Re: Last Call: <draft-ietf-tcpm-urgent-data-06.txt> (On the implementation of the TCP urgent mechanism) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I find a lot to agree with, in Keith's message.

This whole thing makes me very sad. RFC 793 was written by a small group of computer scientists who assumed (naively) that subsequent implementors would implement the TCPspec as written, rather than ignore the spec and implement according to their own preconceptions (which came from the OSI culture) about "urgent data". Unfortunately, the writers of RFC 793 did not do a very good job of explaining in detail what they meant; they assumed that implementors would understand the obvious. (RFC1122 tried hard to correct this omission, but nobody paid attention).

The TCP Urgent mechanism was designed to solve the problem of a networked computer system that is spewing out data to the user, filling the receiver's buffers so that it never sees the user's Control-C (or whatever) to interrupt the flow. The OSI Urgent mechanism, which involved out of band data, was conceptually repugnant to the TCP/IP designers, because it led to a specific byte limit on buffer space for the OOB data. As the present I-D notes, this finally leads to the horror of security-oriented middle boxes that destroy the desired semantics. The TCP Urgent mechanism avoided this problem.

The TCP Urgent mechanism is a sad chapter in the implementation of (slightly) subtle protocol mechanisms. It raises the question of how far the IETF should go in changing protocol mechanisms to match brain-dead implementations and change bugs into features.

Bob Braden


On 9/7/2010 5:19 PM, Keith Moore wrote:

On Sep 7, 2010, at 7:29 PM, Fernando Gont wrote:

Hi, Keith,

Thanks so much for your feedback! Please find my comments inline...


The document revises the specifications for sender and receiver handling
of TCP urgent data, presumably in order to improve interoperability.

Actually, it resolves a disconnect between the specifications and
virtually all implementations of the urgent mechanism.

Yes, but you're also recommending a change from what the existing specifications say to do.  So, in effect, your intent is to revise the TCP specification.

In
particular, sections 5 and 6 of this document impose RFC 2119
requirements (SHOULD NOT / MUST) on applications.

However,

    * No requirements are imposed on TCP implementations.

The "requirement" on TCP implementations is in Section 4 (page 7).
However, it doesn't use RFC 2119 language as the text that it is
updating (RFC 793, RFC 1122) doesn't use RFC-2119, either.

Mumble.  I really don't like the term "updating" when referring to existing RFCs because we don't change the text of those RFCs.  When we say we're "updating" existing RFCs, what we mean is that we're changing the overall recommendations and/or requirements that were specified in those RFCs, to something different.

The point here is that your draft doesn't actually make it very clear that you're revising the TCP specification.    I get the impression that you are assuming that there's no actual need to change the specification, because most existing implementations already behave according to your recommendation.  I'm just asking you to make it clear that you're revising the TCP specifications, and thus imposing requirements on new TCP implementations, in addition to whatever other requirements you impose on applications or whatever.

(In making that clear, there's no need to use RFC 2119 language if you don't find it appropriate to do so.  But the only purpose of RFC 2119 language is to specify requirements.  So in the current draft, it's really clear that you're imposing requirements on applications, and less clear that you're imposing requirements on TCP stacks.)

    * This document also does not place any constraints on
      intermediaries, even though the document itself acknowledges that
      intermediaries interfere with operation of the TCP urgent facility.

No TCP specs that I know of accommodate packet scrubbers or firewalls
that simply decide to clear a bit, etc (except for NATs, which are a
completely different issue). When they do (e.g., ECN), it's to
discourage such behavior.

Mumble.  This is obviously a lot bigger problem than just this one document.  But it is a huge problem that IETF has, and (because it's so limited in scope) your document is as good a place as any to start addressing it.

IETF nearly always takes a "somebody else's problem" view with respect to intermediaries.    IETF will impose requirements on endpoints, or make recommendations for endpoints, to work around harmful behavior of intermediaries.   But IETF rarely imposes requirements on intermediaries, or makes recommendations for intermediaries to follow.

There are lots of problems with this approach, not the least of which is that IETF is in nowhere nearly as good a position to communicate to application developers, as it is to communicate to vendors of intermediaries.     Another reason I believe this approach is unsound, is that it constantly shifts the burden of coping with violations of the Internet Protocol to endpoints - host stacks and applications - to the point that there is very little that endpoints can safely assume about the behavior of the network anymore.

IETF documents in general need to make it clear that intermediaries that alter IP packets (other than TTL) are violating the IP protocol - i.e. they are not making a best effort to deliver the packet intact - and this is harmful to the Internet.  "Simply deciding to clear a bit" is deliberate data corruption.

I can understand temporary ad hoc measures that are employed to address known security vulnerabilities, but they need to be understood - and documented - as just that.  There need to be mechanisms for cleaning up these temporary measures, for recommending that they go away when better fixes are in place.   Ironically, by not documenting such temporary measures (along with the problems that they address, and the new problems that they cause), there is a tendency for such measures to become even more entrenched than our well-documented and -reviewed protocol standards.

Obviously you're not going to be able to address this whole problem in a document about TCP urgent data.  But if it's reasonable for your document to impose requirements on applications, it's even more reasonable for your document to impose requirements on intermediaries.


I also note that section 6 imposes a MUST requirement on applications
that depends on a non-standard TCP sockets API feature (SO_OOBINLINE)

I guess this could be rephrased as "applications that still decide to
employ it MUST process the "urgent data" in-line, as intended by the ETF
specifications (e.g., by setting the SO_OOBINLINE socket option)"?

Pretty much.  Assuming, of course, that the host stack and API used by the application actually have the ability to do that.
(maybe you should just make it a SHOULD for that reason)


5. Add a informative section discussing the pros/cons of IP-level
intermediaries altering the URG bit.
6. Add a normative section which states that IP-level intermediaries
SHOULD NOT alter the URG bit.

I don't think that tcpm is going to get consensus on "pros" of altering
the URG bit.

Perhaps not, but my concerns are addressed to the entire IETF, and hopefully IESG will also give them careful consideration.

Keith

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]