IETF Logo Mail Archive

Re: [Ioam] [EXT] Stephen Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 15 February 2017 14:33 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ioam@ietfa.amsl.com
Delivered-To: ioam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5532712963C; Wed, 15 Feb 2017 06:33:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HGSdi9QgdU0y; Wed, 15 Feb 2017 06:33:05 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9A03129634; Wed, 15 Feb 2017 06:33:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A839BBE4C; Wed, 15 Feb 2017 14:33:02 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dv1HNJPE3agk; Wed, 15 Feb 2017 14:33:02 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EC4B6BE49; Wed, 15 Feb 2017 14:33:01 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1487169182; bh=CiqTm1Y54NpN8PtKtFFyTwYxyPj4z4nkMGODPCVS7q0=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=z9n+CnTmm815Sm9V6MtF9f+/Z2tpUQJMKbSkm6Es0xJpN5PP4vumNcKGQnmp1EUse abISI+GawEMTuZlgyt9suN+RwiVau6dDL85hTdTZ6AMx9Zr3CxZb8aN3GBtnEO3wip Em7yDXjtHg947vm30Qc60qiqagESIVDzH0xk16NI=
To: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>, Tal Mizrahi <talmi@marvell.com>, The IESG <iesg@ietf.org>
References: <148716051224.17360.14931066801393091893.idtracker@ietfa.amsl.com> <c10463c6506f44c482402ed74a4cbebc@IL-EXCH01.marvell.com> <56e90519-5982-c9fe-9059-6f9e6497ca90@cs.tcd.ie> <6358cd5fa666448bac92fd0770ee45d8@XCH-RCD-008.cisco.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <e6357ddd-3db0-e6bc-1358-b13c6a47589d@cs.tcd.ie>
Date: Wed, 15 Feb 2017 14:33:00 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <6358cd5fa666448bac92fd0770ee45d8@XCH-RCD-008.cisco.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="FmlHRqcj4D8HW0H4oi62aBbGwdKxXL1Aj"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ioam/7qNEHgKVbIGGfErhC-qrRDf-vuk>
Cc: "ioam@ietf.org" <ioam@ietf.org>, "ioam-chairs@ietf.org" <ioam-chairs@ietf.org>
Subject: Re: [Ioam] [EXT] Stephen Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)
X-BeenThere: ioam@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion on In-Situ OAM <ioam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ioam>, <mailto:ioam-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ioam/>
List-Post: <mailto:ioam@ietf.org>
List-Help: <mailto:ioam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ioam>, <mailto:ioam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2017 14:33:07 -0000

Hiya,

On 15/02/17 14:23, Frank Brockners (fbrockne) wrote:
> Stephen,
> 
> my reading of the draft charter is that IOAM would be focused on
> gathering data, not interpreting data on network nodes. 

I'm not clear what distinction you're making there sorry.
(That's likely my ignorance, so sorry again:-)

> I.e. IOAM is
> for operations support *not* for active management of nodes. 

That sounds good, but I think needs to be clearer.

> This is
> also why SPUD/PLUS are probably orthogonal/complementary, because I
> understand those approaches as targeting the communication between
> end-system and middle-boxes for control/management purposes. 

The similarity to SPUD/PLUS mainly affects privacy and not the
ping-of-death question. Once one can add any label with enough
bits in it to a packet then the privacy issues arise.

> The lack
> of “control” or “management” should also mitigate a lot of the
> security concerns for IOAM, because we just gather data, we don’t
> interpret data or act on data in IOAM.
> 
> So on your question: A "ping of death" won't be possible with IOAM .

I don't get how it won't be possible - if you're considering
anything extensible, what'd prevent someone defining such an
extension later?

Cheers,
S.

