Unicast UDP Usage Guidelines for Application Designers
draft-ietf-tsvwg-udp-guidelines-11

[Ballot discuss]
Another DISCUSS-DISCUSS that would be better deemed a "question."

There is no mention of policing, shaping flows nor is there any mention of DSCP, DIFFSERV, TOS or packet marking. Given application designers can work w/ hosts to set specific QOS parameters including the above on the host. I would have thought that should be mention.

Also, there is limited mention of filtering and creating filters on the host in 3.6. I would have thought that this should take on a larger treatment in the security section. For applications that reside on networking nodes, the use of GTSM should be called out.

Last, in section 3.6 there is only mention of programming to the UDP socket. It is very frequent that programmers will construct UDP packets and send them via a raw socket. There is no mention. Why not?

[Ballot discuss]
Another DISCUSS-DISCUSS that would be better deemed a "question."

There is no mention of policing, shaping flows nor is there any mention of DSCP, DIFFSERV, TOS or packet marking. Given application designers can work w/ hosts to set specific QOS parameters including the above on the host. I would have thought that should be mention.

Also, there is limited mention of filtering and creating filters on the host in 3.6. I would have thought that this should take on a larger treatment in the security section. For applications that reside on networking nodes, the use of GTSM should be called out.

Last, in section 3.6 there is only mention of programming to the UDP socket. It is very frequent that programmers will construct UDP packets and send them via a raw socket. There is no mention. Why not?

[Ballot comment]
Section 3.4:
  "This results in a relatively weak
  protection from in terms of coding theory"

I think some noun is missing after the word "from"

Same section:

  "This check is not strong from a coding or cryptographic
  perspective, and is not designed to detect physical-layer errors or
  malicious modification of the datagram"

Is it that it can't detect or can't distinguish between?

[Ballot discuss]
Another DISCUSS-DISCUSS that would be better deemed a "question."

There is no mention of policing, shaping flows nor is there any mention of DSCP, DIFFSERV, TOS or packet marking. Given application designers can work w/ hosts to set specific QOS parameters including the above on the host. I would have thought that should be mention.

Also, there is limited mention of filtering and creating filters on the host in 3.6. I would have thought that this should take on a larger treatment in the security section.

Last, in section 3.6 there is only mention of programming to the UDP socket. It is very frequent that programmers will construct UDP packets and send them via a raw socket. There is no mention. Why not?

[Ballot discuss]
This is discuss DISCUSS which means it is being entered to flag that I would like to discuss this point on the IESG phone call. I will be clearing the discuss once the call is over.

I was trying to figure out what made me uncomfortable about this draft and I think it comes down to it has some advice that I would not actually give. I made a list of some deployed protocols that use UDP. Things that come to mind are:

DNS
RTP
SIP
STUN
bitTorrent
mdns
tftp
nfs
bootp

All these things seem to me that they were not compliant with the SHOULDs of this BCP, had would never migrate to be any closer to compliant with this BCP.  I think this document is a good list of things to think about when designing a  UDP based protocol and I am in favor of publishing it (along with all the SHOULDs as they are now) but I would like to have a clear understanding of what IESG will be looking for from future protocols that use UDP as a transport and what they will be looking for from updates to existing protocols that use UDP.

[Ballot comment]
I don't quite understand how the tracker brought this document to the
telechat without having Magnus vote "Yes". Presumably Magnus is happy
with the document, no?

[Ballot comment]
I'd really like to talk a little bit about the MSL - the implementation I see code for a MSL much shorter than the 2 minutes recommended here. The result is that it's very hard to predict how long anything will wait. We would be much better off to revise the MSL to some realistic number - then people might implement that and one would count on it. All you can count on today is that if you have a MSL of 2 minutes, lots of equipment will time out long before that.

[Ballot discuss]
This DISCUSS is based upon a comment in the DNS-DIR review by Peter Koch. I would like to discuss this during the telechat and get the advice from the Security ADs whether a change in the document (probably in the Security Considerations section) is needed. 

There is a potential size related issue with asymmetry between requests and responses in UDP based protocols intended for Internet wide use.  Under particular circumstances, this asymmetry can be abused for "amplification attacks". We know this for a subset of DNS, but any UDP based protocol that would respond with large chunks to arbitrary data would be vulnerable.

Pointing out the issue to be addressed in that particular protocol's security considerations would be sufficient and useful.

This is writeup for the Unicast UDP Usage Guidelines to BCP
draft-ietf-tsvwg-udp-guidelines-08

  (1.a)  Who is the Document Shepherd for this document?  Has the
          Document Shepherd personally reviewed this version of the
          document and, in particular, does he or she believe this
          version is ready for forwarding to the IESG for publication?
         
