IETF Logo Mail Archive

Re: [icnrg] Review of draft-irtf-icnrg-icntraceroute

Spyridon Mastorakis <smastorakis@unomaha.edu> Fri, 26 August 2022 02:43 UTC

Return-Path: <prvs=523705693a=smastorakis@unomaha.edu>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A716C1524C7 for <icnrg@ietfa.amsl.com>; Thu, 25 Aug 2022 19:43:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=unomaha.edu header.b=C9PvJvwd; dkim=pass (1024-bit key) header.d=unomaha.edu header.b=HPw7cWa1
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnwjlIb5zOdN for <icnrg@ietfa.amsl.com>; Thu, 25 Aug 2022 19:43:43 -0700 (PDT)
Received: from mx0a-00246402.pphosted.com (mx0a-00246402.pphosted.com [148.163.147.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DD06C1522C9 for <icnrg@irtf.org>; Thu, 25 Aug 2022 19:43:41 -0700 (PDT)
Received: from pps.filterd (m0136268.ppops.net [127.0.0.1]) by mx0a-00246402.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27PMnOlQ024974; Thu, 25 Aug 2022 21:43:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unomaha.edu; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=pppod; bh=VuWLq1pfNeXHNddGhz0A3+7GnXozpk7OZ8E73Z/tNRc=; b=C9PvJvwdo89Hdzq42WXuYq6Gac+Bp5aoIWq6CA1xNT7eYaKGBqEcfjhfh2zSUZJQNFhi hUpjagIjXN5s4HGvIOefnflGKikZrXxT1UsxFTlL1S90Xz4pfquLqlphtlL2pr8bJ87G 18uq8uD1d0v/0cj9nnA/+NMVKqE7U+xBGQwIX/sHqW5gnPw7DQwz9ROfmv6pwWZglMI2 MFCUccezYmFT5ho3lvSbWWE8pG7r5BPTTUVK2cuqL2jXAChTxTCdjjFxLCkZL/V+qias RihqtsFBt019YKusJVmpr7DalKO/VZAXw8q9GVoXemWW9ouDp0M4YJfnPs5sUniTQiao GA==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2102.outbound.protection.outlook.com [104.47.58.102]) by mx0a-00246402.pphosted.com (PPS) with ESMTPS id 3j6j7cgh3w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 25 Aug 2022 21:43:35 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NYlQ1ewx2m/ZopkXVan6lXrMGZCeHtwrSsQ3mIYJNImu7jS7yPUSx9zRarQ8G/im4ml7k6txVQiwwAzkZGL3ZiailtS9ZefFghq7lgPBLkNidBbLgVbO//ccTrCfyFkXC6Jrk163+ZFCvVqJ76OtLQGHDrUCecm/hGUP9qXGb4E/f5NcuPGac7SrpVThgn/WFGNTQaUPvuBlCu44ng3Tjyl34l+uHcEd/s23Bc+hu4dRU1fkAOUZw0fSNZ5nXd5GwdwUbXPmB7rexNEZRPTeebOR1MkVvja4Jj+MuV/7HmBi9I886Kr6XIA0Nxdo6pZKmNm8FdAX1GWwzq6VRVrVxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VuWLq1pfNeXHNddGhz0A3+7GnXozpk7OZ8E73Z/tNRc=; b=KTAe2r6fhYfkMy9lqb1DxuF/C9vE9bERP4l3jMhhasngu3h9uJkNoX9HBW1FeED72E1i4EJwe/oQNRqQDWbcMQSOPNEM810SfRDHC0ZwkaxvE9y6dkMIokwvhP6XbIQxTxJC7kDDQAHvbWCRZGatXN4jWx3XOih3nao5RXxQja5wpqZmJSrygWS9DdA90DPYR8hxR/89a7ZOb5M2uoJTWiemoBcyPkZauTUaJ92+5iCWWcM+gSM3fzero12slDR44Si0imMvYzIVS+QkgmxgkW7U2xASUfC5mB47uGuU5IKILJBff7MBIVxCiS/2X4jBlPqIYwvIjvHFfuip94/67A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=unomaha.edu; dmarc=pass action=none header.from=unomaha.edu; dkim=pass header.d=unomaha.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unomaha.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VuWLq1pfNeXHNddGhz0A3+7GnXozpk7OZ8E73Z/tNRc=; b=HPw7cWa1QMsLSKOZ3K9pwY3YzJW44C8ziJ5VaiaMQV22tCJHNWeFPgosG5y5wKgC1vmWPF/xOHVqvW4Ul5EiYn139FcaF/zruynvWP33uxZ57OsA2ISa87yj9HcG0zEur9j7uUd/ujbfKtXvqaObaZZbZpxYsJcybpZg15uzL4Q=
