IETF Logo Mail Archive

Re: [icnrg] Review of draft-irtf-icnrg-icntraceroute

Spyridon Mastorakis <smastorakis@unomaha.edu> Fri, 01 July 2022 11:22 UTC

Return-Path: <prvs=4181c6becb=smastorakis@unomaha.edu>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2784C15A72B for <icnrg@ietfa.amsl.com>; Fri, 1 Jul 2022 04:22:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=unomaha.edu header.b=eS+wGXSq; dkim=pass (1024-bit key) header.d=unomaha.edu header.b=kaSo+b9f
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYlxysm5JM9P for <icnrg@ietfa.amsl.com>; Fri, 1 Jul 2022 04:22:30 -0700 (PDT)
Received: from mx0a-00246402.pphosted.com (mx0a-00246402.pphosted.com [148.163.147.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 704CDC15A73E for <icnrg@irtf.org>; Fri, 1 Jul 2022 04:22:30 -0700 (PDT)
Received: from pps.filterd (m0136267.ppops.net [127.0.0.1]) by mx0a-00246402.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 2619uqlo001564; Fri, 1 Jul 2022 06:22:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unomaha.edu; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=pppod; bh=poXdJnu1SVreQJPJ8jPR2jyJyXRNTJPY7w28xX8pL5I=; b=eS+wGXSqD33X6YFS6qXbiwLqNdovJCn2E3pd54M2APcpaQKi6qPNsvEB+XcmWVpcfBhI NA/WFgaxifTDCoTBHm9CNlmmWF9qMhGqzUK3iQUI2pCLDIhlh4v4Ikm8byD1vVFkZx7o S3dCEs55XRsxS8QuMqTPkRrZK1RWudvn6cdGRWwCgY8jgHBs7HBd8sBWVCllnI+cf9pr m2GYsveP5l3RI6LogNTSRGzBMK8B8vHG+qKGC69eisz4DhqPp5VoZeHbzO3Kx1Hyv0+k 6rBohGL0v5qHpaX8Q/4v8JKeJAikZdZ5EHmvox3zGSW7y53MmTBTzhXwMtLPc8SKOgGS VQ==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2172.outbound.protection.outlook.com [104.47.55.172]) by mx0a-00246402.pphosted.com (PPS) with ESMTPS id 3h1jdc2343-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 01 Jul 2022 06:22:27 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hUu2omwHRR3ByuocW+e9EI6EI3wzjPWzWou3Eu0cP5zAW7aIoOcvDcVcKWLUrPEhmQiuhslewYAyWmq3SqgOXltu2cVp2Ola5eejuyU+aHKS1hJp/fJyhUbuWYqfMrooYYuhTe1AkGgcCRoGwWGh+HcN2faOc0uGqN9xK88IGH/gHuqE+ft7CfxIEKz0BYBwt9rjknvjWzkX77oVeV2u79EsgI6ecx0SeHo+LVeweJpoh6kdcFDdhsuplk5PjUrHkb1WPK9vx5ytTMwYN6cCGtpwSIl2mIJEQL9mzkT/1Qp52QpP3aK93Lkdo3Mn6ZHVgrqNImtQhbDopcKDwq7F5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=poXdJnu1SVreQJPJ8jPR2jyJyXRNTJPY7w28xX8pL5I=; b=io345mEpKW0jNJsoFz+LwqsMzORiF+uQlcfq9UXHy63Ac+E3hjhZnSsPLJ4jNJ/MUj5y3BW2xQ048n5Z28UkjrEGzSADxpHOIbbPb3I/BeqeR/wvGgVVPhqMZKKVxzWBdn3z9o50yC8EYkXuE7aC6sIsX4XPkLsTPVPbtWxTzC8YMruKxxKhz+p5/CB1hd+VXYnekwT8P64vnu2tRAxrQkuxZCiBV/z3FEjBVCIBxhsoPy0yXhJAzpSc5myVwZOMufYUFOJ4077J0/zx1GzVmnWoZ0egRRa3asJnpQzu5FymJp+bZN0/UKluVerSU2+WUNp2jPD7GVGVPQpT5NioVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=unomaha.edu; dmarc=pass action=none header.from=unomaha.edu; dkim=pass header.d=unomaha.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unomaha.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=poXdJnu1SVreQJPJ8jPR2jyJyXRNTJPY7w28xX8pL5I=; b=kaSo+b9f9FZwUlphqBrkEwzbbgw8bYwCPkl3rq1FVvwlt5e3QLQIX7WMCCB439nMoSrgcU7kQ8sn2xQnVN64MRvzx0Ji5MXirwa1qSiZVXReHu0LvlEvaaBOwoWUiYcm/H/2nuLCpOJ461svZL57DD6VYL4N4NjBN5OggjOx2IQ=
