IETF Logo Mail Archive

[ippm] Adoption call for IOAM deployment and integrity documents

"Joe Clarke (jclarke)" <jclarke@cisco.com> Fri, 13 August 2021 16:12 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B8763A1DCF for <ippm@ietfa.amsl.com>; Fri, 13 Aug 2021 09:12:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.596
X-Spam-Level:
X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FtFvZrmh; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=AQbc/3aY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gv9aeX3De-nf for <ippm@ietfa.amsl.com>; Fri, 13 Aug 2021 09:12:27 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF9A83A1DCB for <ippm@ietf.org>; Fri, 13 Aug 2021 09:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1075; q=dns/txt; s=iport; t=1628871146; x=1630080746; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=M+OPvY2yLHUeDS/L7RftNv43J6zov2C9lMt7NzLwrtg=; b=FtFvZrmhXyT989uCVEAhEVErEOwb3c+2Nt2fO3KD+xVxB0ZajoYw5jl2 YlDAIV2znZrbDCh1FV9o7FNvpiXHdCu9OE1a/OmIF1U+a9prIrvyvNs/B HWCBAFTcBWRbOadQWWB2O3aZ281o4SHRcuwg3pA3Uwq7Egmq09H7jv4RL 8=;
IronPort-PHdr: A9a23:Psp2tBQ25QeCla5ToDPvQKWTHNpso6fLVj580XJvo7NDbqrl+I7tbwTT5vRo2VnOW4iTq/dJkPHfvK2oX2scqY2Av3YPfN0pNVcFhMwakhZmDJuDDkv2f//ncyJ8G95NBxdp+nihOh1TH8DzL1TZvny162sUHRPyfQp4L+j4AMjclcOyguuz4JbUJQ5PgWnVXA==
IronPort-HdrOrdr: A9a23:OpsY86D+bewL13PlHegZsceALOsnbusQ8zAXPh9KKCC9I/b3qynxppsmPEfP+UwssQIb6K290c67MDzhHP9OkMUs1NKZPDUO11HYVL2KgbGSpgEIeBeOuNK1t50QCJSWYeeYZTMR4KqKg3jbLz9K+qjhzEncv5am854bd3ANV0gP1XYcNi+rVmlNACVWD5swE5SRouBdoSC7RHgRZsOnQlEYQunqvbTw5dPbSC9DIyRixBiFjDuu5rK/OQOfxA0iXzRGxqpn2XTZkjb++r6ov5iAu1/hPi7ontdrcenau55+7f+3+4wow/LX+0GVjbFaKv+/VfYO0aeSARgR4YDxSlwbTrhOAjvqDx6ISF3WqlHdOPJE0Q659bde6kGT+vARDQhKdfZplMZXdADU5FEnu8w52KVX33iBv54SFh/Ymj/hjuK4Hy2Cu3DE10bKq9RjxkC3kLFuGoN5vMga5gdYAZ0AFCX15MQuF/RvFtjV4LJTfUmBZ37Us2FzyJj0N05DVCuuUwwHoIiYwjJWlHd2ww8Rw9EehG4J8NY4R4Nf7+rJP6x0nPVFT9MQb6h6GOAdKPHHQVDlUFbJKiafMF7nHKYINzbErIP2+qw84KWwdJkB3PIJ6eP8uZNjxBoPkmfVeICzNbFwg2DwqVSGLEHQI5tllulEU5XHNcnWDRE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DMBwBJmRZh/5FdJa1agQmBWYFTUQeBUTcxiA8DhTmIaZo9gS6BJQNUCwEBAQ0BAUEEAQGBJ4M5AoJpAiU0CQ4BAgQBAQESAQEFAQEBAgEGBIERE4VoAQyGWwsdBgEBOBEBPkInBBsahSUDLwGdbgGBOgKKH3iBM4EBggcBAQYEBIUrGII0CYE6gn2GeYQjHIFJRIEVQ4IyhTSDS4IMIoMeEVtrJYF0QBIXC0C9MgqDKAWeZhKDZZInkGmWEaUcAgQCBAUCDgEBBoFgO4FZcBWDJFAZDpISil5zOAIGDAEBAwmJSQEB
X-IronPort-AV: E=Sophos;i="5.84,319,1620691200"; d="scan'208";a="894190199"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Aug 2021 16:12:25 +0000
Received: from mail.cisco.com (xbe-rcd-001.cisco.com [173.37.102.16]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 17DGCP4j016536 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <ippm@ietf.org>; Fri, 13 Aug 2021 16:12:25 GMT
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xbe-rcd-001.cisco.com (173.37.102.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 13 Aug 2021 11:12:25 -0500
