IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

"Black, David" <David.Black@dell.com> Fri, 12 July 2019 15:49 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6749712073E for <tsvwg@ietfa.amsl.com>; Fri, 12 Jul 2019 08:49:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=hzuBOtNt; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=o+6htKrs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0TRfw-jXFAD for <tsvwg@ietfa.amsl.com>; Fri, 12 Jul 2019 08:49:48 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B88120735 for <tsvwg@ietf.org>; Fri, 12 Jul 2019 08:49:36 -0700 (PDT)
Received: from pps.filterd (m0170391.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6CFib19031669; Fri, 12 Jul 2019 11:49:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=ZpJdSjC0XhE4tcVeKtIfZLuQJBSLHEjCuk5NdMkKoUk=; b=hzuBOtNtWHpkKqGic5Y+K9ctzw4vGSxnuGTpAPkG5xZ4jW6jlVQ//nNRp7ykSi6H9vpY khg9vyFZ70qU3oN+OzmGRQ52Nb8HUoHtbB0JYJN0d/r2+s2ufhQJTN+s48626od6QVdr 0tlwfyD6cIHd8YX9ePDyFlIvCbPRV71NTFZ5KGQpvUSWVEmW17J1WSPiHXkAgqcRWHHB n2QDgWiDaYmsR/eEuV6AvxRg1sG7AbiAxYMjNtVUYSE3ca9nRORpKnNqu1hBTMxEW4Kt HzfY9BB34Buxr0PaTPS0V+4N+bgteAebsW3VO7y2NZGH03yhfGDTBpGDaI6jj7VQ0WiG Hw==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 2tp655d39q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 12 Jul 2019 11:49:34 -0400
Received: from pps.filterd (m0144102.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6CFmNUT055121; Fri, 12 Jul 2019 11:49:33 -0400
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by mx0b-00154901.pphosted.com with ESMTP id 2tpv6uh0ub-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 12 Jul 2019 11:49:33 -0400
Received: from maildlpprd03.lss.emc.com (maildlpprd03.lss.emc.com [10.253.24.35]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x6CFnS70015262 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 12 Jul 2019 11:49:32 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com x6CFnS70015262
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1562946572; bh=s3KwU4Dz9nN63z1j3oT2WiSL8ko=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=o+6htKrs7LO8dHl4dg16sIfU6GS7uNkszd2juIRy28THMGyXqYgkJqR95U0JYLMsl wEsPBznv7rar1p8bkLn0OtGt1NDvicuwvV7iTQcf8m3VolldblJEMFBVhVQozygJak ro0We38hrSZLBeUVVpBsJ2NtY54nNKHb3WaXQaFA=
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd03.lss.emc.com (RSA Interceptor); Fri, 12 Jul 2019 11:49:13 -0400
Received: from MXHUB310.corp.emc.com (MXHUB310.corp.emc.com [10.146.3.36]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x6CFnCtR001893 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 12 Jul 2019 11:49:13 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB310.corp.emc.com ([10.146.3.36]) with mapi id 14.03.0439.000; Fri, 12 Jul 2019 11:49:12 -0400
From: "Black, David" <David.Black@dell.com>
To: Tom Herbert <tom@herbertland.com>
CC: Joe Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [tsvwg] draft-ietf-udp-options issues from IETF 104
Thread-Index: AQHVN6fJSr2fz2j+X0mdJ/EyrvZ1aKbFyZkAgAAMWICAAA4/AIAAHX2A///IYUCAAFy8gIAA2GiwgABgsoD//75HQA==
Date: Fri, 12 Jul 2019 15:49:11 +0000
Message-ID: <CE03DB3D7B45C245BCA0D2432779493630615838@MX307CL04.corp.emc.com>
References: <156262970360.865.13042807682366763561.idtracker@ietfa.amsl.com> <CAPDqMeoMqsB8=tH5TBaq5Tw-sLW3HNc8tpfUU3htV=sWo7pJcA@mail.gmail.com> <D7E52D2B-3912-4897-80C6-0150CDE10218@strayalpha.com> <CAPDqMep9MYqjFvvJSVbqYwo-xJ1pUocYszNukveaZODhf9+75A@mail.gmail.com> <e73919f08202937bf45418cbf8bcc38c@strayalpha.com> <CAPDqMeoh3n5fL1k6Fw9D8rCpy4a9eWyUZvgStyzYfFuJbuWudw@mail.gmail.com> <3f6f54e0b828e2628af964d6ee7f33e1@strayalpha.com> <CALx6S37rt7OJtH5a2ZH23R21ATETuwTeFS-mZQECtgxPQ3nSZA@mail.gmail.com> <ccc386aa429bfe301998f39eb7fccfbf@strayalpha.com> <140f11c854e0ad96c51639f830cbb688@strayalpha.com> <CALx6S35MC_fj+fL6Ax9a-9=-QX0-mHLmMQ7cUs2Rir+AvYE=zA@mail.gmail.com> <5b35e91dd510119672a0836f868ade24@strayalpha.com> <CALx6S36AVbKfvb-6dj07rcGjsVsCz0daFM9qZOBSSstZOM-Ukg@mail.gmail.com> <8A584FFF-6C86-4154-8D9D-CF407CA77145@strayalpha.com> <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <f9f1701c2196c5db520d025294202353@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306153C4@MX307CL04.corp.emc.com> <CALx6S37U5Q9qkxDFfR6w9MpN4qvRagThb+p0GqnAS118cKDuZw@mail.gmail.com>
In-Reply-To: <CALx6S37U5Q9qkxDFfR6w9MpN4qvRagThb+p0GqnAS118cKDuZw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2019-07-12T15:38:40.7326075Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual; aiplabel=External Public
x-originating-ip: [10.238.21.131]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-12_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907120166
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907120166
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/sxZXuwBUQ-fshOD_pRCQQd9KO7E>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 15:49:53 -0000

