IETF Logo Mail Archive

[tsvwg] Re: TSVWG Consensus Call concerning draft-ietf-tsvwg-udp-options-18 - DUE, by 13th May 2024

Sebastian Moeller <moeller0@gmx.de> Tue, 07 May 2024 16:02 UTC

Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC38BC14F61D for <tsvwg@ietfa.amsl.com>; Tue, 7 May 2024 09:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.847
X-Spam-Level:
X-Spam-Status: No, score=-6.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uM0Xx6HoiKyv for <tsvwg@ietfa.amsl.com>; Tue, 7 May 2024 09:02:23 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01D30C151071 for <tsvwg@ietf.org>; Tue, 7 May 2024 09:02:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1715097741; x=1715702541; i=moeller0@gmx.de; bh=WQKDBbNCOSl60wxC6cdD+/IEraytWcjdbXFFyZRXJMI=; h=X-UI-Sender-Class:Content-Type:Mime-Version:Subject:From: In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id: References:To:cc:content-transfer-encoding:content-type:date:from: message-id:mime-version:reply-to:subject:to; b=Ap3c9dqufjQ4AZ8IfUbfLRVT6gcJx9ga//Y+iPbeyg9uCFeA4J5XNA2RvAhIyI1U 2X3bikSkGzPoMLuD9NyimAMSiRtlEA92nzJUhj8YPwBF5SIJlBHjYTu3ywqK92Wjl Zibx1ml0B69onuwf2eaUirx41ruA3jt1pVFAhGc3XnywaxDISFDFcgHnh/ZHGAbfL lhosIiJ06sRRbU3E6JhQJohJJa9ZWoyydmpaUgccExZ3skSplkgpJnG5q1/85satA 6BKukdKTgCSvaNk8/kmQ0uNt4mROJu83wtjUioTpG7Er4glhn1rwieJ8UyMekiCN/ TDNfUi0mp4J3dhtBMQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([134.76.241.253]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N4QsY-1sn1yd05Ju-00zkn1; Tue, 07 May 2024 18:02:21 +0200
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <a6b482d5-56b3-4c0a-b4ec-969e0b1cd569@erg.abdn.ac.uk>
Date: Tue, 07 May 2024 18:02:10 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <633E9403-462F-4F65-B392-2F90EDE2FDEB@gmx.de>
References: <a6b482d5-56b3-4c0a-b4ec-969e0b1cd569@erg.abdn.ac.uk>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-Provags-ID: V03:K1:AmjqfPKlCROpMZAPGgzoU4w9Er69+TETgb4yoZing5atOq7hEpP ql0TGoaBMFNFzaMgwhxzBjdC+deuo1arNMzbY0sOCoEhSa6SPfByHkQLohMgINR1MjEXusH 18soCbbENRwDajbTqXsIoqt5U68lrp+LG+ewCWeKbHPsExrSVrcgrWZyBN+w/mckPWjvqcR i65xu7mzujgYDarygbUlA==
UI-OutboundReport: notjunk:1;M01:P0:jdeqJiG+nEo=;7z7aQT2Sds0et9P2Q7DxF6c2IaJ NUs60+dXIJwlSHyyMFkPBlwIMiLDG/hzXwK04w1sROA4tAQ+50QPWlexf/MO9lZkyQ27yKCSg FEWzR5LiiW/69+OnqvCU1tFOvoV7dSsVi8xooxP5pbab1JYOQ/O4OjXLL3bKP2o0q64Up2nRV xdcmoV88IwsgIaSm5y/W1u8NWXgbA1EW/Q+DXY5dKYGhiSNF+SYkNcTPIS6Ep5RpJlG7kdNDU ysKHgkLjzigbKdm+sLyVIjG7AtB/1Gsw2Q5DUrB4DfHp1oEfEOlJiKX3mTi0rwXmvjxjvmhyN 8cuicnfgla0DmVNKcvLsy1HHyZkzN2iHpbPzvfuDDvedhsIVd3ubmg6Vh99I+X1kfTQeYS49L svlK3ZkF4/nrJyKojoM4SfQGmevQLyOSSqA7EGNJJn1sFObyqL0O1o34Ca90Eyl0PM+0xr9Bl PSibB5PgQSDvD30QZqlu2tTuARWSgtWFqMdSaQoXhJHzdy0A9cjGHrB7o6E9C/L2cddte+FcG 1tPgoHmK70cduaLFHmujS+kTJaOO2p3xqbogm2tL/C94sQSDcfn+mZhRKGL3Ug9S2wXmCfs/e W0eHGhxGK7qYGFgsoZCcfQct6cXPDuSPDqq/DmljTtMLVoadtHRGJ2Cf9A1LwKFxBZBC0+Mbb blm42Q5Bb5WSq47PZxgquHrrXGUpmPUmLBlbS/3QpZBj9X3H0Al8cn1EgSQ8AmJwDXikx5GFx 0QkRassCUHozd4YY/oCSxPM3VV5qDcHIOoukYI4pxPk8EYl2o5rBqfUfGJldin6cQwSKG1d5g 9WPeNF1+8AG8RTN+zxXIRoxQLcGP22QsZMtJvEA400p7k=
Message-ID-Hash: PVICH7BRMTSCWHYN7W6BUCYA2M43IPVU
X-Message-ID-Hash: PVICH7BRMTSCWHYN7W6BUCYA2M43IPVU
X-MailFrom: moeller0@gmx.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tsvwg@ietf.org" <tsvwg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: TSVWG Consensus Call concerning draft-ietf-tsvwg-udp-options-18 - DUE, by 13th May 2024
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/unic1RZkl8LkFCOvQDBK2NEuuOI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>