Received: from xfe-aln-005.cisco.com (173.37.135.125) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 13 Aug 2021 11:12:25 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Fri, 13 Aug 2021 11:12:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Myium5SYDpBThekyQFLmaYjRGEfN0qPuvk8z60mMhDMJzSQWRPOGE3l/qECRH9fK4Dnol/YReIJXAr+KOseishAeUuF/wUCQG5e3y0OppIL2tdF9AVVqSL6BgTMKxtclQ4UcCdJHGM2H16T442unKu9mkIYqwsS9j4KNiovUszm3HvL/jKJvqjkL1IpRry9LeRdVuRGgSpvvbcwIt/TMGVKMMbcrsBn+Dn0DUr43W9w2OQb7l4otFV+88bOc12OmQ1qFnaUSgosMQ7ebBPAM4IbvIP/9vFD2cDt45QzHuNapfZHVK/2hmQTAwlJDxc5wCMbgCAsoO0pLZ3lAfXolNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=98Syj1/zd74mDXhenx/Dk/tnISZyNS3AwlUUfsb7TBo=; b=V6w5rH4DwnUnGthVmgITv40q8Q4YuB58z4eQnY067h0TA2+qwfkLpb/znIXau9Cg2Ui7GMIDfHthemRLROVqWQvQ6BxYU8MB9ZmKWkPZvMYHwuR8jdXvf1odzSx/bS7XbAFLArlyhrdyrtcOwgYpVdIq3umimvIY90136O4HNB7tztHGr+LqynqhqnY6iFDD4yLoYcTPcsQhkI4qa4baNuWcDTKhnBxyv0JqQThvnBudumQsSigb+1mhVbfl16uZHCwn/4g74KPAXYLj3je/+pmnvYCa/5BxeTmXw23u+tqDapocxbULYAtFSHitSf1mDP4Zy6Ah6/1hcW1vo7pnPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=98Syj1/zd74mDXhenx/Dk/tnISZyNS3AwlUUfsb7TBo=; b=AQbc/3aYONxxxduWgnQqU8A4dweUDlA2L4Zbc4BvLw8xs2dDUaRZp+mZH5ypoob2gONMcLDiDSLWvmGu/NPpEO7R+BKfRxhLMH+hRIE49E/reFYwIruShKshJhdFi7pk12nJ5/xjidx+BwSfvp3TVqc4+wSlfTCmcDvX9QflcmE=
Received: from BN9PR11MB5371.namprd11.prod.outlook.com (2603:10b6:408:11c::11) by BN9PR11MB5273.namprd11.prod.outlook.com (2603:10b6:408:132::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.18; Fri, 13 Aug 2021 16:12:24 +0000
Received: from BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::c882:56f8:ec9d:cec2]) by BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::c882:56f8:ec9d:cec2%7]) with mapi id 15.20.4415.019; Fri, 13 Aug 2021 16:12:24 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: Adoption call for IOAM deployment and integrity documents
Thread-Index: AQHXkF4AOj74EUL8KEGGanKHH+AYdg==
Date: Fri, 13 Aug 2021 16:12:24 +0000
Message-ID: <BN9PR11MB53710BDD0FF46BDF0501B626B8FA9@BN9PR11MB5371.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e5e2289c-6c50-4d54-cfc3-08d95e75232a
x-ms-traffictypediagnostic: BN9PR11MB5273:
x-microsoft-antispam-prvs: <BN9PR11MB52738B79335F6042215BD68CB8FA9@BN9PR11MB5273.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2HebhRDmSEfWStAaR0B5tg/zno06vUvo3GJIUi4xcEWny3y9GCqHT21whpuB1ztgwfOQgkkY5QGQy5h4AeTj+ABLHfOc6kj6QecvWBzp1MtFGB7D2ETRelTEgfsDgBLN8QhKZeUE7RFzxjsEqRQ3fTS33bx0B+pUZcnZFg+PMUSR4y9FtF8RCGjQELxCTpiV0a4uuPbAkGpAX7Br1/JS6/tCUwBzKTK/qmU8vBhkupc/fqGrCOveSC88WAdCIPz5v9wKVMlUxlnokU904/6oBSmRyzzziF4eqn3QMY1ivy0N/1YtpNLV4hD6J8sxI/EebSX4J2RDZ0LmPKiECU/j7cuJmWzvnmc6cMkG3BH6J1GB0yZMjCJ10ZZHyAO8ffDq+j/C/SIl5cutDTsthEOa/03Hajg06x84Jx8RHNURCSJmM+uf1xiHW7F/+m7EHcOG8nfxaA3GKo9WYawq5bsJmHapuoGSv6mXQpjgp+wPzQ5VM+w+Ubd+VrT2PpnCRw2jfXyCJZwEJuhzorHvdhCRuUoBD3JobK3lKdAC/PIr793AGMHCUOGVrmOICvYZ/MFijm5JfukF3YKCp3FNIKCMhKxNz7wF0r15ff4SVpMiqnAgfFg0DASIgLc1qcXbb+VI5HktLZHi2JhaK7uBtwDGIru71hQc0MRDF9xildIRQwRr+M9IQRoBJgzNSOYCZbZ/J82+jBpws4GWqqIwTbWIHQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN9PR11MB5371.