Received: from BYAPR07MB5960.namprd07.prod.outlook.com (2603:10b6:a03:134::10) by SN4PR07MB9245.namprd07.prod.outlook.com (2603:10b6:806:1ed::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.19; Fri, 1 Jul 2022 11:22:24 +0000
Received: from BYAPR07MB5960.namprd07.prod.outlook.com ([fe80::7141:24fa:4bee:50f4]) by BYAPR07MB5960.namprd07.prod.outlook.com ([fe80::7141:24fa:4bee:50f4%6]) with mapi id 15.20.5373.017; Fri, 1 Jul 2022 11:22:24 +0000
From: Spyridon Mastorakis <smastorakis@unomaha.edu>
To: Christopher Wood <caw@heapingbits.net>
CC: "icnrg@irtf.org" <icnrg@irtf.org>
Thread-Topic: [icnrg] Review of draft-irtf-icnrg-icntraceroute
Thread-Index: AQHYgMcPVLQTKVLjhUmYSmh0Fl/orK1peB4A
Date: Fri, 01 Jul 2022 11:22:24 +0000
Message-ID: <E838CC2F-4BB2-4E9A-8946-60D913FE7306@unomaha.edu>
References: <DC888366-23E6-4FD0-9FD0-24AACB98BCF9@heapingbits.net>
In-Reply-To: <DC888366-23E6-4FD0-9FD0-24AACB98BCF9@heapingbits.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.80.82.1.1)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d6201b85-97b3-48f7-789e-08da5b53f92a
x-ms-traffictypediagnostic: SN4PR07MB9245:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nrcozY66eLfHEFzNVLe2V/UEzXi0uXBXrx3LLALvq/GiWvb+4hr5G7a2uQOv6hDoe0wCl1AfaLDMcoc4sHRntzNA0P4BIVo0+SYY1Y6pUj3sOeueIue3GVW1OK3ZUpWTTqg4G4CE/4GluIRhJaZY8keEgW+Fti7ATK6c4f7AX9yD9xhNF6TaqYPcJn785d8y7vIoQQyCNrGSNDLDJq4xuFbMwzTJddUzLanSBnV3qErjfK3NBjp/j/pd8r6IjPFL/555/wgKj/iPJT0zJPdCj3qPYuu2bWesnyEat27YN3EF2s0SYiJu2fZJX858tfDe8TaMVGq+BB+5Sz23BJV21RqWmdHdXsmR5f7VPHB7Gl9ZEhTbWSUiLejNNwv89vZr0qYOQlJ+urKfXQozVQdoWAwXLB/o59BxYu67jE4IGb95f+9J0xPrmalgH4xMiNdKdu0m8QEsfo4/wENExTiZgJElrMlr1YUPH8+wQk0HvOPonVGcpE4txIjzjn7ejKtO7pXdpIJ4rArQXhdpk3vbuyjzr0slSiO49N1gqHFjHQhc7INqvEX4EUDQbgyr2Wcr+WRcB5kPSwfBtIGbfCn06qNBPYhSoXMNFJxyo0VB7nAeukfghNlCO37NeFMhkLa0Jr9pE/XI4A0z/qtrcOu40ryXbulKQwnUzPmNoeKWbYjrom16yIB8u+QyUezzHkduq16M7uq8HE8LL4AqEItLKPcPZ0+DBnDZl+js5NRsnjc602nYCOv5iLVF0TfBqy6sXOws/UAqfJz10Ct8ZNxnqG08jD+g/Cd2mWM1vjZ3jYxd3UURrY8DerzA8UPgNv0gvqjIgTIolfugHgM7wd+h0t4qnxcSLcR8ZZNSiU49z+AKfjuHw+0EQdM325+c7Dfh
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR07MB5960.namprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(376002)(136003)(346002)(396003)(39850400004)(316002)(66446008)(966005)(64756008)(38070700005)(8936002)(41300700001)(8676002)(26005)(786003)(33656002)(5660300002)(4326008)(122000001)(6916009)(66476007)(41320700001)(38100700002)(83380400001)(66556008)(36756003)(75432002)(86362001)(91956017)(6486002)(6506007)(6512007)(2906002)(2616005)(66946007)(76116006)(478600001)(71200400001)(186003)(53546011)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: