IETF Logo Mail Archive

Re: [tsvwg] Rregarding soft-state and UDP options

Joe Touch <touch@strayalpha.com> Tue, 07 January 2020 04:24 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E184A120091 for <tsvwg@ietfa.amsl.com>; Mon, 6 Jan 2020 20:24:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Level:
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4bdua2pJtsTF for <tsvwg@ietfa.amsl.com>; Mon, 6 Jan 2020 20:24:31 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47377120045 for <tsvwg@ietf.org>; Mon, 6 Jan 2020 20:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=OYWjL4kK+/Nn6OcFp5gUxUU8P+47m2op4V5S7CTYlEs=; b=kSWYlm+PvuE4ALDgkN404sGeG AmU7om4J3vvJdApeIqenOIBPJYR0d9Im8MtCcV0zOZX+mjYWZBp2Q5ISW0eYVqDuffPfYFU7xgMWR hlVeRNgjZ4IjedIcjnnvYU2bFdKDMEr/RqKeYwTvle2VmJzDKPstYWoMUYu+PoFvR4ec4rnehSx/9 HeUAA4P5lIeSP9lIIUqDfu/3MOzlMJtDO+QvL+c043+FSj56gW4Ueq8XwrWu325pmzFVX72FinFrQ 0ExNpyN9NKUiAboaNlUPmeCbIIL+wvtMwUEfMY93dtwc0BxGD7LyWWgjT3JuPU1jaJP0Pozk9xIMc 2GwCEBilQ==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:57420 helo=[192.168.1.10]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <touch@strayalpha.com>) id 1iogPq-000Wqu-GG; Mon, 06 Jan 2020 23:24:30 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <CALx6S347g2FMj-SsNRmL4HcTG8kcKpaUyjvHoZ8VwvZUTixmfw@mail.gmail.com>
Date: Mon, 06 Jan 2020 20:24:25 -0800
Cc: TSVWG <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <13BBCC41-79DD-425D-B97E-CB2112301A2F@strayalpha.com>
References: <CALx6S37oZK8urwN-TCpZxs9F_+QXzobT8-rObPH112NkqSpUVQ@mail.gmail.com> <418EE20D-387B-48C1-BC08-614D28D7849E@strayalpha.com> <CALx6S372xi1rTiAw6ZmLAU-yN6RvF7PEcg6sNqS=WcNVvYMTZw@mail.gmail.com> <FEFC49BC-0D34-419D-818E-D80A85B1C74E@strayalpha.com> <CALx6S35jhAoKHttijzqQNxQL8WJfbu=fun3EivCCOmxfXcw0QA@mail.gmail.com> <49C20EDE-9AD1-4577-B097-2ED2BB7CFC19@strayalpha.com> <CALx6S36Og0c73eQUW57M4ZH0BL=82CciJAmKujP=gJ3XbhcWwA@mail.gmail.com> <2365408B-9216-47FB-BBAC-B64A60CD58B5@strayalpha.com> <CALx6S347g2FMj-SsNRmL4HcTG8kcKpaUyjvHoZ8VwvZUTixmfw@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/unHYJL-OGam0XOY5ZwW0sE954lE>
Subject: Re: [tsvwg] Rregarding soft-state and UDP options
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2020 04:24:33 -0000


> On Jan 6, 2020, at 8:19 AM, Tom Herbert <tom@herbertland.com> wrote:
> 
> On Sun, Jan 5, 2020 at 4:37 PM Joe Touch <touch@strayalpha.com> wrote:
>> ...
>> TCP SYNs are transport and stateless. Yes, they’re the right model.
>> 
> TCP SYNs are a protocol fragment, not a protocol.

They are very similar to UDP with options - by themselves they are stateless. The only difference is that TCP knew it had options from the beginning.

> Also, they don't
> carry any data

Yes, they can.

> so I'm not even sure how you could say they are
> transport seeing that they don't transport anything. Has it occurred
> to you that the reason all options can be ignored in a TCP SYN is that
> there's no data that could be incorrectly delivered to the
> application?

Data in the TCP SYN is retained and presented to the application layer if a final ACK is received.

> 
>> IPv6 is largely designed for intermediate devices - that’s not what we’re designing for here.
> 
> The design is adding options to a stateless, connectionless, datagram
> protocol that works over unicast, multicast, anycast, and broadcast.
> IPv6, RFC8200 specifically which is full Internet standard, shows
> exactly how to do this.

It shows us how NOT to do it too, in several ways. Lots of options - few (if any) actually in use, except IPsec.

> 
>> 
>> ...
>> First, it fails to be motivated by an example.
>> 
>> Encryption option.
>> 
>> 
>> We already have a solution for that with FRAG+LITE.
>> 
>> Is there any example of a packet whose contents aren’t modified but MUST NOT be accepted if the option fails?
> 
> Any form of integrity checks that sender has set up and requested.

Yes, except that we are already defining two (auth and ACS). Many protocols have tried to define many others - but interestingly NONE are used.

> This includes checksums, ACS, HMACs, etc. This includes the
> possibility to add new algorithms in the future per evolving needs.
> For instance, the current ACS is CRC32c, that is a strong integrity
> check however could very well be prohibitive to support on low powered
> IoT devices. For this reason ACS should not be required to be
> implemented, and the possibility of adding a CRC check more feasible
> to these devices should not be precluded.

So let me understand - you don’t trust the IP checksum but want something simpler than CRC32c. Any idea what that unicorn algorithm is?

And if it’s so useful, can you explain why nobody uses one for IP?

> A virtual network identifier, anycast instance identifier, or any
> other ancillary information that provides more specific information to
> correctly deliver the packet than that in the IP header and ports.
> Ignore a virtual identifier for instance, and the packet is allowed to
> cross virtual networks thereby breaking required isolation.

Those are network IDs. We have those - IP in IP, VPN-IDs, etc. - at the *network* layer where they belong - and are WIDELY already used.

> UDP options compression option. Similar to Van Jacobson compression in
> PPP, when the same options are used repeatedly they could be
> compressed to save overhead.

Oh - right, compression. Remember that anything that modifies the data is already covered by the regular option space because it would *modify the data* in the FRAG_LITE method.

Then again, we really need to consider that case. Consider how popular PPP is and how that sort of mechanism has already been widely deployed as an option for IP and TCP. (not).

You might consider why compression of net and transport protocols focuses on headers, not payloads. Because if an app either compresses or encrypts, there’s no further point. Compression in particular works best on long sequences and/or when the message structure is known. None of this is true at the network or transport layer.

> 
> These are the ones I can think of now. However, there is no reason to
> believe that this could an exhaustive list.

Oh, yes. I have seen the point for a while in this thread.

These options are a playground for experiments. The best part of that is how we document the way our protocols have been littered with these experiments over the years.

Silly me. I thought we were trying to learn from past experience and make this clean, simple, and likely to actually be used.

Joe

v2.23.0 | Report a Bug | By Email