Received: from BYAPR07MB5960.namprd07.prod.outlook.com (2603:10b6:a03:134::10) by DS7PR07MB8288.namprd07.prod.outlook.com (2603:10b6:5:38f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.10; Fri, 26 Aug 2022 02:43:33 +0000
Received: from BYAPR07MB5960.namprd07.prod.outlook.com ([fe80::f8cb:b6bb:675b:7081]) by BYAPR07MB5960.namprd07.prod.outlook.com ([fe80::f8cb:b6bb:675b:7081%5]) with mapi id 15.20.5546.022; Fri, 26 Aug 2022 02:43:32 +0000
From: Spyridon Mastorakis <smastorakis@unomaha.edu>
To: Colin Perkins <csp@csperkins.org>
CC: Christopher Wood <caw@heapingbits.net>, "icnrg@irtf.org" <icnrg@irtf.org>
Thread-Topic: [icnrg] Review of draft-irtf-icnrg-icntraceroute
Thread-Index: AQHYgMcPVLQTKVLjhUmYSmh0Fl/orK1peB4AgD2OxQCAGY3CAIAAVQ6A
Date: Fri, 26 Aug 2022 02:43:32 +0000
Message-ID: <C4F43533-32FC-4E18-9BD7-8CA3D2886A59@unomaha.edu>
References: <DC888366-23E6-4FD0-9FD0-24AACB98BCF9@heapingbits.net> <E838CC2F-4BB2-4E9A-8946-60D913FE7306@unomaha.edu> <57C45821-5AAE-4648-B6D0-A2A6C08E537A@csperkins.org> <47CD5CAC-6ED8-4C8D-8ABD-3FA99BFB4960@csperkins.org>
In-Reply-To: <47CD5CAC-6ED8-4C8D-8ABD-3FA99BFB4960@csperkins.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f61788bd-cb9a-41be-5f80-08da870cc451
x-ms-traffictypediagnostic: DS7PR07MB8288:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bSgIM1jDzeMJwaviqEwa87tSvrVgynbjbDJz/5TcOmje27+Y5+32lPbAFj64St6AVoz5CuU0YCl3HmH0pyb3fm2qcRC7Hw9m0LwrTyKRjLOlue+YBSaj1cmnTn2lUzxSz63wZ8JtDAR85DPnQc7GRy+/+EjjEalr8qkUeQTK+J0Qoq5x4UrkPJJUbjyPqJP8zWTo89Mg6RPimQGAM/PZMOjT/TDuLUYcgj9JZFSPzWCkAtxzBQrNSBu8PsqUJEi3TzOd50jgP7u4u/rcUFIVg9iyknsf28/WCtCd4hBnfyaq47jkDIN2xSDL66nz+17C4rGn2OHGmSL1fgnMShtVnR7h+N8iRumjfPgkDasOlM1NtlTZjX2t236BISuFyGpdFI9d3H4+NZbcPDW9AUaIQe/x3YUia2+D3DLpNbBqWBG36aBRU6ZiVzp/EnIwCe0xfVzrfYDBAS9HiLD434WkxLb8kxFVTLH9zFgGQx+YZDDnhQE4ffypGOcpg3yZGchtaQ81C2IMp2EjHpgl23diBnhnVwv+Fvsy/P+q5DQ8+yJAhtGcpugFhtR6Uqtrp+MVLoIVXCjKlzlsCsZQjBaAa0qoEQkklYpqyo+Nf/YztRwVvkWy3IIUz9WC+ndEaoKZUmW+MvA0eQWm2Lpu8rrsIU/ZIjQqiXDY735e+HJgLhuKM8obBHAc3c57NPeN6kBrxHajGnsHdKBstMvr8TCWT/lnZOkBdlwJIePyTsw4Lx6lC6h//nIeOMwtWegtyJdtQsaW0pSRzu0qettCnIrCLhuHbtSZJc5wMoCSOXemlHMseYmZJ8W3aJguLpy652tW6gnnGMjMOgbxXCXM+jAhXA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR07MB5960.namprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(366004)(376002)(346002)(39860400002)(136003)(786003)(6916009)(75432002)(83380400001)(53546011)(5660300002)(966005)(6486002)(2906002)(54906003)(8936002)(86362001)(33656002)(2616005)(41320700001)(186003)(36756003)(8676002)(4326008)(91956017)(38070700005)(122000001)(316002)(71200400001)(26005)(478600001)(6512007)(6506007)(41300700001)(64756008)(66476007)(66946007)(66446008)(166002)(66556008)(