> 
> Cheers, Frank
> 
> -----Original Message----- From: Ioam [mailto:ioam-bounces@ietf.org]
> On Behalf Of Stephen Farrell Sent: Mittwoch, 15. Februar 2017 15:10 
> To: Tal Mizrahi <talmi@marvell.com>; The IESG <iesg@ietf.org> Cc:
> ioam@ietf.org; ioam-chairs@ietf.org Subject: Re: [Ioam] [EXT] Stephen
> Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)
> 
> 
> Hiya,
> 
> On 15/02/17 14:05, Tal Mizrahi wrote:
>> Hi Stephen,
>> 
>> Minor comment: as in [RFC6291] OAM in our context stands for 
>> Operations, Administration, and Maintenance.
> 
> Fair enough, thanks.
> 
> The question in (3) though stands as to whether the scope includes
> (the moral equivalent) of a ping of death or not. Admin vs.
> Management in the acronym doesn't really impact on that.
> 
> Cheers, S.
> 
>> 
>> Cheers, Tal.
>> 
>>> -----Original Message----- From: Ioam
>>> [mailto:ioam-bounces@ietf.org] On Behalf Of Stephen Farrell
>>> Sent: Wednesday, February 15, 2017 2:09 PM To: The IESG Cc: 
>>> ioam@ietf.org; ioam-chairs@ietf.org Subject: [EXT] [Ioam] Stephen
>>>  Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and 
>>> COMMENT)
>>> 
>>> External Email
>>> 
>>> ---------------------------------------------------------------------
>>>
>>> 
-
>>> 
>>> 
> Stephen Farrell has entered the following ballot position for
>>> charter-ietf-ioam-00-02: Block
>>> 
>>> When responding, please keep the subject line intact and reply to
>>> all email addresses included in the To and CC lines. (Feel free
>>> to cut this introductory paragraph, however.)
>>> 
>>> 
>>> 
>>> The document, along with other ballot positions, can be found 
>>> here: https://datatracker.ietf.org/doc/charter-ietf-ioam/
>>> 
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>>
>>> 
-
>>> 
>>> 
> BLOCK:
>>> ---------------------------------------------------------------------
>>>
>>> 
-
>>> 
>>> 
>>> 
>>> 
> (1) I think we should have a BoF for this. Given the similarities
> with SPUD/PLUS
>>> (see [1] below) just going ahead and chartering this (and in
>>> RTG?) seems to be very badly inconsistent on behalf of the IESG,
>>> given the community concern about at least the meta-data
>>> insertion aspects in common. (And maybe more aspects.)
>>> 
>>> (2) As with SPUD/PLUS I am very concerned at the potential
>>> privacy (not security) implications of any generic method of
>>> injecting meta-data whether that be into transport layer
>>> flows/sessions or at other layers. I do not see how doing that at
>>> any layer that can potentially span the Internet is different
>>> from doing the same thing at any other layer. I am concerned that
>>> there may not in fact be any acceptable solution for this problem
>>> (other than not aiming to allow any generic encoding), so I think
>>> this is something that does need to be discussed before external
>>> review happens. I am not convinced by the "domain" boundary
>>> argument in the charter - such things leak and/or the concept of
>>> "domain" is too ill-defined. A further point here is that the
>>> suggested timeline (data format defined in April 2017) clearly
>>> suggests that the idea here is to define a way to add a generic
>>> TLV structure to any packet, which I think equally clearly means
>>> that all of the privacy issues are relevant.
>>> 
>>> (3) I assume the "M" in the name is for management. I don't see
>>> what would prevent someone developing a standardised ping of
>>> death if that is the case. (Or actually, possibly many flavours
>>> of that.) And actually that'd probably be inevitable if the "M"
>>> is really seriously meant. I am not sure that we (the IETF) would
>>> like that. That makes me wonder if the scope here is at all
>>> sufficiently well defined - is the implication of the name that
>>> the proponents want to be able to do all management functions
>>> this way, or just some? If just some, then which, and why is that
>>> a good idea?
>>> 
>>> [1] https://www.ietf.org/proceedings/96/plus.html
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>>
>>> 
-
>>> 
>>> 
> COMMENT:
>>> ---------------------------------------------------------------------
>>>
>>> 
-
>>> 
>>> 
>>> 
>>> 
> - I remain unconvinced that this can go ahead before the IPv6 header
> processing
>>> discussion currently happening on ietf@ietf.org is resolved.
>>> 
>>> - Were I mostly interested in "transport" issues, I'd be quite 
>>> concerned about those as well - there are also things in common 
>>> between this and SPUD/PLUS in that respect I figure, though I'm
>>> not anything like expert on that.
>>> 
>>> 
>>> _______________________________________________ Ioam mailing list
>>>  Ioam@ietf.org https://www.ietf.org/mailman/listinfo/ioam
>> 
>

v2.23.0 | Report a Bug | By Email