TSVWG J. Touch Internet Draft Independent Consultant Updates: 4727 Intended status: Standards Track January 28, 2025 Expires: July 2025 User Ports for Experiments draft-ietf-tsvwg-usr-exp-05.txt Abstract This document defines user ports for experiments using transport protocols. It describes the use of experiment identifiers to enable shared use of these user ports, as well as updating the use of system ports for experiments in the same manner. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. The list of current Internet-Drafts can be accessed at https://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at https://www.ietf.org/shadow.html Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 28, 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Touch Expires July 28, 2025 [Page 1] Internet-Draft User Ports for Experiments January 2025 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction ..................................................2 2. Conventions used in this document .............................3 3. User Ports for Experiments ....................................3 4. Using PExIDs in Transport Protocols ...........................4 5. SCTP ..........................................................4 6. Coordination During State Negotiation .........................5 7. Security Considerations .......................................5 8. IANA Considerations ...........................................6 9. References ....................................................7 9.1. Normative References .....................................7 9.2. Informative References ...................................7 10. Acknowledgments ..............................................8 1. Introduction Various network codepoints have been allocated for experimental use, including those for IPv4 [RFC791], IPv6 [RFC8200], ICMPv4 [RFC792], ICMPv6 [RFC4443], UDP [RFC768], and TCP [RFC9293]. These include transport protocol port numbers 1021 and 1022, using the service names "EXP1" and "EXP2" [RFC4727]. There has always been an expectation that experiments needing privileged (system) ports use these assignments and unprivileged ports use those from the dynamic range [RFC6335][RFC7605]. However, dynamic ports can be difficult to reserve in some systems or blocked from traversing some firewalls. As a consequence, there is a need for non-privileged, non-dynamic ports - i.e., user ports - for experiments. This document reserves user ports for experimentation and describes the use of experiment identifiers to differentiate shared use of these ports for concurrent experiments. Touch Expires July 28, 2025 [Page 2] Internet-Draft User Ports for Experiments January 2025 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. User Ports for Experiments The system, user, and dynamic port ranges vary in their properties [RFC7605]. System ports often include privileged access, sometimes known as 'root'. Dynamic ports are used as client ports when establishing associations with services on registered ports. User ports have neither privilege nor the risk of use by other connections. User ports are also more likely to allow configuration to pass through firewalls, where system and dynamic ports can be difficult to 'un-block'. This document registers USR-EXP1 and USR-EXP2 for user port experiments, using port numbers #UPORT1 and #UPORT2. These ports are assigned from the user range, allowing non-privileged experiments without the need to use ports from the dynamic range. This document also creates a registry for port experiment identifiers (PExIDs), in the same manner as the registry created for shared TCP option experiments [RFC6994][TCP-reg]. Experimenters are encouraged to register PExIDs with IANA and to include them in at the beginning of their transport data, i.e., at the front of each separate message or byte stream, in network standard byte order. The use of PExIDs helps differentiate experiments without the need for additional port assignments. This document also encourages the use of these PExIDs for experiments using existing experiment ports, i.e., system ports EXP1 and EXP2. PExIDs differentiate experiments but are not intended to be specific to a given experiment port, whether system or user, so a single registration is used for all experiment ports. It is the responsibility of the experimenter to determine which port(s) each experiment uses. Touch Expires July 28, 2025 [Page 3] Internet-Draft User Ports for Experiments January 2025 4. Using PExIDs in Transport Protocols PExIDs differentiate use of the experiment transport ports, both for TCP as previously assigned [RFC4727] and for other transports as defined in this document. PExIDs are intended to be placed in network-standard byte order at the beginning of each independent transport data payload. For connection-oriented transport protocols, such as TCP [RFC9293], SCTP [RFC9260], and DCCP [RFC4340], the PExID is typically sent once for each connection at the beginning of the byte stream and echoed upon receipt, enabling both ends to confirm the experiment for the connection's socket pair. That socket pair is then associated with the experiment identified by that PExID for the duration of the connection. For connectionless transport protocols, such as UDP [RFC768], the PExID is typically included at the beginning of every message in both directions. In most cases, the PExID is sent as user data. SCTP is one exception, because of its Payload Protocol Identifier (PPID), as discussed further in Section 5. Alternately, PExID can be confirmed during the connection or security handshake or other transport header, as discussed in Section 6. In other cases, the PExID can be transferred elsewhere in the data stream, as specified by the user application. Two endpoints can engage in multiple experiments using the same experimental port number and transport protocol. In such cases, users are expected to support demultiplexing of those different experiments using the PExID. 