Re: [ippm] Adoption call for IOAM deployment and integrity documents

"MORTON JR., AL" <acmorton@att.com> Mon, 16 August 2021 00:18 UTC

Return-Path: <acmorton@att.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64ADD3A074D; Sun, 15 Aug 2021 17:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id twCeVFrCwAkL; Sun, 15 Aug 2021 17:18:50 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE57B3A0746; Sun, 15 Aug 2021 17:18:50 -0700 (PDT)
Received: from pps.filterd (m0049458.ppops.net [127.0.0.1]) by m0049458.ppops.net-00191d01. (8.16.0.43/8.16.0.43) with SMTP id 17G0EGYL034371; Sun, 15 Aug 2021 20:18:49 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049458.ppops.net-00191d01. with ESMTP id 3aetydutq4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Aug 2021 20:18:48 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 17G0Imv6002893; Sun, 15 Aug 2021 20:18:48 -0400
Received: from zlp27127.vci.att.com (zlp27127.vci.att.com [135.66.87.31]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 17G0Ihfk002859 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 15 Aug 2021 20:18:44 -0400
Received: from zlp27127.vci.att.com (zlp27127.vci.att.com [127.0.0.1]) by zlp27127.vci.att.com (Service) with ESMTP id 3743F400B573; Mon, 16 Aug 2021 00:18:43 +0000 (GMT)
Received: from MISOUT7MSGEX2BD.ITServices.sbc.com (unknown [135.66.184.211]) by zlp27127.vci.att.com (Service) with ESMTP id 1BBC8400B570; Mon, 16 Aug 2021 00:18:43 +0000 (GMT)
Received: from MISOUT7MSGEX2BD.ITServices.sbc.com (135.66.184.211) by MISOUT7MSGEX2BD.ITServices.sbc.com (135.66.184.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14; Sun, 15 Aug 2021 20:18:42 -0400
Received: from MISOUT7MSGETA03.tmg.ad.att.com (144.160.12.222) by MISOUT7MSGEX2BD.ITServices.sbc.com (135.66.184.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14 via Frontend Transport; Sun, 15 Aug 2021 20:18:42 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.103) by edgeso3.exch.att.com (144.160.12.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.14; Sun, 15 Aug 2021 20:18:42 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fUKqCECJINiai/26jBpP6utSMfvrJJQ2z9l+1g/I7a9wYN+1u1H9kptm03M5NFA8C/Uoy7V6xDV5iSVcwXHHtrPXJu5if5LY15wxBRdVnBpF1LS5FC3veiIth+J8iF4RSWLJQ8/KJ1s7vaJHt9WT9ocO0Z97bZT9j1NqULsTqPwPb5BXncQ+iMt1ooSHuL+KWU1uBHB33bnRtOaK7q/AM9xFXixNRg1nE4uwUl2dcx6n1i90Cw0M6f18GWxgOmAygwIl4Y/RpWRZ7try7NpmWXPJn+kASO4CEpJB/V4jRQPvjyoAxOztWKQwJ5lXEbzSYUN7sFLs8QviiKCKlHudNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J18JVMVhAQ3kt7DG8TJ2jLtWPfTY2KDL728SQnBw0do=; b=QQsl/6a8UBW9SOwWzE3iu3PKdzKAMsEbnMpNRWQR4DCXGTckECz0nl/sdFXkhq13JyGnxU9hpm22NjjKPiiwQWUoGz1Vo1572uk475oo/1NBMghJ4CgtdV8R2Uviw3XBjMWeMnJyBs98HEBBFAq5f7mVcBOplCB6qpsAKmZXfQR/8pTx2dam5xMAftG6Z0YmU+QZfEEsn89BFnxEoy76K4jkD8U4PKL42tmL5Bm8pgPky0Y7769XAUpFkaEpamVzfzGp8d7ztUyoflq057874JC53EqoleJHDTzcX0amTukNAAgNmBg/nOdsPeN1S3ibah6KntDY2D6Fkf1zcWMcfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J18JVMVhAQ3kt7DG8TJ2jLtWPfTY2KDL728SQnBw0do=; b=Bpw3h2xnu4noo2r0y0UQhi762y+WbTYnjehVy+WRSA510HT6cpyruX3mMFCNyLAUE3+FuAM1v/facB4MVxFDqNtKPap6WdLE3W1yFoTACC8UU94i0H6h6xniRAuEXM9zzHqaoZqsvWq0Fbd2WYzISWc2TIOLM/lUO/Nh8N8Kq+s=
