IETF Logo Mail Archive

Re: [tsvwg] A review of draft-ietf-tsvwg-udp-options-12

Joseph Touch <touch@strayalpha.com> Fri, 11 June 2021 04:08 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FE0F3A2707 for <tsvwg@ietfa.amsl.com>; Thu, 10 Jun 2021 21:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.319
X-Spam-Level:
X-Spam-Status: No, score=-1.319 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MDDcg4CHwtf3 for <tsvwg@ietfa.amsl.com>; Thu, 10 Jun 2021 21:07:59 -0700 (PDT)
Received: from server217-4.web-hosting.com (server217-4.web-hosting.com [198.54.116.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B89CA3A2702 for <tsvwg@ietf.org>; Thu, 10 Jun 2021 21:07:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wz+PUZOwI0+RRS1JLSR5ig5mosvEHoaiiQUcfQccxX0=; b=IKtdUVdCXDv15/WBhLzKNyf14o YxR8A8XrQ+lnmRN2rb//VMhiLaXPh0aadHl5mDBa/ZplL06EIpzCMNbjW6xPIie0KWqnzEjobuVgi 7fkjtQarmNOPpUeZUP6Cqj3bnX3PKwd8UIj7qIiP46a3zvdPog8bE/10eGbwRLs9+HDxSvod/xLQK 8FBocBNwezucr3sKpVABf0RE7SzvbQQgbWKJzvugUIW3HtQ+SoWTuXqR5MiyaUHy2af9VuUE3auMr g2tgkOyf2n6gEseFBBAe30kfrO3Fm3PyhtgYZlEYrFRXwHW9DmEH4JyCwy2AffhB2orZ3IGWFNuvp PbkCpD1g==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:62207 helo=[192.168.1.14]) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1lrYSX-001vb3-GB; Fri, 11 Jun 2021 00:07:58 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <CACL_3VHyoRr5ju8203DiLTUo-658DCj7ud+1dQE2o0hUPVhF0A@mail.gmail.com>
Date: Thu, 10 Jun 2021 21:07:49 -0700
Cc: TSVWG <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D766992-AEEB-434F-BB1D-3817EE07DE61@strayalpha.com>
References: <CACL_3VGb_9P5SfPGRJtf1ZBvEhgywc2ZEGr-qbgNOMXV20rFeA@mail.gmail.com> <CACL_3VHyoRr5ju8203DiLTUo-658DCj7ud+1dQE2o0hUPVhF0A@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/sGq-qRFkRyzChufqfxXJVjr-S2k>
Subject: Re: [tsvwg] A review of draft-ietf-tsvwg-udp-options-12
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2021 04:08:04 -0000

Hi, Mike,

I’ve been waiting for others to participate, but given it’s been a week…

First, I want to thank you for the deep review - it’s sincerely appreciated.

I’ll also be the first to admit there are more than a few places where it needs another pair of eyes and may have inconsistencies. So let’s start by assuming that those are dealt with separately. At a minimum, assume that most of the obvious corrections will be included in the next update.

I will respond  to the revised LITE option in reply to your other post.

On the primary issues, below summarizes my perspective. I hope others on the list will weigh in.

Joe

-----

- regarding fragment/reassembly as being required
	This is one of the primary current intended use cases and motivations for UDP options. 
	That’s why it’s currently a MUST support and why I do not think that should change.

- regarding removing EOL
	Removing EOL raises several questions: can other options use that data? Do we care if it’s a covert channel? etc.
	It’s simpler to declare it zeroes and let EOL be the trigger to use a loop with a branch predictor hint (likely zero).
	At a minimum, everything past EOL MUST be covered by OCS (otherwise OCS would need to parse all options to find EOL).
	
- regarding increasing NOPs
	There was a concern in letting these be unlimited; we can increase to 7, 15, or even 31 (high enough for future-proof seems
	to open a DOS problem; IMO, DOS detection should just check to see if this is a persistent load, not a specific number)

- regarding UNSAFE option format
	Yes, we could pick a range rather than making them longer, but IMO they aren’t likely except as already accounted for, so 
	allocating space from the main range is a waste.
	However, if we did allocate from the range, we should NOT do so with a single bit; that gives the false impression
	that a given option value has two variants - safe and unsafe, and that’s not the case.

- regarding AE being safe
	This is not considered unsafe for two reasons:
	1. A(authentication) isn’t unsafe
	2. Encryption should only be used when sending packets to a party that is keyed; that can/should be known or checked before use anyway.
	i.e., there’s never a case where you send encrypted text to a party you don’t know should be ready.

----

v2.23.0 | Report a Bug | By Email