Re: [tsvwg] Alternative version of the UDP FRAG option
Joe Touch <touch@strayalpha.com> Tue, 12 March 2019 23:08 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3391278CF for <tsvwg@ietfa.amsl.com>; Tue, 12 Mar 2019 16:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Level:
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2e2U1CenBVI for <tsvwg@ietfa.amsl.com>; Tue, 12 Mar 2019 16:08:01 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F8651200D7 for <tsvwg@ietf.org>; Tue, 12 Mar 2019 16:08:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Message-ID:References:In-Reply-To:Subject:Cc: To:From:Date:Content-Type:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Llf2StfaklLsvMcIGa64WnnSAS8zGW3AllkXo1IP848=; b=QKvYca/G9MFRIChKbrflgWIyU GdFMvVwT/oQXFgjFqmvFJjI9dFCjs0L6+qivinnfhw5F1U12FHCp/xONdZVsOn79q4FDEPFXJzo7s Xz+fJYnqH+3D7Nq16VeiaMsGuCkpVIB7LVTZhISQy5X+2O0kTZmnV1G0Ll1yoc2FzhZg28feh+oMG fCxtFJRunhXwjm3YbYWplynU7y/qs0CNkTI27/7+/ms+1izvnPetB1w22RGPtAM8yEqkzA3XHIM5C T4EGE+wMn33R05DQ6y7jfAJUPYWEGlLge+S1UIoPMfoeiSY0B/KICqbR+DJ4sGA12rw1gI7wljllE CyCTnrTrQ==;
Received: from [::1] (port=40084 helo=server217.web-hosting.com) by server217.web-hosting.com with esmtpa (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1h3qV5-000l2X-Gp; Tue, 12 Mar 2019 19:08:00 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_6bf4eacce7e1135f8ca475c285044a75"
Date: Tue, 12 Mar 2019 16:07:59 -0700
From: Joe Touch <touch@strayalpha.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: Raffaele Zullo <raffaele@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>
In-Reply-To: <CACL_3VE00=Cfi+VG8dJsM7+9Ck_QrPjdXRQXO2kx22SkAfLZHQ@mail.gmail.com>
References: <CACL_3VE1=0OORUuOKg9GjcdVuhBNTkWhymE7PAs5WYO0ZR0DWQ@mail.gmail.com> <2C035E8C-A59F-4523-9B8D-BBA573C6DEFB@strayalpha.com> <CACL_3VGQo2ObRohJysQ=oWE4fZ1S6MCrytZQZYweuvKToJs_tw@mail.gmail.com> <36A94382-699D-4F8E-BF49-C48D7D784ACC@strayalpha.com> <CACL_3VE-U=t=rg_smtLGTyEyCGjLS8X9yNbPVh-NH38MsaEtzg@mail.gmail.com> <a47d7cadc5e45cf88ec1ed685a4ed393@erg.abdn.ac.uk> <c85b116427aed247b085258ceec58280@strayalpha.com> <CACL_3VE00=Cfi+VG8dJsM7+9Ck_QrPjdXRQXO2kx22SkAfLZHQ@mail.gmail.com>
Message-ID: <cbf07ec31194574ff0b0494ca58b1213@strayalpha.com>
X-Sender: touch@strayalpha.com
User-Agent: Roundcube Webmail/1.3.3
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/zdwZkmgffyzNQ_wO2Kbn7B1-_Wg>
Subject: Re: [tsvwg] Alternative version of the UDP FRAG option
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 23:08:04 -0000
On 2019-03-12 15:56, C. M. Heard wrote: > On Tue, Mar 12, 2019 at 3:40 PM Joe Touch wrote: > >> I'm still not following the need for this alternative. >> >> FRAG+LITE works fine - even through broken middleboxes with the checksum >> bug - if used with CS=0, which is how it ought to be used. > > Not all of us agree that this is how it ought to be used, since CS=0 affords > no protection for the UDP header itself. Not exactly. CS=0 with nonzero fragment checksum still ends up (IMO) implicitly validating the length of the payload that results anyway - and OCS on the reassembled set (i.e., OCS as the first UDP option in the reassembled payload) would provide a check on the options. The only thing missing is protection of the port numbers - which get rewritten and recomputed many times inside the net in many cases, to the point that I don't think it even makes sense to consider that an E2E protected field anymore. >> The trailing checksum in the last fragment is over the reassembled total >> (or not if also zero) and there's no utility in checksumming the fragments >> themselves. > > My position is that the level of protection that we should strive to > achieve is what is available with conventional IP fragmentation coupled > with the standard UDP checksum. That combination protects the entire UDP > datagram, including the UDP header. The trailing checksum the terminal > FRAG option, when used with CS=0, does not do that. > > A second reason for preferring this proposal to FRAG as now presented > in the draft is that it eliminates the hazard of FRAG without LITE. Understood, but AFAIR your proposal ends up computing checksums multiple times over the same data. And no, those checksums can't be combined to save work - that undermines the whole point of a reassembly checksum. I.e., we're not really giving up much (in terms of protection, see above) but we gain a LOT (much less work - enough that will end up mattering in cases with high reassembly load, such as DNS servers, IMO). Joe
- Re: [tsvwg] Alternative version of the UDP FRAG o… C. M. Heard
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… C. M. Heard
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Derek Fawcus
- Re: [tsvwg] Alternative version of the UDP FRAG o… C. M. Heard
- Re: [tsvwg] Alternative version of the UDP FRAG o… Raffaele Zullo
- Re: [tsvwg] Alternative version of the UDP FRAG o… C. M. Heard
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… C. M. Heard
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Derek Fawcus
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… C. M. Heard
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Gorry Fairhurst
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Gorry Fairhurst
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Gorry Fairhurst
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Derek Fawcus
- [tsvwg] Possible UDP-Option: Cookie Derek Fawcus
- Re: [tsvwg] Possible UDP-Option: Cookie Tom Herbert
- Re: [tsvwg] Possible UDP-Option: Cookie tjw ietf
- Re: [tsvwg] Possible UDP-Option: Cookie Derek Fawcus
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Possible UDP-Option: Cookie Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Joe Touch
- Re: [tsvwg] Alternative version of the UDP FRAG o… Tom Herbert
- Re: [tsvwg] Alternative version of the UDP FRAG o… Gorry Fairhurst