etgzgCFd5VbZ8sEoZOB5vjJibySbC1xCAlnR3qR3OWhHtvkeZkKL64NJL2NFkNb8h/aITAr44Xgs8n5YxIGJlZXWKdoWSKlAh3QClSqgwHULTQdvcWrzWaSamkhVkArkXc/tiiLw9mXEahvvVN6Dr36kJC8FPNhz9R1BRWSEgC59LAJf3taH4WAcEk8BBXJfa+q/EAGN1S+00JtsrGm4K6alOeNIH4epclMl6d6+g84dpG517E6J1My9d1i8pYBENGnCaqkQNW0F0oWejTg3NQ3bYP0qnYmohfCtj+6YE5hMKZ1g0ZBva3/ep61RcbKs/9V+/4dt0C0rrDpblHa+G9dGRF7a31a3J+/J5cGvrom2LTrrQ78yJFsFk7866Ijn4PhO0RG85VogBwTqrm+2KFsGqLqLsrhFQCLUjhBgtRV/4UJxHGrVt4KF3FV1JBEOpYzKdZbwPpU1efTCmG18iAbkUuUfHeoq+ukUWblzN6J8VREUW/k+k05zf7fp2StO+9XlY+U3y6ekMR68naimB+lQ++gbaGiZbB/Q654u7BqDfc1R0suAtktcXDUeMy3jlAtYJf5iti+ZqyJGDgRHGOgfQkA4L/KmELKcobTH+QvpzUco1AICmpFFSYwxMKfHTWFUYbsWtQWLRRnyBxN3htP+Mku4qnr7WMsYwI2HmcYo5vBo4O3FdiohPuyIyVpiiW9DjZqaKirF6xg32X9sAmFAEAVXRgiobHbHrfWxUnY2ka3iUVtpNMQ461iqQoD4pHkmXG6vLD0zorbtAUEAIxT12yqe4r7NSlrhusl4bC73z+nAtfGheQVvSxBryBI/ZWPGDt6d6w8Y7qYYuGcceZPYb9Cx2IzS8GERKqFtC3pZPbGhYzUkN4KqCVG/5/0DJoiI2AAQiCEgxNIFfwtRhf05ue2e5QazEXlvSLnyNbQSVMe1CDikoBsRVBqynhPJ/kKcruP8Kn+u4XVmh1PYwKy8YiEEivAVCYSCon/yRw+Sy6fi/mRodDHQ+dg9qvdXudehllOpX6ppLg3rmhz0aDZksEcAG5wdUKTJn86/c08Z6z1fCBQ14V8k7wZ7heR/5dqGEeB9L8dFciKGeVQJhaq8HuHmSCZYqpSUknGls/PZn3QuKg0rD1eTMfivB2sqcjq22j+tplAxFyDjaMdGgPuIBDPFEb14UY7JHzp+CVLchzvbmqzwlZQbKS5SMDQstWo1VViGmp1SYjLrJhAw9k9tVnyEbgxkWVNoBa2PumOL8LfFjvQG16Pr6VhgqJS3JW6KpbvrlicnVoc8Z44etDRrbnva4Ir8IMOJk6XdGTEp5F4WEKIcnwV3OgFmU51Y2GZtKK3VUxrAlsmSctHT18IKQRLyuhx+Rkt7tHXDXUHV8Iz0kpFIsMMPcRQtxbfeQUexXtOHHGG9hfIXC+sH+NDANf/gHgi8gqZLOsO0ZH7eXyBM4c4in4XhuE7erdV5E8mNc4XL7M7IHKAGeU/Cd9OSK1qpU/CqRoDyMqZyzPuaU3STs8yJ0crFitVwhElF1DSWr5anqjQHQId/mFQeMbla/oj+Foax4Ovdx4aaX2xGQqs4v604u/dOWn8E5kldWPO3NCH4i6CQlwQmGUK/Tg==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <CE84F201E4E4C945A0DA9C23F11BE5A9@namprd07.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: unomaha.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR07MB5960.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6201b85-97b3-48f7-789e-08da5b53f92a
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2022 11:22:24.6757 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f1f4be86-d048-47e8-aa26-15b01dcdb13d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1ymkm/LreiApBEE8CkJBseuVbYixFcTnROcsx1w2Q4hthwoYJOwX2rr0oICaF5n2c6lTorV5lMoEoVHmCsEkQg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR07MB9245
X-Proofpoint-ORIG-GUID: 6cuxh6ZfzU-uBBDDv6nXzUAa9orvocKe
X-Proofpoint-GUID: 6cuxh6ZfzU-uBBDDv6nXzUAa9orvocKe
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 clxscore=1015 mlxlogscore=999 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2207010043
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/MNikw1dSU59N8zxmjh-q15U4m6c>
Subject: Re: [icnrg] Review of draft-irtf-icnrg-icntraceroute
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2022 11:22:34 -0000