76116006)(38100700002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eSvx67suHSqcxaBCMd7UMW7nzRdJoLDE+wANDv8XVgFjhSOUysDkB2sviUr6NdCwZSqbqUdNFmkwEIqNq27jebaBmnTY7M+tDuRu81p5b3Wob4FCY3703bZ1CgOfVLIn46SKQiLD2XCKIXqatItHFjuEfxBcdGm3hTMJEmlwqEThN1pkq7YSfiiY+lXUB61vrrjn0rjeOwsZXQji/Dck6O5VoJP0pqMGI8iuiTHvkvbjN6cLYV0z8yDl7tQZ1mmhYxLJFps/xr756K+ubk/XhdE9GlNA7Pg2VabV2DBQBUFj/PhENzF1BjlkA9wqZg2jCnSFxOkTUmMHkszKfkP3LBdj+pqqdthHYc9X2xmk5Ezo9wZSYiD/08pT2uWyqkp4Q0zMPKTe+vJugundM310TASUqizSzyQcMIqF3pH3laosT8eRvIxrxx/06kUtRDRY7c/mHvOXVsJGj1cBVJm4kOWQ84Nrqmhv3M8mP2bbL5MNbzZ2VbcaqShsUjbSmOkiNN5njsnXNnpo1mb8oB20HHpBIf8n/X9G1/dHHC5iuH6YNZtDgut+iBEGxMxUN/wB6Z2uPWleK/ceMFuExN+clAD0/8IGvIJr2TAFyXcqokJ+kOOhY3j459cn+WyWHfXDD2eQ4Q5w3ftAVRytBQ36hHUIkEuBUX+BAU4eawYqCD/4T+W5IIorFk4IKifEQSUpFEm9RfBMZz1bmInplg7d/w0frrVEzxyK9k3+5zW3acWl7YeUrJVZ9Ay3PCCuTaGtrA5aoNaVmxVi7FSt4NclJS+lLGTWmSgpvlvhN1X2QKhmdK2a3RXHpx0WFUxB46m0pKQre/IPQI4rjqPQh2SRlY7SsqmjqYMHHGdHQmWMzfV563cdMG8O1qOr1ABegomZv1Af/mGSPw+NpEAz/nl+g11dgCx+WhfwdhDTWFDh3AB+Ox/r/PCwDRv/8QmDv3iLestqapgDjAKX4abGqdE5FCuCcC0Bnj1HE6UCNfnLXqIjD+HfW2x1tkOO5gcogi7yYZFGLbRpBkNYOhRBtN9pZe2Hn1FIJ7mypGHljcrFuFwCn1g7l5Rp00LrP0p7ZhH1WualEywn/p8NabGcc4YHQ3NNkboI/shiGfz55q3COCCc48WHKXQWQqGjtceCj6Q3HuOQuPbjI66NtSc9daKkhrMEYpsmAorxSIdd9fgcHyctLdn1/HrXigrt305o570saJJe0H3lsZy4V0o4iW7cChatiTje/783OzZ9C2sVNoGRdMIkkBPEc7BOhz35ThQAcuqdqUkx2yq/ww7Z5QIzwAcYbz9UZiETnRebk4An9c/mEDnkN4fUI5kEVK3c1WivHChgobTv/FT/URjE1X9iY7gZmiOvOkhrsFYLKGs49rtt2TdE+DAdrIQ9SaI8Nn8qJqweR6GOJKqbssZbF/gGSzHY9AMyQw5b4PV+IFWWrPWIlHTbF5VO9pMVEKYLhmxRPeVFH/kQfE3D16lp8OBiUr+16kvv8p6oDc4Ag5J2+svFnVPrJYVoLgpPfFenGgfYbyPiO2Tc/5e7BIeUOi/Qu8KqPyXPyExHdLr0bIVfZVA+pmUFGoAju5z9Ln3e1f3p1yIq1VGxaeM8hUw17p6ZKQ==
Content-Type: multipart/alternative; boundary="_000_C4F4353332FC4E189BD78CA3D2886A59unomahaedu_"
MIME-Version: 1.0
X-OriginatorOrg: unomaha.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR07MB5960.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f61788bd-cb9a-41be-5f80-08da870cc451
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2022 02:43:32.8746 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f1f4be86-d048-47e8-aa26-15b01dcdb13d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CfBCpCkosTBT8j86jZVVQr9/y68BxOXkMCOJGFkq1T8wHqLyuwLKBHmqpnUk7OE2pQAc0zIQSH66nGHr2jeM+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR07MB8288
X-Proofpoint-ORIG-GUID: N7ui3yXM89Vxn3vn1yleIwm4Y5YBGc_8
X-Proofpoint-GUID: N7ui3yXM89Vxn3vn1yleIwm4Y5YBGc_8
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 mlxscore=0 phishscore=0 bulkscore=0 priorityscore=1501 clxscore=1011 suspectscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208260008
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/VGmsVQ_doCvgITT-ZRXmXDnaGVU>
Subject: Re: [icnrg] Review of draft-irtf-icnrg-icntraceroute
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2022 02:43:48 -0000