Dear List

> On 7. May 2024, at 16:12, Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote:
> 
> This email starts a consensus call to confirm three topics related to draft-ietf-tsvwg-udp-options, as we complte the WGLC.
> 
> The chairs think that each of these topics have discussed by TSVWG during development of the draft. We now wish members of TSVWG to confirm theyr are content about the following three topics:
> 
> 
> 1. UDP Option are ONLY set and modified by the sender when it decides to add the Options to a packet.  Routers ought to forward packets with UDP Options without modification, the current text includes: "UDP Options MUST NOT be modified in transit".
> 
>  Is 1 OK for the WG?

[SM] See 3. below, unless we find a way for the receiver to assert that a packet was not modified, I wqould think it miore pragmatic to go for 'SOULD NOT'...

> 
> 
> 2. Since the Options data is not encrypted, a device on the network path might read this option information. Regarding this, the current text includes: "UDP options are intended for use only by the transport endpoints. They are no more (or less) appropriate to be modified in-transit than any other portion of the transport datagram."
> 
>   Is 2 OK for the WG?

[SM] That wording is neither here nor there for me, if I want to do something like UDP equivalent of MSS clamping (as an example of a potentially useful manipulation of a datagram) this wording is not going to stop me. So do we want to allow such usages or not? Mind you the first sebtence implies read, but the 3rd sentence goes back to modification so cycles back to question 1.

> 
> 
> 3. UDP Options does not by itself provide any mechanism for a device to authenticate the format or contents of the options data, or to detect if the surplus area has been removed from a packet. Mechanisms to support encryption/authentication could separately be added (see section 9.9,9.10).
> 
>    Is 3 OK for the WG?

[SM] The consequence of 1 and 3 seems to be that the only defence against on-path manipulations is the wording  "UDP Options MUST NOT be modified in transit" and IMHO even more tricky the receiver has no way to actually detect such changes. This should not stand, either we allow on-path changes (no need to endorse them thjough) or we make UDP options sufficiently complete to detect them.

So I am a No on either 1. or 3.


Regards
	Sebastian



> 
> 
> Please send an email by 13th May to the list with a "Yes" if you agree with each topic, or provide input to help the chairs to assess the consensus of the group. We plan to include the final consensus as a part of our write-up when we submit the final revision of the ID with a request for publication.
> 
> Best wishes,
> 
> Gorry & Marten
> (TSVWG Co-Chairs)
>

v2.46.0 | Report a Bug | By Email | System Status