Received: from SJ0PR02MB7853.namprd02.prod.outlook.com (2603:10b6:a03:32e::8) by SJ0PR02MB8814.namprd02.prod.outlook.com (2603:10b6:a03:3de::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Mon, 16 Aug 2021 00:18:39 +0000
Received: from SJ0PR02MB7853.namprd02.prod.outlook.com ([fe80::7c62:d778:c67f:2f46]) by SJ0PR02MB7853.namprd02.prod.outlook.com ([fe80::7c62:d778:c67f:2f46%9]) with mapi id 15.20.4415.023; Mon, 16 Aug 2021 00:18:39 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
Thread-Topic: [ippm] Adoption call for IOAM deployment and integrity documents
Thread-Index: AQHXiIS5YdUnAv9tKkSojs88htxN3at1R/CA
Date: Mon, 16 Aug 2021 00:18:39 +0000
Message-ID: <SJ0PR02MB785348BFDADE7B118AF5221BD3FD9@SJ0PR02MB7853.namprd02.prod.outlook.com>
References: <69C9F697-A970-41DD-B7EF-0C17204D57AA@apple.com>
In-Reply-To: <69C9F697-A970-41DD-B7EF-0C17204D57AA@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=att.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 54440c89-ff5a-4f5f-65df-08d9604b6590
x-ms-traffictypediagnostic: SJ0PR02MB8814:
x-microsoft-antispam-prvs: <SJ0PR02MB8814A72357666CA7DA82A967D3FD9@SJ0PR02MB8814.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xTV/s+ngaHjFKqO+ypyj2t/KkQNhcBBJ43QYRQrkh47TRMYHsFltdAO+2aeJVmg+eJhUBcYmVRjB28wE+5KtkTv6mpzOnmwjK5zi66/b2xNriAiujeNlkP8ZwsocpBe8ATnrn5+G409OfgJzUG7BuQn7bnuv9rOxDRjdjgtqy5gIE+05IXZ4AELSMv7jJ+2nT70utZcD/vWbcNEpQ5CYGviqxV/dUFoh/J8IdfCMYZycGX74QFoX24xMJW0yZiTi/OTdvi5d39tGo2rwDpVsdUP5z+YSB4sU1IOEYSwD2FLiCktwfAu4KBuULFLAIVOxCpwzd4gcEaGiSPe/vqvVxfc7yCoP1smzzJvuR0sWO88/s+w7UXHoDDLnANkW5C7vV0P66ygrjk7U0FzD4kd2+ViCXgMmdTZpJpwGzoPr3HF//4tmy2TffT1E6bCOffegOTO30Wk6NDWVfTdLKFf0Qc3QSj3K77qxAHH0rumaHo++olKFLzIjiF5m+HuVb4zpwWYSLEkg/moVOIHHd5sLZqJD8rUQc2A/Y6bJncImHF3Mm4J9QBj+M0iKDapDX8jc3xGzlMgZXUY7CaMx1Wp9HLEu5fihObDBHA0Qf9+0YuAdefsm5za7ps/G6mDawSawchMG0nloecOn5x12niOVKaQkDnrx3EA8R3IQ3jutQ4ZkRuLLs1tW1nySWeA1iBhfJsqWiZzhrFpXGYvYFudn76Cy250CytJX1RVF9GFxg5uz9rdqdF7xrn8IFKsjKEpEYdYoHTidducn8UVsBHpASDZsMXZmXiEBUZ2c1oz6DnOeY5R48ZXIoRVkYQ/WwcDFm/c7jPvR0y4k1pq0U7mGxA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB7853.