Hi Chris,

Thank you very much for your feedback! Please see my response to each of your comments inline. If you agree with my responses, I can go ahead and update the draft.

Please let me know.

Thank you again!
Spyros

> On Jun 15, 2022, at 9:48 AM, Christopher Wood <caw@heapingbits.net> wrote:
> 
> Non-NU Email
> 
> Like the ping document, I found this to be very well structured and written. The use case for the protocol is clear, the protocol itself -- including the forwarder behavior -- is simple, and the security and privacy considerations are thorough.
> 
> Section 1.
> 
>   To this end, the problem of
>   ascertaining the characteristics (i.e., transit forwarders and
>   delays) of at least one of the available routes to a name prefix is a
>   fundamendal requirement for instumentation and network management.
> 
> nit: s/instumentation/instrumentation

Thanks for pointing out this typo!

> 
> Section 6.
> 
>   The TrReply Code TLV value of the reply is set to indicate the
>   specific condition that was met.  If none of those conditions was
>   met, the TrReply Code is set to 4 to indicate that the hop limit
>   value reached 0.
> 
> Perhaps I overlooked it, but why does the TrReply Code need to be 4? Is it because there are three prior conditions for the final reply in the session?

This value is based on the protocol specification. We have mentioned it at the end of Section 4.2.

> 
> Section 8.
> 
>   This approach does not protect against on-path attacks, where a
>   compromised forwarder that receives a traceroute reply replaces the
>   forwarder's name and the signature in the message with its own name
>   and signature to make the client believe that the reply was generated
>   by the compromised forwarder.  To foil such attack scenarios, a
>   forwarder can sign the reply message itself.  In such cases, the
>   forwarder does not have to sign its own name in reply message, since
>   the message signature protects the message as a whole and will be
>   invalidated in the case of an on-path attack.
> 
> Could a compromised forwarder swap out the name of a traceroute request with the name of its choosing? If so, perhaps this should also be listed in the paragraph above? To be honest, I forget the semantics for how content object response signatures are verified, so this might not be an issue.
> 

My understanding is both in CCNx and NDN, changing the name of a request would invalidate the state in PIT, therefore, a response will not reach the client. To this end, it is unclear to me how much damage swapping out the name of a request could cause in our case. Indeed, unless requests are signed and the signature is verified, a forwarder could swap out the names of requests, but the corresponding response will not reach the client. I suppose a malicious forwarder could still see the response before the response is dropped. I am happy to mention that in Section 8.

> Hope this helps.
> 
> Best,
> Chris
> _______________________________________________
> icnrg mailing list
> icnrg@irtf.org
> https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/icnrg__;!!PvXuogZ4sRB2p-tU!Ck_l3JqxhS1GBV4FC0GZ9yNSHQAmGDDxHwyH_qxYPljEt7_FZEOymbblf1Re5Ilt9oDVo4a6Ux6ZCuQE_ZM$

v2.23.0 | Report a Bug | By Email