Tom,

Inline ...

Reminder: All of my comments in this thread are as an individual, not as a WG chair.

Thanks, --David

> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Friday, July 12, 2019 11:26 AM
> To: Black, David
> Cc: Joe Touch; Tom Herbert; tsvwg
> Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
> 
> 
> [EXTERNAL EMAIL]
> 
> On Fri, Jul 12, 2019 at 7:10 AM Black, David <David.Black@dell.com> wrote:
> >
> > Joe,
> >
> >
> >
> > > So no matter what you do, they're still easily optional unless we decide to
> FORCE the user to do otherwise. Why exactly would that be the case?
> >
> > I think I’m over on the “FORCE” side of that dichotomy (i.e., I don’t agree
> with “easily optional”), although we can split hairs on what degree of
> “FORCE” is appropriate.   My underlying reasons are these two:
> >
> >                 1) strong "running code" evidence of what breaks when the OCS is omitted,
> >
> >                 2) helps defend against … possibility [of] … other uses of surplus space
> >
> >
> >
> > IMHO, OCS being the “default” is a good starting point, but … my current
> view is that on its own, item 1) justifies “MUST implement/SHOULD use”
> language for OCS (and “SHOULD use” is complementary to and stronger than
> “default”) and setting the space aside for OCS, at least when LITE is not
> present.  That view is reinforced by item 2), and I note neither of those two
> items are within the control of the endpoint implementer or application that
> uses the endpoint’s UDP option support.
> >
> >
> >
> > > I think you contradict this below, here:
> >
> > >
> > > One exception to OCS being mandatory that makes sense to me is that
> OCS doesn't seem to make a lot of sense with LITE,
> >
> >
> >
> > Point taken – my response is “not exactly” … but I clearly need to explain
> my thinking in more detail :-).  IMHO, LITE is “special” …
> >
> >
> >
> > My rationale for OCS not making a lot of sense with LITE is that use of LITE is
> a clear indication from the sending application that correctness of the LITE
> data on receipt is optional.  Beyond that, I believe you’ve pointed out that
> zeroing the UDP checksum is a related scenario where correctness of all of
> the UDP data may be optional – that scenario is more subtle, because one of
> the rationales for zeroing the UDP checksum is presence of another integrity
> mechanism elsewhere in the protocol stack that covers the data (although
> protocol designers need to watch out for uncovered IPv6 headers – see RFC
> 6935 and RFC 6936).  In both cases, if the scenario is one in which
> “correctness of .. data is optional,” then IMHO (as an individual) correctness
> of UDP options also has to be optional, and we (WG) need to carefully
> consider which options are ok vs. ought not to be used when correctness of
> them on receipt doesn’t matter.
> 
> David,
> 
> The integrity provided by the checksum is only part of the story. An
> important observation is that many devices will include the surplus
> space in their calculation of the UDP checksum. Unless the surplus
> space sums to zero, an incorrect UDP checksum may be derived and the
> result is a high probability that packets will be dropped somewhere in
> the network. The other important use is disambiguation with legacy
> uses of the surplus space.
> 
> So the first requirement is simple:
> 
> "If the UDP checksum is used (non-zero) then a checksum MUST be used
> in the surplus space such that the surplus space sums to zero"

[David>] With the exception of LITE, I agree.

[David>]I think LITE deserves more thought/discussion, as a user of LITE has already agreed to tolerate things that the network is not supposed to do to non-LITE traffic, and that tolerance may extend further.
> 
> Given that IPv6 requires the UDP checksum, the surplus space checksum
> needs to be present in all IPv6 packets.