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(376002)(366004)(396003)(39860400002)(2906002)(478600001)(8676002)(83380400001)(71200400001)(316002)(26005)(122000001)(76116006)(38100700002)(186003)(66476007)(66556008)(52536014)(64756008)(66446008)(8936002)(38070700005)(55016002)(66946007)(966005)(9686003)(110136005)(166002)(6506007)(86362001)(53546011)(33656002)(5660300002)(82202003)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jPcacrwWGYvvB8kW63SSjLwR1G6UWTu0JLMIvVUSyj7ONLiD7imHyOXLYGg+x7C3zSh52eOq6XdKvjSTCrt2kMbNcGJitqMuz5aM6HGkXC15aERqnY9MIyUnrEAVxRnZKQ/A5t/L8RPSKVLMVWD8B+pUEjZx3osRdZhLL3xrCXatCdqZPxQWFEKhB5gkCs23cK+1sZIOr4hoRXV6v4NFinNvF/uRuVuYdEpe+27UrE3pdQ4eYiLuoM1yh8UbTAoGkKmH5QeOyCGSlt4RKf+s09MkMiXtfif7dLU2Ytm/ZYW287s0YjvYhE4AEUiMg+C8ZtjYEGTH78PTIHJ34ErQ+w5w2sns17fBYY5cs8qms6tSJ+9vvA+rGRvqv6qWjgLJP36lP0/gAT/K+TeLZ8BKt5rqwvwb838Cs3jJXWnZbCLLw5RCfdexRXU86QCV7/hOJgp79+qWfu3vpumak7M8OW8A2ouPxYtyav/K34EPpPDtYrEok3xVc0poernLrnc2JZVul3NcxuCiCtzYuls+WglTZr7YhlhBDYj3GiiZGvCTu9FUtmhnQKr2/xTowiQBySJnnLmTqiHCa7BAKGID/ZVoTsLHkntoI77L5qvtz54h+nxaANOalnRkHbMDy6I2fpLDVoMFgBqNlYHOV5QbxqCpICi/fo5p9UYTV0pH5yAphOq7zj8E+nfhE9PBxEt91VWjPA/gMrAcfAkMihO9JqHotn1JchouebFWxiXyfZrhVqTiqZYOrHmJS8Mbd535G+nFNV9uEMUIOD1ZunH6Es2cqCfF870UytdgNPOTxWJlv9qFrkIOzFHLUMG4GJm8R/emMx0llAlinUBiiMUnxIUW4Fr5eHJJ4IADIKlwFTIpuZdX5YUibVZvO2UcOs5tbFc2fn2I2yBYyaVa2T8jv3cQ/2xwV59uOM87vaaZvtDmNpvSgLHZX6bSVaC0XHlZd1xmGSlPFHeyb2Oc/fbuOxT38aUVHeRqVbhSUxneA9+gXEUH6uPov6+tfnMmXNPrKDUT9oWajuoM1EAuI6N2VCateUCTkgbtBweVap07WEohnVEHXbIglJQgpnd2ZegmYs6uYxB9KCDip/4zbbmU0sGS1dnCLnOesX3Oe44PCD/AJy2yN3hovcOHNpXOs6bxoLz0t5N270SSVnx5aAI5GRM+aT36yBAkOw2KkyVRotDujt9K126k9o3FHJVUr2ltRs55rYwrlG9QlVzsOwm4TMjWcTyD9h6qDqjciqfQST2puBErSs0pjs29nYzdqTaINv/DXWUJHkkWQTtSoR/iGVzXxn2zipPE448BTp2QOyy8ENmYYwOYrd7OrWurDBZL
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB785348BFDADE7B118AF5221BD3FD9SJ0PR02MB7853namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7853.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 54440c89-ff5a-4f5f-65df-08d9604b6590
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Aug 2021 00:18:39.0649 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 23kcUZSzyIZtHHGhUO8mB2o1ClCXMQKMaFMC2uXbIXu5EK467m7EJhUZ2xBX72ni
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR02MB8814
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 8876A520BE80FE3707EECC591776BE5EE7CB75BF3F4CD117C0F76849B145012E2
X-Proofpoint-GUID: JOeUJMrXB0RAoEgxznY9t6Dr7LjG2z6W
X-Proofpoint-ORIG-GUID: JOeUJMrXB0RAoEgxznY9t6Dr7LjG2z6W
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-15_09:2021-08-13, 2021-08-15 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 adultscore=0 spamscore=0 bulkscore=0 mlxscore=0 phishscore=0 mlxlogscore=999 clxscore=1011 suspectscore=0 malwarescore=0 impostorscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108150167
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/3QDuPWCwFv2obCx7aERSmgJEjd8>
Subject: Re: [ippm] Adoption call for IOAM deployment and integrity documents
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 00:18:57 -0000

