[Ippm-ioam-ix-dt] IPPM IOAM Meeting Summary, February 17th, 2021
Tal Mizrahi <tal.mizrahi.phd@gmail.com> Wed, 17 February 2021 07:40 UTC
Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm-ioam-ix-dt@ietfa.amsl.com
Delivered-To: ippm-ioam-ix-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 193723A162F for <ippm-ioam-ix-dt@ietfa.amsl.com>; Tue, 16 Feb 2021 23:40:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9lsS5_f3axw for <ippm-ioam-ix-dt@ietfa.amsl.com>; Tue, 16 Feb 2021 23:40:11 -0800 (PST)
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FA813A1630 for <ippm-ioam-ix-dt@ietf.org>; Tue, 16 Feb 2021 23:40:11 -0800 (PST)
Received: by mail-wm1-x32a.google.com with SMTP id x4so2147795wmi.3 for <ippm-ioam-ix-dt@ietf.org>; Tue, 16 Feb 2021 23:40:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7mLpMA1GiXozjqrB5m3mKGfhDxcINb9bqrcia0sKung=; b=idnAkVzpq28EwnM3LKLw8r43skzlFE+XRdz70CdnOS1QjjMXAid5N9Ah75CC5vlwcj GFNvlXL9uXBRRDJMCuayYO9GR8qmUULOnVccz0YZGfjg+k2JOpx5BgOCnSLkY3EI/jEp g8H6ezX6lEVh1Lh3ciuBSJL6fNfxAeziW47Ef3RdTKXp9kYIdZJVvmn1geOqHWo33esx 82BNBF6md1NF/NmflH7r0xxIAAHCvLcmDNI/K+gHrmKey0DZTmBhDXy2onE+HVc7ymAQ Xso1jLQl2X5Al0CKMIFQFmxWjGRMY2d4QzWAMWOuXsFB/IC87R8rPfijciuiZ+gnmg7V VnRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7mLpMA1GiXozjqrB5m3mKGfhDxcINb9bqrcia0sKung=; b=CO4iJyX8Bzk/Lfhbv1bUV96ipkGXNS6Hb+1v9RRmgJ5uA/UFanhavr91BhZZ6GoMCN AkipwTYTjC4Dwk4XhFDEHjoRzFva/I8p4FNg6Nr+b4J9rLpFtIhZCitzgqBLpFWgbfP2 1jF32zqI34CYJwV8X/LOFLDkDnCITGSao1qfi2PTqmKFuHWdg7nDdnTr9LTFxXOfU9fz 1zu9+UiT5c8Xr9+5+E71wLomeElxopuVLo2Srk4JsMwWoCrwSTYeq+3XFq2i9WKmDzEO WLz38qg5n2MKY76bfxxL5ejoHDmvDTsRYKRMtINA6GLoqSWaliChgj2Ug0P6ZulUOSjN f6ow==
X-Gm-Message-State: AOAM532+X6DrY9O5cnlrdSJ/I/mVgau80KODopvm4IzQaJYVns9B05hp zXkyjCLRO21iLKI2/tLKv90UTpJzrMF55P+DzKWmNvprieVJ1A==
X-Google-Smtp-Source: ABdhPJyKjQu23ttb8ETIHpghkpnnt98i2JpMgI4Gc+Cwq2RIF2bcp+BTHS6vYxqWN7ht0bkvo8WtGngL/e9qwtzuD3g=
X-Received: by 2002:a1c:541d:: with SMTP id i29mr5665175wmb.19.1613547609270; Tue, 16 Feb 2021 23:40:09 -0800 (PST)
MIME-Version: 1.0
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Wed, 17 Feb 2021 09:39:58 +0200
Message-ID: <CABUE3XnwdnLuc2mssHoc3+_3GRRFLs9L2gX-kQTxLAs7rw_7HA@mail.gmail.com>
To: ippm-ioam-ix-dt@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm-ioam-ix-dt/pNpnAS66bkUa57H-FRn9K74Y3Q4>
Subject: [Ippm-ioam-ix-dt] IPPM IOAM Meeting Summary, February 17th, 2021
X-BeenThere: ippm-ioam-ix-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPPM iOAM Immediate Export \(IX\) design team" <ippm-ioam-ix-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm-ioam-ix-dt>, <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm-ioam-ix-dt/>
List-Post: <mailto:ippm-ioam-ix-dt@ietf.org>
List-Help: <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm-ioam-ix-dt>, <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2021 07:40:13 -0000
IPPM IOAM Design Team Virtual meeting February 17th, 2021, 07:00 UTC Webex meeting Attendees: Frank Brockners, Barak Gafni, Greg Mirsky, Mickey Spiegel, Tal Mizrahi. Minutes by Tal Mizrahi. Summary: ======== - Data, DEX and flag drafts: new version will be posted. - IETF 110: slots will be requested for the WG drafts and for the integrity draft. - The next meeting is on March 3rd, at 07:00 UTC. Data Draft ========== - Tal: I created a pull request with a few minor changes to resolve the Genart review. - Frank: I did a few minor changes: added a reference to the integrity draft, and a reference to the deployment draft. Already merged on Github. We will need some more security details in the deployment draft. - Tal: are we ready to post the data draft? - Frank: yes, I will do that this weekend. DEX and Flag Drafts =================== - Tal: I created pull requests for the DEX and flag drafts. Both were updated regarding security based on an email thread with Martin Duke on the mailing list. We still have an open issue regarding the hop count and the length of the DEX header. - Frank: currently the draft says there is no hop count field. - Tal: right, that is the case for version 02, which is the current version of the draft. We have not changed that. Still an open issue. - Frank: thanks for these updates. It looks like the right update to the security aspect - we explain it, but do not claim to solve the problem. IOAM Integrity Protection Draft =============================== - Frank: Greg - thanks for your comments regarding the integrity draft. Shwetha is currently working on some more text that suggests to use the IPsec Authentication Header (AH). - Barak: why do we stop at integrity protection, and not encryption? - Tal: I believe integrity protection is an important requirement for IOAM protocols, while confidentiality is typically not considered crucial for IOAM. - Frank: this is basically the comment we received from the security experts, and we wrote the draft based on these comments. - Tal: recon is usually a less severe threat than DoS, and that is why integrity of OAM is more important than encryption. - Barak: but we heard concerns from the IPv6 community that IOAM data may leak. - Frank: leaking is a concern, but it is not strictly a confidentiality issue. Leaking may result from implementation problems. Upcoming IETF Meeting ===================== - Tal: the IETF meeting is coming up. I will request a slot for the DEX and flag drafts. - Frank: all the working group drafts need to be discussed. The YANG module should also be presented - hopefully Tianran can present it. Hybrid two-step and IOAM ======================== - Frank: regarding the hybrid two-step, it would help if we could have an example or two regarding encapsulations and how to match a packet to its follow-up packet. - Greg: right, I will appreciate some discussion on the mailing list. - Mickey: there are a few possible ways to link a packet to its follow-up packet. Have you considered it? - Greg: there may be one document that covers encapsulations, or there may be a few documents. - Mickey: do you think of adding fields to these encapsulations? - Greg: there is a shim header that includes some metadata. - Mickey: is there a chance you do not match a packet with its follow-up packet? - Greg: the trigger packet is an OAM packet with a header that defines the profile of OAM data to be collected. - Frank: maybe you can have a hybrid two-step option type that includes a way of associating the trigger packet with the follow-up? - Greg: let's start this discussion on the mailing list. It will help.