5. SCTP SCTP includes a Payload Protocol Identifier (PPID), which identifies the information within each user message. PPIDs are assigned on a first-come, first-served (FCFS) basis and are abundant (2^32 codepoints), so there is no need for a separate experimental-use PPID. The PExID differentiate shared use of the user experimental port number and thus serves a different purpose than the PPID; both can be used together or separately for SCTP. Because SCTP supports multiple concurrent streams, it is useful for experiments to be identified in a particular stream before proceeding with other streams, to avoid excessive buffering. For Touch Expires July 28, 2025 [Page 4] Internet-Draft User Ports for Experiments January 2025 SCTP, users SHOULD send the PExID ordered and reliably as the first chunk in stream 0 (the default stream). Until the PExID chunk is echoed back on stream 0, messages on stream 0 SHOULD be sent ordered and the user SHOULD avoid transmitting chunks on other streams. The echoed chunk SHOULD use the PPID of #PPID1 assigned for this purpose. That PPID chunk MUST contain only the PExID in network standard byte order. 6. Coordination During State Negotiation For stateful associations, the PExID can be indicated during the initial state negotiation of the transport or security protocol. For TCP and QUIC [RFC9000], these could be indicated using parameters of the initial connection handshake. For UDP, a similar mechanism could be used on each packet if UDP options are supported. A similar mechanism is available within both TLS and DTLS, providing extensions to negotiation additional security association paramters [RFC8446][RFC9147]. In both protocols, the PExID could be sent in ClientHello requests and echoed in ServerHello responses, although for these protocols the extension would require two fields (because such fields carry only 16 bits of content and two are needed for the 32-bit PExID). In all the above cases, the details of such a mechanism are outside the scope of this document and would require additional IANA codepoint assignments. They are not generally anticipated because such mechanisms are more difficult to deploy, hampering the very experimentation this mechanism is intended to foster. 7. Security Considerations The creation of new ports for experiment purposes does not create any new security considerations. At best, it potentially reduces the use of privileged system ports for such experiments, which avoids the associated risk of unnecessary privileged access. Like conventional transport protocol port numbers, PExIDs can be used for deep-packet inspection to identify services and protocols. When such information is intended to be protected or private, it can be sent as user data inside an encrypted stream or message, e.g., as user data in TCP/TLS or UDP/DTLS. Experimenters are encouraged to include security in any new experiment, regardless of port (per Section 7.4 of [RFC7605]). Touch Expires July 28, 2025 [Page 5] Internet-Draft User Ports for Experiments January 2025 8. IANA Considerations This document hereby requests the assignment of two user ports for experimental purposes below. IANA is asked to replace instances of #UPORT1 and #UPORT2 throughout this document based on the actual allocation. This paragraph is intended to be removed prior to final publication. This document also hereby requests the assignment of the SCTP PPID "PEXID" for use in association with these port numbers. IANA is asked to replace instances of #PPID1 throughout this document based on the actual allocation. This paragraph is intended to be removed prior to final publication. IANA has assigned the following user ports for experiments: USR-EXP1 #UPORT1 (desired port 1031) for TCP, UDP, DCCP, and SCTP USR-EXP2 #UPORT2 (desired port 1032) for TCP, UDP, DCCP, and SCTP IANA has assigned the following SCTP Payload Protocol Identifier (PPID) for experiments associated with these port numbers: SCTP PPID #PPID1 This document directs IANA to create a "Port Experimental Option Experiment Identifiers (PExIDs)" registry using the same format and structure as the TCP option ID registry [TCP-reg]. The registry records 32-bit PExIDs, consisting of a brief description, document pointer if available, assignee name, and e-mail contact for each entry. Once registered, PExIDs can be used with either the system (EXP1, EXP2) or user (USR-EXP1, USR-EXP2) ports and with any transport protocol. Entries are assigned on a First Come, First Served (FCFS) basis [RFC8126]. IANA will also record known duplicate uses to assist the community in both debugging assigned uses as well as correcting unauthorized duplicate uses. IANA should impose no requirements on making a registration request other than indicating the desired codepoint and providing a point of contact. A short description or acronym for the use is desired but not required. Touch Expires July 28, 2025 [Page 6] Internet-Draft User Ports for Experiments January 2025 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4727] Fenner, B., "Experimental Values in IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers," RFC 4727, Nov. 2026. [RFC6994] Touch, J., "Shared Use of Experimental TCP Options," RFC 6994, Aug. 2013. [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, June 2017. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, May 2017. [RFC9260] Stewart, R. (Ed.), "Stream Control Transmission Protocol," RFC 9260, Sep. 2007. 9.2. Informative References [RFC768] Postel, J., "User Datagram Protocol," STD 6, RFC 768, Aug. 1980. [RFC791] Postel, J., "Internet Protocol," STD 5, RFC 791, Sep. 1981. [RFC792] Postel, J., "Internet Control Message Protocol," STD 5, RFC 792, Sep. 1981. [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram Congestion Control Protocol (DCCP)," RFC 4340, March 2006. [RFC4443] Conta, A., Deering, S., and M. Gupta, (Ed.), "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification," STD 89, RFC 4443, Mar. 2006. [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. Cheshire, "Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry," BCP 165, RFC 6335, Aug. 2011. Touch Expires July 28, 2025 [Page 7] Internet-Draft User Ports for Experiments January 2025 [RFC7605] Touch, J., "Recommendations on Using Assigned Transport Port Numbers," BCP 165, RFC 7605, Aug. 2015. [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification," STD 86, RFC 8200, Jul. 2017. [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol VerREsion 1.3", RFC 8446, Aug. 2018. [RFC9000] Iyengar, J., Ed., and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, May 2021. [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022. [RFC9293] Eddy, W. (Ed.), "Transmission Control Protocol (TCP), Aug. STD 7, RFC 9293, 2022. [TCP-reg] TCP Option ID registry, https://www.iana.org/assignments/tcp-parameters/tcp- parameters.xhtml#tcp-exids 10. Acknowledgments This document was prepared using 2-Word-v2.0.template.dot. Authors' Addresses Joe Touch Manhattan Beach, CA 90266 USA Phone: +1 (310) 560-0334 Email: touch@strayalpha.com Touch Expires July 28, 2025 [Page 8]