IETF Logo Mail Archive

[ippm] Re: AD Review of: draft-ietf-ippm-encrypted-pdmv2

"nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com> Thu, 06 June 2024 19:42 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75646C14F600 for <ippm@ietfa.amsl.com>; Thu, 6 Jun 2024 12:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HNLfAJv4SLVY for <ippm@ietfa.amsl.com>; Thu, 6 Jun 2024 12:42:49 -0700 (PDT)
Received: from sonic317-32.consmr.mail.bf2.yahoo.com (sonic317-32.consmr.mail.bf2.yahoo.com [74.6.129.87]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D73F1C14F616 for <ippm@ietf.org>; Thu, 6 Jun 2024 12:42:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1717702967; bh=XaloADP1/a0ksyYzhh/PAoc1aOZmU2rKRM7EYy7C32c=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject:Reply-To; b=aP5zLKpn9ERmZvEgqb+g5wrbzBm4/U257PsJMq7q1ylc2uVEI927Ed0ih/CvNOZGWYZpRt1T253IPeZUHvgHux8F+S0ZshF+hQA4f4EtQ8PgjWGppumur8LguK0lTgWYus7MnNAZVzvbyp+uyxdHuPwJK727dTaCluVzV+AO+9huPEmPRwU6kEph8918dOYpSpALPgU7I8/y0Jz6IAWNL1nqLW40nAgNydvs4t097zw8rmVLXBB1Z7S6EN2vukAP2P75OdCZ3yjhyDyd90N6h0VYkfUqSBMSlKFAwsoMeEy86RXQKKbfLztddKuvS3iqqCILFInqq0rTASO19GaagA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1717702967; bh=dIUCvW2MpK2RLfvx+1P6XG56wKESk6wptjhlx4DAvFF=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=bnWAHMqe+WRNrK+9isQE7SPjqLLNLgPmGrruG3Va6bGp9GowfHOVsEe386ILv1jbteqjq8y1Oa8rJQBknGrLLtDA2LNZ88UQ7DSpsBfzkpyOX+YnVfpqdSzhW6Ateu89vlVBcsTdZ2lxRaXRd5Wjx3vQj9segjnRYjlfC2Rlkk5TRC5vctFt20XOJhql5lgcpHR64yFqCiIJszWoQvhUkZVH2c5uRlr8RB8qBKrKDk6V3L8Vuq5UnCWyk75O4EKkUpbDbJSe9JQjXaoGLDgV7GRiXm5TDdv3XVSF7dFG2EuE2d/atVQHYYPXq6qru66rUfmKduEKtPieV8gf0chMCw==
X-YMail-OSG: U1JcNnwVM1mHeis8BH5SDK1x.AVtwPLCQCcbl8.Ddfvw81YbcCUICTtkOKCu_MJ 4PhaHbsYuhhIW0QED55d6T9DOfphmmqDzewHsPiZ3bRLFsnkA928xs4p.GXgmBjhjEanoD2UJK53 Bq3hK_0nOgbxUBVmE.0FAtFtYG1xsV6a6UXroRx_bifV2dV.qY2AZrjtwMbRWUexSbaUMTCPeUhk GtMEiYX71KsUUVzCDhLO099SaKdsiPE31ViAtu83U_166wPFnHWINbXXmWEr2ZWeeVuNDr7.34Ke NLDNjU1bp5t6fx_EoDLGw3cH0fc84J5HBFVAHSDluD6VynPfSGHGgfZrDQ5FS55y8jyqKocW9xT. JWokQKNDoRMJwY5MrEQH8.xtZplWLYSXiUs5hgDJyZYDnFnQlmW5pzDrTxqU_4rD6uDE0w5X7jWs lDOgErJBUY2Qtv3LG07DFdRelyKWakViQBDzZPSyaf.UCBfVYpVoxOnP6n_WRK3ZLM6gLOcJ9_cw xDP4W9VRbw3oUCQIpEgHTnWcq8TcHwJ09s4yLaym0ZPZkUGh1Si9bJ.qW7OBq7B3FCU23rhrJDpF aywm1vMcIbaJpZQlpOG71icy9nj3hfP_B4IQ0UBDxIIiCrUdbAuqovOaU.eaKWhsE1zpiZSQi02m AWDPxLBlVJ5_nEdO02MsvlA4zwFMqW37W5Qc6TULcUwLjDTWZwjYjTeDDQawZbtQ1aZNhILCwbEr rQ5y03tlJv.igWlzZBI64sJvucG6h0p9efb0nhWM0iss4QJNqRMmyEAKAfBw5LjABMy5toTniHA5 gBEt9q7I6Z4s5RiBK3M3oJ.Z.MWb3hPDeMxl.7DFz4Mes3V014AJqMB5NJ96Vm3YqeUnu4RkySAl QX.kadK3vKDzj1cbtyhxTBjcFz.3xNjr22okgD26elEscgyra4YtxfXH5DECF6UcSlaHwjOM7Ctb 71ar5Dq.iIDCLBXaM3HCjOXs39SKXtKfOM7.LEX9bMPFgODGhrTKOgVP5wCAKFrtUbLCe2yDx1uk