Hi Colin,

Thank you for checking in. I think I can revise the draft. Once Dave pushes out the updated version of the path steering draft, we will also update the trace route draft.

Thanks,
Spyros

On Aug 25, 2022, at 4:39 PM, Colin Perkins <csp@csperkins.org<mailto:csp@csperkins.org>> wrote:

Non-NU Email

Hi,

Can I check if you have what you need to progress with the updates to this draft, or if you still need input/confirmation from Chris?

Colin



On 9 Aug 2022, at 16:25, Colin Perkins wrote:

Spyros – thank you!

Chris – could you please check if the following would address your concerns?

Thanks,
Colin




On 1 Jul 2022, at 12:22, Spyridon Mastorakis wrote:

Hi Chris,

Thank you very much for your feedback! Please see my response to each of your comments inline. If you agree with my responses, I can go ahead and update the draft.

Please let me know.

Thank you again!
Spyros

On Jun 15, 2022, at 9:48 AM, Christopher Wood <caw@heapingbits.net<mailto:caw@heapingbits.net>> wrote:

Non-NU Email

Like the ping document, I found this to be very well structured and written. The use case for the protocol is clear, the protocol itself -- including the forwarder behavior -- is simple, and the security and privacy considerations are thorough.

Section 1.

 To this end, the problem of
 ascertaining the characteristics (i.e., transit forwarders and
 delays) of at least one of the available routes to a name prefix is a
 fundamendal requirement for instumentation and network management.

nit: s/instumentation/instrumentation

Thanks for pointing out this typo!


Section 6.

 The TrReply Code TLV value of the reply is set to indicate the
 specific condition that was met.  If none of those conditions was
 met, the TrReply Code is set to 4 to indicate that the hop limit
 value reached 0.

Perhaps I overlooked it, but why does the TrReply Code need to be 4? Is it because there are three prior conditions for the final reply in the session?

This value is based on the protocol specification. We have mentioned it at the end of Section 4.2.


Section 8.

 This approach does not protect against on-path attacks, where a
 compromised forwarder that receives a traceroute reply replaces the
 forwarder's name and the signature in the message with its own name
 and signature to make the client believe that the reply was generated
 by the compromised forwarder.  To foil such attack scenarios, a
 forwarder can sign the reply message itself.  In such cases, the
 forwarder does not have to sign its own name in reply message, since
 the message signature protects the message as a whole and will be
 invalidated in the case of an on-path attack.

Could a compromised forwarder swap out the name of a traceroute request with the name of its choosing? If so, perhaps this should also be listed in the paragraph above? To be honest, I forget the semantics for how content object response signatures are verified, so this might not be an issue.


My understanding is both in CCNx and NDN, changing the name of a request would invalidate the state in PIT, therefore, a response will not reach the client. To this end, it is unclear to me how much damage swapping out the name of a request could cause in our case. Indeed, unless requests are signed and the signature is verified, a forwarder could swap out the names of requests, but the corresponding response will not reach the client. I suppose a malicious forwarder could still see the response before the response is dropped. I am happy to mention that in Section 8.

Hope this helps.

Best,
Chris
_______________________________________________
icnrg mailing list
icnrg@irtf.org<mailto:icnrg@irtf.org>
https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/icnrg__;!!PvXuogZ4sRB2p-tU!Ck_l3JqxhS1GBV4FC0GZ9yNSHQAmGDDxHwyH_qxYPljEt7_FZEOymbblf1Re5Ilt9oDVo4a6Ux6ZCuQE_ZM$

_______________________________________________
icnrg mailing list
icnrg@irtf.org<mailto:icnrg@irtf.org>
https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/icnrg__;!!PvXuogZ4sRB2p-tU!GpmPMnfIPnKFCUWW0LqABDRfGdJT6cw0VXLZeheaWxlALjc2DaRzcK4cg6BNoQkzaFNqghFWUkTQa4oXBA$

_______________________________________________
icnrg mailing list
icnrg@irtf.org<mailto:icnrg@irtf.org>
https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/icnrg__;!!PvXuogZ4sRB2p-tU!GpmPMnfIPnKFCUWW0LqABDRfGdJT6cw0VXLZeheaWxlALjc2DaRzcK4cg6BNoQkzaFNqghFWUkTQa4oXBA$

v2.23.0 | Report a Bug | By Email