Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

"Hamilton, Robert" <RHamilton@cas.org> Thu, 01 July 2021 21:05 UTC

Return-Path: <RHamilton@cas.org>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8013A1D52 for <ippm@ietfa.amsl.com>; Thu, 1 Jul 2021 14:05:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cas.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rNsEnsObWZ4F for <ippm@ietfa.amsl.com>; Thu, 1 Jul 2021 14:05:18 -0700 (PDT)
Received: from esa4.hc2953-94.iphmx.com (esa4.hc2953-94.iphmx.com [68.232.148.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56DB13A1D50 for <ippm@ietf.org>; Thu, 1 Jul 2021 14:05:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cas.org; i=@cas.org; q=dns/txt; s=CASCMH20200214; t=1625173518; x=1656709518; h=from:to:date:message-id:references:in-reply-to: mime-version:content-transfer-encoding:subject; bh=qXIa4f/dH+L9r2T3A5AoaJZKqVq2DGg7cz/jvKRmSB4=; b=ZHKfDiglvtTYkVF0bRwvdzz6pJVmeJY0oTIGVbRvGTx3NoMJdopJZX3w CfzEcikGFUkNKhUYOvf7BhD7LqBBT0KsqXAGmy92CZm/iNQZRupx4Ae3t 1lSAJKCf2jtkYwfVpyCpzXAO959LOLZd/F0wHnsSH1p3yvcSzJLc7uALC 5/DBitfExsrXPbGsMSjoydNtD0huuGjXNWSvNz0mUQUaVEDNXsTW7x30M m/O4hLrx059teGOVa1bCAmV+qgf6RW8Z9Ucqmb7cbEHBxuT3asv5xchF0 1hrIT44kDzoKgjC4tEcjbLCLMbPK+z0W0M6Cl1myHAqMcYdB28umG27Oo g==;
IronPort-SDR: JyWtJ40AY+VVCFv1FLbB+snHnI0WBjh1rg9niFlMO/Ai2WpyTKZp4BSgYlRst9zeMiPaPqi7aC BUwUNOEs3XG6oAUcnQJXyaIST1+Tf6XwstLnnGX/t38UQ2lJdJxAjsfZaR149/Fxzy/LgEPueU mHh3iBd3WUC3bdv8R+YQRl0FrERUM3K+X8oqdVUgo8YgCyI643DT6DAT1FDZp28KfKevpUfouI CTzH4edxssHbEOz/1M7dKMc4/dqqGXH6GY3It2Sn+tpznQuXdIC0t4DoiYhgJdmLZdHfzuAgBe 9XY=
X-IronPort-AV: E=Sophos;i="5.83,315,1616439600"; d="scan'208";a="11789445"
Received: from unknown (HELO prod-ws-184.acs.org) ([134.243.49.23]) by esa4.hc2953-94.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 02 Jul 2021 02:05:16 +0500
Received: from prod-ws-183.acs.org (134.243.49.22) by prod-ws-184.acs.org (134.243.49.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Thu, 1 Jul 2021 17:05:15 -0400
Received: from prod-ws-183.acs.org ([134.243.49.22]) by prod-ws-183.acs.org ([134.243.49.22]) with mapi id 15.01.2176.012; Thu, 1 Jul 2021 17:05:15 -0400
From: "Hamilton, Robert" <RHamilton@cas.org>
To: "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: [EXT] Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
Thread-Index: AQHXbqDOX3YSg/Q+Kkugp4NDW+ZIr6sulUlg
Date: Thu, 1 Jul 2021 21:05:14 +0000
Message-ID: <c0651506a3fb437c9300b1fc14206560@cas.org>
References: <162256330634.19677.3885804345914692467@ietfa.amsl.com> <28584824.2341925.1622563579715@mail.yahoo.com> <721002155.671981.1625161479360@mail.yahoo.com>
In-Reply-To: <721002155.671981.1625161479360@mail.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.16.197.52]
x-tm-as-product-ver: SMEX-12.5.0.1300-8.6.1018-26252.004
x-tm-as-result: No-24.027700-8.000000-10
x-tmase-matchedrid: 8HTFlOrbAtFor4mPA3EMthvgzEPRJaDEKQNhMboqZloTiSW9r3PknB3P OF3tFcwxE5k0SQVbD8AZmKELKMAyuuJPyge9irBSBcaL/tyWL2MZj/vd1shMJOg3wNKii1r5/A/ VIcnVRfm2B79ysOrOPZ/2PzGFu8k/eIh1rW8bWHmiVU7u7I4INabwyy5bAB/9e3wXTvBMUi5Mot nVZVu+V47uFu0kSjHiVCnVxFP9RBYeKyURHny6GIO+WE9oc+CwF4r8H5YrEqyrsUj+lMq6Vbkxb uDibumT9QInYlzCoqTPoNpSMiRMNF/ag3kgZsCOzNY33yIEF4aNAeLhyGbUKHXH1Ot8vMTwBuhM NLfO6UAa4LNF8JGLEuH30OqBMVxq5EM4kTBn884ZSUX8zcPGn+RETaH2dwRcD8+rFIjG988KDpy 6oiUnx2lJB4E0gxIboKKvQfDMmNJLjkekqIj0+G/GhVZSEqbiYoDUdUpkG5MB+RHY7Rg/VyaCjk FKp/+esawT5oMEQWXnZbSMAnmdRIx8jP90278epkmxzOTCfBATA7ACF0jdA9lDvMO+sk0Vu389V MNq7rTgEWPhYxHanu8p3tFb146hgQyi3U5IjNte2lI2FurFLvy9bLgnh4Ap0XeeNQk7aMlpOkpB uCb1Ga/GViKgtxFicehjg07XOYxyLXoFPE+sVf9P6jOFCM5cHBQc++m6TcY5+qEYOELvPbQYL4u DJpJxPZma5atQwXWUtL+IoXvwybfBrkBZSdWAnVTWWiNp+v/sfG+/NIT6/mtEzrC9eANp6vLLEf zxWGK3UTzKr6f8G13mkzQQgqZXjQ/qda8JaQSeAiCmPx4NwFkMvWAuahr85irsTF7QAig4BrATw m8horxAi7jPoeEQftwZ3X11IV0=
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--24.027700-8.000000
x-tmase-version: SMEX-12.5.0.1300-8.6.1018-26252.004
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/36mX-tJO58O6gfHNYxfkuJf_RGg>
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 21:05:23 -0000