[David>] That IPv6 requirement statement is incorrect, even though it's "digging in the right place" (IMHO) - see RFC 6935 and RFC 6936.

> For cases in IPv4 where the
> UDP checksum is zero, I think use of the surplus space checksum is
> still a MUST. A common misnomer is that optional UDP checksums is
> somehow a benefit to hosts since it allows them to omit the checksum
> calculation. It's not. We've already accounted for presence required
> checksums in TCP and UDPv6. For instance, RFC6936 only benefited
> routers not hosts; the effect of supporting RFC6936 in hosts has been
> more complexity, more test cases, and more bugs to fix. Making surplus
> space checksum optional is more work for little gain.

[David>] I acknowledge that view, and for now I will agree to disagree, as I currently see a clear case for "SHOULD use OCS" but not for "MUST use OCS" ... and reserve the right to change my mind as more information is added to the discussion.
> 
> Tom
> 
> >
> >
> >
> > Thanks, --David
> >
> >
> >
> > From: Joe Touch <touch@strayalpha.com>
> > Sent: Thursday, July 11, 2019 4:45 PM
> > To: Black, David
> > Cc: Tom Herbert; tsvwg
> > Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
> >
> >
> >
> > [EXTERNAL EMAIL]
> >
> > Notes embedded below...
> >
> >
> >
> > So far, I'm beginning to see that this argument boils down to 1 byte. If
> that's all it is, then fine - let's add OCS as a fixed field at the head, possibly
> after NOPs.
> >
> > NOTE: OCS would still probably need to have a way to be disabled, ala
> UDPv4 checksums, by setting to zero.
> >
> > So no matter what you do, they're still easily optional unless we decide to
> FORCE the user to do otherwise. Why exactly would that be the case?
> >
> > Joe
> >
> > On 2019-07-11 13:01, Black, David wrote:
> >
> > Commenting as an individual, **not** as a WG chair.
> >
> > -- Option Checksum (OCS)
> >
> > The IETF 104 tsvwg minutes match my impression that the topic of whether
> the offsetting option checksum (OCS) should be optional vs. mandatory
> remains an open issue for UDP options.
> >
> >
> >
> > Tom has kept this issue open for over a year; there hasn't exactly been a
> groundswell behind the issue. I also note that you seem to argue yourself
> out of your own support below, FWIW.
> >
> >
> >
> > For my part, I've seen strong "running code" evidence of what breaks
> when the OCS is omitted,
> >
> >
> >
> > In SOME Internet paths. The issue is whether we need to require this even
> when we might not need it in the future.
> >
> >
> >
> > But note that the same thing is largely true for UDP checksums - they find
> real errors, yet some people choose to turn them off (esp. for IPv4). So even
> if we kept OCS as a required field, we would still need a way to turn them off
> in a corresponding way (e.g., set to zero).
> >
> >
> >
> > in contrast to almost no evidence of things broken by the presence of OCS
> (computed to offset the UDP checksum calculation when that is done over IP
> length instead of UDP length).
> >
> >
> >
> > I think you contradict this below, here:
> >
> >
> >
> > ...
> > One exception to OCS being mandatory that makes sense to me is that OCS
> doesn't seem to make a lot of sense with LITE, as the OCS would cover all the
> LITE payload data, thereby defeating the LITE goal of not having to checksum
> data whose reliability is not of interest.   One consequence is that UDP
> Options become unreliable when LITE is used, which may have implications
> for which UDP options are acceptable to use with LITE.  An important
> tradeoff is that LITE won't work on network paths that pass  UDP Options
> only when OCS is present.
> >
> >
> >
> > There are some other possibilities, such as including an OCS on transmit but
> not checking it on each fragment received. That would trick middleboxes as
> needed but avoid duplicate work at the receiver (which is where load tends
> to be bigger anyway).
> >
> >
> >
> > This is both why the current doc indicates OCS as both optional and default
> enabled. In the future, if/when it isn't needed, we can remove it that way -
> as well as disabling it if needed/possible for LITE.
> >
> >
> >
> > -- Other uses of surplus space
> >
> > Any hypothetical existing use of surplus space is incompatible with both
> UDP options and a new surplus header.  While I haven't seen evidence of any
> such existing use "running code," making the OCS mandatory helps defend
> against that possibility, as well as against bad endpoint implementations that
> put whatever junk bytes happen to be lying around in memory into that
> extra space, improving UDP Options robustness.
> >
> >
> >
> > *Using* OCS accomplishes this - and remember, it's default to being used.
> >
> >
> >
> > Making OCS mandatory is a decision - why do you think that's critical for us
> to make for all future users?
> >
> >
> >
> > And regarding the last point, if you really care, users are always welcome to
> just leave OCS on as defaulted anyway.
> >
> > --
> >
> >
> >
> >

v2.23.0 | Report a Bug | By Email