011 21:10 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0861F0C3D for <tsvwg@ietfa.amsl.com>; Thu, 20 Oct 2011 14:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.755
X-Spam-Level:
X-Spam-Status: No, score=-102.755 tagged_above=-999 required=5 tests=[AWL=-0.156, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrsYSajIy1aO for <tsvwg@ietfa.amsl.com>; Thu, 20 Oct 2011 14:10:22 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 0C9701F0C43 for <tsvwg@ietf.org>; Thu, 20 Oct 2011 14:10:22 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id p9KL9bpL027331 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 20 Oct 2011 14:09:37 -0700 (PDT)
Message-ID: <4EA08E11.7070707@isi.edu>
Date: Thu, 20 Oct 2011 14:09:37 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Hagen Paul Pfeifer <hagen@jauu.net>
Subject: Re: WGLC Announcement for draft-ietf-tsvwg-source-quench - 18th October 2011,
References: <20111018120505.A1537FED737@newdev.eecs.harvard.edu> <9C0A8082-9E2E-4A7A-BC94-805341AAF293@isi.edu> <4EA03997.2080707@gont.com.ar> <4EA05981.9040709@isi.edu> <4EA07BD5.7090701@erg.abdn.ac.uk> <20111020201121.GB3179@nuttenaction>
In-Reply-To: <20111020201121.GB3179@nuttenaction>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, tsvwg WG <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 21:10:22 -0000

On 10/20/2011 1:11 PM, Hagen Paul Pfeifer wrote:
> * Gorry Fairhurst | 2011-10-20 20:51:49 [+0100]:
>
>> While I agree it's fair to say such behavior is inappropriate for TCP
>> and SCTP, I'm finding it harder to say that a UDP app MUST never
>> respond to a SQ.
>>
>> In the end, I think that from my point of view (no chair hat, etc)
>> there were no good reasons why an arbitrary UDP application program
>> could decide not decide to react to SQ messages.
>
> Mhh, right. But on the other hand: there is no (suitable) protection for UDP
> to detect forged SQ messages (e.g. no sequence field).

That won't help anyway. As with any router messages, there's no rule for 
how timely the message is, so the sequence number could easily be out of 
range (or even roll-over) by the time the message is sent.

Sequence numbers in ICMP messages communicate NOTHING.

> Every instance can
> forge malicious SQ messages and send to any UDP instance.  From a security
> point of view UDP/UDPLite SHOULD ignore SQ messages too.

AFAICT, this is the only sensible response.

I.e., although SQ-like messages might be more useful to UDP than to 
other protocols, SQ itself as currently defined is not.

> After consensus on that (I hope that the security aspect is a legitimate
> aspect too) I am not aware of any transport protocol where SQ makes sense.

With the caveat that "SQ as currently spec'd", +1

Joe

v2.23.0 | Report a Bug | By Email