uU.ylhL3wugQB2aIuT2lHjLokAQsqqiDscRkkBv1zvL24JBLyUT2xV.l12Ky.4PdJBx5E9uJsulj OIUyjfzzXXLWFlNCi3cbW6xIXsnFbXRpgoz87KPfmawBgOy3gaOvsyep4KzRftrkvhf_g8kQejHx 06zKI1sGOnvxsraPHrRZhNzqn3Xd51BK00gOQHyddvPWx8xU90cCpXTxXShXg7wQv2TEyw.oGW7R oIEhPo7IPGghPbeIfqnjanJN5QqvvLopVcHRSdKBrZjYjsFnuUIfe_xwkxlOczlzENQX_qmyzifn cx.pCyOAsV_hNo.v_w2bD8g7n1p2oB_5RvzPjbVgD_azn59_dK8B8QB4cS65kl0aTy.rZPEnOeM2 l4Wx3XIIkRKx.79mi5ttnXmFAl8W6kYT6mqxNE4AGMFkLlLnghlb0kRqiJBqJgSpcnHpZo10fi3z G54xL8_jx_y2h6SrpnZinXBttvemT.XmEf5jBX5TqlSJgsXqQuKo3p1OOSNXWeQLAs3GWpvhG6CN h9EHXiXLPEL.v0k7BJlOD1rRMCnD8Mwtz5qFBxKsxYKTfKSmH0KmiB_V0z7rEKeSP50vW7pzm1GW AGHBbmWT7MMJPCLESirrTkMEQhxo_pZuYraT7_O4y5ZwRn53.jHVoUcbFp0.FYZyYQNSr8pOQXMr 31WZPk3EEK31X_mckwbsSzovOzK8PVdQbaF4NVoVukqI6_wcLPg_OdRbeaSKkZ.RzUwFE7Ec9kYt 0iQIU4_W.kMbGx_BZ3FJEodFlB3qr7caYz84ZVPK5HcLrLPUgCmGDBXI3ErZ.jNn_BRFqUfVvBWH ekxT0THozN3aKR4bcEItTy4ohjt5BoD4S9OZqXZRg_LzQxScipW9nivWUtFQMh7A.iPI3rHkiv_C fU0AY6lVGRrAhDiiI7rb_cBPGSQo_0OI4AJgnEQuEZSaXFi7eJ5GBVZSdX.jtpe33_DYPNungO3f RD3Pzn_FAUhRMqsdX5XJGylg1hZGiYtikGCym2wMjquilgrGwGiDNLr2ydbWiu_.x4d.lt0NLSDd fA5SGe8OjnRD5hvikxnOmahZs0J96rZQ_Htsh291apI9GZtMWxv4CEpskI4mJaadosW9h_B1XxnQ jPUOi9JNpAJYFhy.6AraLUgJZdC2IGp8ua6JdLvzdP7ERsK40RoNBU.AhaeqChKwcqEHp5Anw6Jz h_s6iHlJF7VXAr0KHHgZ3alMy93en5XJXIwhGDr0xhkYIHYsuNIn3iKb7irXzt4aWRs20s7xd5fR sGviXJX8-
X-Sonic-MF: <nalini.elkins@insidethestack.com>
X-Sonic-ID: ba46956d-d163-451d-ae08-338ade321be6
Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Thu, 6 Jun 2024 19:42:47 +0000
Date: Thu, 06 Jun 2024 19:42:41 +0000
From: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
To: "draft-ietf-ippm-encrypted-pdmv2.all@ietf.org" <draft-ietf-ippm-encrypted-pdmv2.all@ietf.org>, IETF IPPM WG <ippm@ietf.org>, Warren Kumari <warren@kumari.net>
Message-ID: <2029865184.1569833.1717702961769@mail.yahoo.com>
In-Reply-To: <CAHw9_i+uQamnxRqufN7H-HPBCVj7jCsZ=2eKXDOckJ9i=yVciQ@mail.gmail.com>
References: <CAHw9_i+6FZyEfRPr=z_1YzLBrB4oSCqgSfJ8cgLWCw9orPBO9Q@mail.gmail.com> <CAHw9_i+uQamnxRqufN7H-HPBCVj7jCsZ=2eKXDOckJ9i=yVciQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1569832_1429440708.1717702961766"
X-Mailer: WebService/1.1.22407 YMailNorrin
Message-ID-Hash: J5DRHJ6XU5IKBOPK426YSG7GOO52EWRO
X-Message-ID-Hash: J5DRHJ6XU5IKBOPK426YSG7GOO52EWRO
X-MailFrom: nalini.elkins@insidethestack.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ippm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [ippm] Re: AD Review of: draft-ietf-ippm-encrypted-pdmv2
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/1svwAlP4WHE3XW7lnWnfJupJ-ZA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Owner: <mailto:ippm-owner@ietf.org>
List-Post: <mailto:ippm@ietf.org>
List-Subscribe: <mailto:ippm-join@ietf.org>
List-Unsubscribe: <mailto:ippm-leave@ietf.org>