Magnus Westerlund is the Document shepherd. It is basically ready. A few
very minor issue was raised in AD review.

  (1.b)  Has the document had adequate review both from key WG members
          and from key non-WG members?  Does the Document Shepherd have
          any concerns about the depth or breadth of the reviews that
          have been performed?
         
This document has been well reviewed both within the WG and from people
in other areas. Clearly one of the better reviewed documents that have
come through transport area.

  (1.c)  Does the Document Shepherd have concerns that the document
          needs more review from a particular or broader perspective,
          e.g., security, operational complexity, someone familiar with
          AAA, internationalization, or XML?
         
No.

  (1.d)  Does the Document Shepherd have any specific concerns or
          issues with this document that the Responsible Area Director
          and/or the IESG should be aware of?  For example, perhaps he
          or she is uncomfortable with certain parts of the document, or
          has concerns whether there really is a need for it.  In any
          event, if the WG has discussed those issues and has indicated
          that it still wishes to advance the document, detail those
          concerns here.  Has an IPR disclosure related to this document
          been filed?  If so, please include a reference to the
          disclosure and summarize the WG discussion and conclusion on
          this issue.
       
No. 

  (1.e)  How solid is the WG consensus behind this document?  Does it
          represent the strong concurrence of a few individuals, with
          others being silent, or does the WG as a whole understand and
          agree with it?
         
Very solid.           

  (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
          discontent?  If so, please summarize the areas of conflict in
          separate email messages to the Responsible Area Director.  (It
          should be in a separate email because this questionnaire is
          entered into the ID Tracker.)
         
No         

  (1.g)  Has the Document Shepherd personally verified that the
          document satisfies all ID nits?  (See
          http://www.ietf.org/ID-Checklist.html and
          http://tools.ietf.org/tools/idnits/.)  Boilerplate checks are
          not enough; this check needs to be thorough.  Has the document
          met all formal review criteria it needs to, such as the MIB
          Doctor, media type, and URI type reviews?  If the document
          does not already indicate its intended status at the top of
          the first page, please indicate the intended status here.

Yes, no issues found

  (1.h)  Has the document split its references into normative and
          informative?  Are there normative references to documents that
          are not ready for advancement or are otherwise in an unclear
          state?  If such normative references exist, what is the
          strategy for their completion?  Are there normative references
          that are downward references, as described in [RFC3967]?  If
          so, list these downward references to support the Area
          Director in the Last Call procedure for them [RFC3967].
         
Yes         

  (1.i)  Has the Document Shepherd verified that the document's IANA
          Considerations section exists and is consistent with the body
          of the document?  If the document specifies protocol
          extensions, are reservations requested in appropriate IANA
          registries?  Are the IANA registries clearly identified?  If
          the document creates a new registry, does it define the
          proposed initial contents of the registry and an allocation
          procedure for future registrations?  Does it suggest a
          reasonable name for the new registry?  See [RFC2434].  If the
          document describes an Expert Review process, has the Document
          Shepherd conferred with the Responsible Area Director so that
          the IESG can appoint the needed Expert during IESG Evaluation?
         
Yes, IANA section is okay.         

  (1.j)  Has the Document Shepherd verified that sections of the
          document that are written in a formal language, such as XML
          code, BNF rules, MIB definitions, etc., validate correctly in
          an automated checker?
         
No formal language used.         

  (1.k)  The IESG approval announcement includes a Document
          Announcement Write-Up.  Please provide such a Document
          Announcement Write-Up.  Recent examples can be found in the
          "Action" announcements for approved documents.  The approval
          announcement contains the following sections:

Technical Summary
         
  The User Datagram Protocol (UDP) provides a minimal, message-passing
  transport that has no inherent congestion control mechanisms.
  Because congestion control is critical to the stable operation of the
  Internet, applications and upper-layer protocols that choose to use
  UDP as an Internet transport must employ mechanisms to prevent
  congestion collapse and establish some degree of fairness with
  concurrent traffic.  This document provides guidelines on the use of
  UDP for the designers of unicast applications and upper-layer
  protocols.  Congestion control guidelines are a primary focus, but
  the document also provides guidance on other topics, including
  message sizes, reliability, checksums and middlebox traversal.

Working Group Summary
  There is strong consensus in publishing this document.

Document Quality
  This document has been well reviewed both within the TSVWG and by
  people from other areas due to an extensive announcement and review
  requests at important points in the documents life time.
           
Personnel
  WG Shepherd and responsible AD is Magnus Westerlund.