Hi Tommy, Authors, and IPPM,

I took a look at one of the drafts the WG is considering:

For Integrity of In-situ OAM Data Fields, I got tripped-up by the first sentence of the Abstract 😊,

   In-situ Operations, Administration, and Maintenance (IOAM) records
   operational and telemetry information in the packet while the packet
   traverses a path between two points in the network.

I read “records” as a noun, not as a verb as I now see was intended. maybe s/records/collects/ to resolve that ambiguity.

Then the second sentence:

   ...  IOAM deployments
   could require ensuring the integrity of IOAM data fields.

Maybe we can say more specifically what needs to be done, something like:

IETF protocols require features to ensure their security; this document describes integrity protect for IOAM data fields.


In the Intro, after saying:
   As such, IOAM tracing data is carried in
   the packets in clear and there are no protections against any node or
   middlebox tampering with the data.

the draft says:
...  As a consequence, IOAM tracing
   data collected in an untrusted or semi-trusted environments cannot be
   trusted for critical operational decisions.

I think this is where the draft should indicate that a form of integrity protection is the solution to the problem, such as:

...IOAM tracing data collected in an untrusted or semi-trusted environments
   requires integrity protection to support critical operational decisions.

Parts of the intro need to move beyond the “this is for IPPM WG study” phase, to the “here’s the integrity protection solution(s)” voice.

Otherwise, the threat analysis is useful, and the Methods of providing integrity to IOAM data fields seem clear.

I support the adoption of “Integrity of In-situ OAM Data Fields” for additional development by the WG.

Al


From: ippm <ippm-bounces@ietf.org> On Behalf Of Tommy Pauly
Sent: Tuesday, August 3, 2021 12:29 PM
To: IETF IPPM WG (ippm@ietf.org) <ippm@ietf.org>
Subject: [ippm] Adoption call for IOAM deployment and integrity documents

Hello IPPM,

As discussed in our meeting last week, we will be starting an adoption call for two IOAM-related documents that have been raised as important dependencies during the IESG review of IOAM-data.

This email begins a Working Group adoption call for two documents:

Integrity of In-situ OAM Data Fields
https://datatracker.ietf.org/doc/draft-brockners-ippm-ioam-data-integrity/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-brockners-ippm-ioam-data-integrity/__;!!BhdT!0Ny1D5V4maIuQ6qGnzMqhb2g1XeWhqAWW3MMMWLT5TI-730YRx2JHVbaSFNx$>
https://www.ietf.org/archive/id/draft-brockners-ippm-ioam-data-integrity-03.html<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-brockners-ippm-ioam-data-integrity-03.html__;!!BhdT!0Ny1D5V4maIuQ6qGnzMqhb2g1XeWhqAWW3MMMWLT5TI-730YRx2JHQVTAIy3$>

In-situ OAM Deployment
https://datatracker.ietf.org/doc/draft-brockners-opsawg-ioam-deployment/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-brockners-opsawg-ioam-deployment/__;!!BhdT!0Ny1D5V4maIuQ6qGnzMqhb2g1XeWhqAWW3MMMWLT5TI-730YRx2JHUSOBrbQ$>
https://datatracker.ietf.org/doc/html/draft-brockners-opsawg-ioam-deployment-03<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-brockners-opsawg-ioam-deployment-03__;!!BhdT!0Ny1D5V4maIuQ6qGnzMqhb2g1XeWhqAWW3MMMWLT5TI-730YRx2JHWwp9dBH$>

This call will last until Wednesday, August 18. Please reply to this email with your comments, and if you think these documents should be taken on by IPPM.

Best,
Tommy & Ian