I am interested in the encryption of the PDM header, just because I've done symmetric-key encryption with pseudorandom numbers and pseudorandom obfuscation algorithms for key management. I see that we are interested in using HPKE. I have just a few concerns:

 - The latest HPKE draft expired just last week. That means it's some time before general implementation. I'm a mainframer, mostly, so I suspect that makes it even longer before I'll see implementation for _production_ use. Further, I don't want the implementation of PDM in more secure environments delayed because of encryption-method concerns.

 - When we generate the PDM structure and determine the timing, we want that to be as close to the wire as possible. The PDM timing was very granular, so this will add a variable amount of time to the time the packet is determined to be spending in transmission; the encryption delay is now part of the transmission time.

Still reviewing; I'll be back with more thoughts.

R;


Rob Hamilton
Infrastructure Engineer
Chemical Abstracts Service

-----Original Message-----
From: ippm <ippm-bounces@ietf.org> On Behalf Of nalini.elkins@insidethestack.com
Sent: Thursday, July 1, 2021 1:45 PM
To: IETF IPPM WG <ippm@ietf.org>
Cc: draft-elkins-ippm-encrypted-pdmv2@ietf.org
Subject: [EXT] Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

[Actual Sender is ippm-bounces@ietf.org]

IPPM,

Please do take a look at this draft.

I think that iOAM will need encryption as well.   We have spent quite a bit of time thinking over these issues.  We even have 2 cryptographers from Italy involved as co-authors.   I want to do a side meeting where we can have quite a bit more time to discuss this but would love to have comments from the group on the list.

I am very reluctant to push PDM out to the wider world without encryption.  I feel that we will become the attacker's best friend.
We have modified the Linux kernel to include PDM but as I say, without encryption, we do not wish to release.


Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=61654d20-9615-453c-80b2-c06c82268e9d&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-86a3cb083390e2163fd0daaf45646c2a55adf702
(831) 659-8360






On Tuesday, June 1, 2021, 09:06:39 AM PDT, nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote: 





Hello IPPMers!

We have just posted a new draft to encrypt PDM data.   We feel that this is an important feature to add before promoting widespread adoption of PDM.

We would appreciate any thoughts or comments from the group.

Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=61654d20-9615-453c-80b2-c06c82268e9d&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-86a3cb083390e2163fd0daaf45646c2a55adf702
(831) 659-8360






----- Forwarded Message -----

From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
To: mackermann@bcbsm.com <mackermann@bcbsm.com>om>; Adnan Rashid <adnan.rashid@unifi.it>it>; Ameya Deshpande <ameyanrd@gmail.com>om>; Michael Ackermann <mackermann@bcbsm.com>om>; Nalini Elkins <nalini.elkins@insidethestack.com>om>; Tommaso Pecorella <tommaso.pecorella@unifi.it>
Sent: Tuesday, June 1, 2021, 12:01:47 PM EDT
Subject: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt



A new version of I-D, draft-elkins-ippm-encrypted-pdmv2-00.txt
has been successfully submitted by Nalini Elkins and posted to the
IETF repository.

Name:        draft-elkins-ippm-encrypted-pdmv2
Revision:    00
Title:        Encrypted IPv6 Performance and Diagnostic Metrics Version 2 (EPDMv2) Destination Option
Document date:    2021-06-01
Group:        Individual Submission
Pages:        16
URL:            https://www.ietf.org/archive/id/draft-elkins-ippm-encrypted-pdmv2-00.txt
Status:        https://datatracker.ietf.org/doc/draft-elkins-ippm-encrypted-pdmv2/
Htmlized:      https://datatracker.ietf.org/doc/html/draft-elkins-ippm-encrypted-pdmv2


Abstract:
  RFC8250 describes an optional Destination Option (DO) header embedded
  in each packet to provide sequence numbers and timing information as
  a basis for measurements.  As this data is sent in clear- text, this
  may create an opportunity for malicious actors to get information for
  subsequent attacks.  This document defines PDMv2 which has a
  lightweight handshake (registration procedure) and encryption to
  secure this data.  Additional performance metrics which may be of use
  are also defined.

                                                                                  


The IETF Secretariat




_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm
Confidentiality Notice: This electronic message transmission, including any attachment(s), may contain confidential, proprietary, or privileged information from CAS, a division of the American Chemical Society ("ACS"). If you have received this transmission in error, be advised that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. Please destroy all copies of the message and contact the sender immediately by either replying to this message or calling 614-447-3600.