IETF Logo Mail Archive

Re: [tsvwg] Remaining issues for draft-ietf-tsvwg-udp-options-22

"C. M. Heard" <heard@pobox.com> Tue, 04 July 2023 00:27 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7945C15107A for <tsvwg@ietfa.amsl.com>; Mon, 3 Jul 2023 17:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xT29iaZ8J0a3 for <tsvwg@ietfa.amsl.com>; Mon, 3 Jul 2023 17:27:51 -0700 (PDT)
Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F2D7C151068 for <tsvwg@ietf.org>; Mon, 3 Jul 2023 17:27:50 -0700 (PDT)
Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id A22E0192798 for <tsvwg@ietf.org>; Mon, 3 Jul 2023 20:27:47 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=pnPvPHkgxkME5Ayp4KOSsqueGswcExrO 1YDZekRyrg0=; b=LqwvCFkDcpcB2VWP11k6zn4EDqx2FzM8btakKjx/TRZ0ON98 wqRZQ1utG1G0rq0dh3YvHvLXospV1csq7HP9rplL4QMZUJGwC57oFOwLa/Ty9GIU YV2UsaLXOVLHWVkvLa85PsQjZcDeZ8WNc3bAnibHaT5mOktpnQ3SysVhV58=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 986C9192795 for <tsvwg@ietf.org>; Mon, 3 Jul 2023 20:27:47 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-wm1-f44.google.com (unknown [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 14162192790 for <tsvwg@ietf.org>; Mon, 3 Jul 2023 20:27:47 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-3fbc77e769cso45742325e9.0 for <tsvwg@ietf.org>; Mon, 03 Jul 2023 17:27:47 -0700 (PDT)
X-Gm-Message-State: AC+VfDwumI+QRq0+AlKkhQ78rr9VfMXH5n1jZd4UsW1MiZXvs7hUpBcS NqcCyAe19JkdiG8uOglE9ZwgYQVs/xBsvzL3syg=
X-Google-Smtp-Source: ACHHUZ7cjo6U/ngRbEmG7WIKPXYApQhBv0tWuw9tI4xRah4l9XHWYJXCnRlXDNvyVbMZF8fuSzx3WWJf+NYtFaNhofc=
X-Received: by 2002:a1c:7706:0:b0:3fb:b61f:c719 with SMTP id t6-20020a1c7706000000b003fbb61fc719mr10128966wmi.33.1688430466204; Mon, 03 Jul 2023 17:27:46 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com> <CACL_3VEw4koyJSX3xA3UJ1Vikg+F9PPw1G030jQPHhZdoOETSA@mail.gmail.com> <d34aa821-207d-78eb-ead2-e2d918939dcf@erg.abdn.ac.uk> <CALx6S36+igMg+9_w15VqnswRxHxRnm5QMmdWTxS0=Xnr05aO0A@mail.gmail.com> <ba799501-44c7-e953-4d47-ae6c237c98af@erg.abdn.ac.uk> <CACL_3VF1OsFc03O9PUFtpDnsQWZUib1KtrQ07nD7h5qdPHNMsQ@mail.gmail.com> <CALx6S37qbXXJpS2SHsTUZjBKcTUfupqZU59z0H6m=Ovki9q-Sg@mail.gmail.com> <CACL_3VHT92HAFTmJUGe8LCZgyNTuBSu815_ERzq6Z=y=9h942g@mail.gmail.com> <CALx6S37LcuzrybcqU3BbxxnghDfUFqbpvh8C4pc34e6tYeT1ug@mail.gmail.com> <10957962-226f-031b-fdc6-75f27dbfc1c0@erg.abdn.ac.uk> <CALx6S346BN5krv+CRDpXmkVCCcf6UOg=LTtcyoKNGYMPz3QJbQ@mail.gmail.com> <a1baaa27-1585-6f8d-5519-0751a8d5fa6c@erg.abdn.ac.uk> <CALx6S37reuTxTGO20q1xY_RzuyxV=Osjda0UeibRUsmkKw5MdA@mail.gmail.com> <737ee87d-f140-9984-aa2d-d05849f92954@erg.abdn.ac.uk> <CALx6S35z_TZCZKz=N+SpXJ18E0F5hQWkxqSa3v3jDJidCFUBuQ@mail.gmail.com> <8a4adbfd-7ca2-c421-e738-a5a0670b0ca0@erg.abdn.ac.uk> <CACL_3VHjW_UYx4=wkky6UgOga+SXQZqTp8Kh0qU0uTitcvwHUw@mail.gmail.com> <CALx6S3470NC_kaGBZ5UQvG9i7vyvOf_JqH+VTgTboDANqY7P4A@mail.gmail.com>
In-Reply-To: <CALx6S3470NC_kaGBZ5UQvG9i7vyvOf_JqH+VTgTboDANqY7P4A@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Mon, 03 Jul 2023 17:27:34 -0700
X-Gmail-Original-Message-ID: <CACL_3VH7KJSKtzGHsHCMaZpWWDHFso_8ymAfbVP5pY_j2Mrt3A@mail.gmail.com>
Message-ID: <CACL_3VH7KJSKtzGHsHCMaZpWWDHFso_8ymAfbVP5pY_j2Mrt3A@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Joe Touch <touch@strayalpha.com>, TSVWG <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002a8a0705ff9e5a46"
X-Pobox-Relay-ID: 99B2AE04-1A01-11EE-A055-307A8E0A682E-06080547!pb-smtp2.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/tTogjgNvVX60hDnFoK4Rn1JoLDo>
Subject: Re: [tsvwg] Remaining issues for draft-ietf-tsvwg-udp-options-22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2023 00:27:55 -0000

On Mon, Jul 3, 2023 at 4:50 PM Tom Herbert wrote:
> Considering that this is a new protocol for which there is no
> deployment and no one yet understands all the security and deployment
> ramifications, just saying "let the user decide" seems trite to me
> without providing some meaningful guidance. The discussions about the
> interactions with UDP checksum and RFC6936, and firewalls have been
> very nuanced and complicated to the extent that I wouldn't know the
> conditions that it's safe to not use a surplus checksum in my
> deployment-- I think a typical user trying to figure this out for
> their deployment would be lost.
>
> So, to simplify the things,

... in an utterly trite way ...

> I'd like to suggest this text:
>
> "By default, an implementation MUST send the OCS and an implementation
> MUST expect and validate the OCS checksum on receiving UDP packets
> with a surplus area. An implementation MAY allow the OCS to be
> configurable to both send and validate in receive. A user should fully
> consider the risks and ramifications of disabling the surplus area
> checksum, especially the risks of misinterpreting surplus area as
> containing UDP options when in fact it contains unrelated data"
>
> So basically, this is saying that if the user decides to disable the
> surplus area checksum they are doing it at their own risk. This could
> apply across use cases, so there's no need to tie this to the UDP
> checksum being zero, nor reference RFC6936. If there are concerns
> about some firewalls that want the surplus area to be checksummed,
> that can be mentioned as one thing that should be considered, but if
> user wants to disable checksum anyway they can.

There's more to it than that, which you decided to ignore.

So be it. I'm done here.

Mike Heard

v2.31.3 | Report a Bug | By Email | System Status