Warren,
Sorry, I am to blame.  We have a new version.  I need to do a final review on it & plan to submit it by Friday morning.
Where does the time go?
Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://www.insidethestack.com
PresidentIndustry Network Technology Councilhttps://www.industrynetcouncil.org 

    On Thursday, June 6, 2024 at 11:34:50 AM PDT, Warren Kumari <warren@kumari.net> wrote:  
 
 Hi there authors (& WG),

It's been a few weeks - I just wanted to confirm that y'all had received this and were working on it…

W

On Wed, May 22, 2024 at 6:03 PM, Warren Kumari <warren@kumari.net> wrote:


Hi there, authors (and WG),



Thank you for writing draft-ietf-ippm-encrypted-pdmv2 - "IPv6 Performance and Diagnostic Metrics Version 2 (PDMv2) Destination Option".


Unfortunately I think that that the document still needs some work before I'm ready to advance it to IETF LC / IESG Eval. 

I think that the largest issue is that the ordering of the sections doesn't make the document very easy to read —- the majority of Section 4 and Section 5 don't make much sense until and unless you have read Section 6. I think that much of my concern can be addressed by simply moving Section 6 before Section 3. 


Nits / comments: 
Section 1  - Introduction
1: "The current PDM is an IPv6 Destination Options header…"
Can you please expand PDM on first use? Yes, I know it is expanded in the title, but I think it would be good it include it in the narrative as well. 



2: "PDM metrics can help an attacker understand about the type of machine and its processing capabilities."
Which machine, and what about it? (e.g : something like "...can provide information to an attacker about the operational limits and network capabilities of the machine sending the metrics" or similar?)

3: I think that the following sentence can be dropped, or the two following sentences can be combined into one…

4: "... it can mislead the person showing there are …" 
I think you are missing a word after "person" - perhaps "by"? In addition, perhaps "the person" isn't great — much of this might be consumed by tooling, so perhaps just drop "the person".

Section 3 - Terminology
5: "pkX  (Public Key) and skX (Private Key).  Where X can be, any client or  any server."
This doesn't seem very clearly written - perhaps something like "In this document, the Public Key is represented as pkX and the Private Key as skX (where X can be any client or server)." or similar.

6: You are using the terminology "SharedSecret" and "SessionTemporaryKey" further down in the document, but haven't included it here. You claim to be using "Session Key", but it doesn't appear anywhere in the document other than in the "Terminology" section.


Section 4.1.  Client - Server Negotiation
This section says:
"Each Client and Server derive a "SessionTemporaryKey" by using HPKE Key Derivation Function (KDF), using the following inputs: [...]"
and then as the end of the section there is:
"The SessionTemporaryKey using a KDF with the following inputs:
   *  SrcIP, SrcPort, DstIP, DstPort, Protocol, SharedSecret, Epoch."
I'm assuming that the second one is just left over from earlier edits?


Misc:
I'm confused by:
"4.2.2.  Use Case 2: Server does not allow PDM or PDMv2

   If a client sends a packet with PDM and the network policy is to only
   allow encrypted or unencrypted PDMv2, then the PDM / PDMv2 header
   MUST be ignored and processing continue normally."
I'm really unclear what this is trying to say — there feels like a disconnect in the section header and the text? Even if that is the case, I think that the use of the term "PDM / PDMv2 header" here is confusing — would it be OK to just say something like "the PDM option"? 

This is made more confusing with the next paragraph:
" The server SHOULD log such occurrences but MUST apply rate limiting to any such logs.  The implementor should be aware that logging or returning of error messages can be used in a Denial of Service reflector attack.  An attacker might send many packets with PDM / PDMv2 and cause the receiver to experience resource exhaustion."
But the text above says that the "the network policy is to only  allow encrypted or unencrypted PDMv2…"


I found the text describing the "Global Pointer" in Sec 6.2 unclear — it took me quite a few readings to work out (and I'm still unclear!) that there are two Global Pointers, one for LL and one for Global addresses — I suggest rewording the "Unlike PDM fields, Global Pointer (GLOBALPTR) field in PDMv2 is defined for the SADDR type.  Following are the SADDR address types considered:" text.
Even saying something like "defined per SADDR type" would make this clearer (unless I'm completely wrong, I'm still unclear on the scope of this). 




I'm also somewhat confused by:
"Epoch
12-bit unsigned number.
Epoch field is used to indicate the valid SessionTemporaryKey.

Packet Sequence Number This Packet (PSNTP)
      16-bit unsigned number.
      This field is initialized at a random number and is incremented sequentially for each packet of the 5-tuple.
      This field is also used in the Encrypted PDMv2 as the encryption nonce.  The nonce MUST NOT be reused in different sessions."

and:
"The Epoch MUST be incremented when the Packet Sequence Number (PSN)
   This Packet (PSNTP) is rolled over.  It MAY be incremented earlier, depending on the implementation and the security considerations.

   The sender MUST NOT create two packets with identical PSNTP and Epoch."

I suspect that I'm missing something very fundamental here, but even if the Epoch is not 'incremented earlier', after 2^(12+16) packets in a flow, this will wrap and you will generate packets with identical PSNTP and Epoch. This is only 286 million packets — what am I missing?
 
I am also unclear what exactly "rolled over" means in:
"The Epoch MUST be incremented when the Packet Sequence Number (PSN) This Packet (PSNTP) is rolled over." I'm **assuming** the obvious "when the 16 bit counter exceeds 2^16 and overflows", but PSNTP is initialized at random — so, if it happens to be initialized at 65535 should it roll over after 1 packet, or do you mean when it next reaches 65535? I assume the former, but it's unclear…

Please let me know, LOUDLY, once you have had a chance to address these and I'll progress the document..

W

_______________________________________________
ippm mailing list -- ippm@ietf.org
To unsubscribe send an email to ippm-leave@ietf.org

v2.30.2 | Report a Bug | By Email | System Status