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(66946007)(64756008)(6506007)(66556008)(91956017)(38070700005)(55016002)(76116006)(52536014)(26005)(66476007)(71200400001)(4744005)(66446008)(8936002)(9686003)(8676002)(2906002)(508600001)(38100700002)(6916009)(122000001)(83380400001)(33656002)(5660300002)(7696005)(86362001)(186003)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IMynVO3sxwMYn92sn548ka5KER5tgiGqKa+FcXrf1bJjNoElcD952Pe2Fnvl00t5J9dBeSHU2tzp2NyviSZgL3vssVAsrYQE5SBPZXxmez3qRlzofR1JY81q0EORTSaA3momPfq0u8WN7LDx8VOP8td8q0AXBKhRoAgxjZWgY9E8+2xP0WdOqNlKgaD+aio7u8E8HfyQro5tac/IiKY4PbEp0Sa3a+HBMnkVibdNGTImiywhT4lRaYlCBVguyhZQvl+RzSULTyiqX856iQpLtbsXYT3Lw/bi1Sbe+XfBg7B8NzM27+GpRwDdh97jmYUvQYRdoQge3ZF/U5RVt9x0ObXAFHeiSJqIny4prePBaDlpOPu+TVf2tge8Kl7A0HN2NhqwVow9Ur0UJ7d14nIAdJuJrYcKpjGNLY4SnVpV6sSmIAaTaAheB7PNq5X5RS5/Dui8NXw3+S3o/PPEhPEfNcA+ib2gw0SEE+IsC4TUcr88pyGd7Oaqc3JIHLp8OzY8dttojKC/r3Ftdu261ek5BHG2Q8JmGmcxsRbnZGLENEBT+i3F8rMjj4P8pH6E9O2ntKEu8aFd2ea7kmjqxb5OKxYeVsVrCbkEM0ZeCi7ItXNohxlPvutVoccT8SXQVH7Lof0YHmsnHNi/ptM7n9TNSikVVBieC9LawYKiwcRrCLFaoeeHa7kMEOXNcvShG4r40FadtG2q68cHPiaqz+R9EwPa15Ax/P/QlXvcGRrjMetGUcpWcEProCzqWlXRERFJhjCam3MTEKXwWGHiXDmHj9wUofNuR0XHFLSdnl2UJ0q3Gneeoyr9CMHN6wxeUZ9YzMdqV9esDQ+t0D/wO2h5i2BeLsY0t2nvGGOFqrNZHV000RrO81nk1pwWne6CIHIagPRIFTIoAIMa6SZv0Fw8H9hghsGvGv+2vlPK0HdNwsZfRuU0nVRDpxy7JuL3aQs+65qCdKCianv1PC/c2DGmBG3Wtpem/HEuqYmDXgn2tMleSX2Qh2o2OgYFa398hvSHaawTh1x6yaOQyThhuHa4CElsIkGJGVJtPEAoKm/39ujZsxHmvOt4oNriWkVA7KJjsAETntRBIRMbQGLktMM/ajIY0QyOsLCfK8/Em5fpiKnxnwpwb+CHLg+i6CwUaFWSTgSPcPgvRJtheFhhQV2Fd1LhKMQgpDw6pSYTPsAdcApXG4PbVZff6lnVSR5tHI4TFRUhREU+C2fQ8RatfEuNaJ9CcE/pd/c6bNx8Z6tGYUm5OjcBBQR/IseDlfDY6L/gmbnf08WrOPeLyNhxx1l4icv/oP0dXtYUj6XWseM1OSbf/u9/CpapEjAo+HcMKOKd
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5371.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e5e2289c-6c50-4d54-cfc3-08d95e75232a
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2021 16:12:24.2056 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9HIZvUnngK9U8JnSngfRuOx813K6nEd1kY7/qDwJMCllOke1pgrYxO3v24H2fv191G22173Ya3O5LNFcMCzr5A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR11MB5273
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xbe-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/4Z9s4Qw5KlnvElfqybsFphCK0Bo>
Subject: [ippm] Adoption call for IOAM deployment and integrity documents
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 16:12:32 -0000

I have read rev 03 of both documents, and I feel these works are worth
adopting.  I do have a comment about the integrity doc.  I'm glad to see
this work come forward as I agree with the previous reviews that
ensuring integrity (arguably by default) is valuable.  What I felt might
be under-stating here is the "general" statement in Section 3.  You
mention that the false illusion could prevent detection of actual
problems or cause false positives that require more processing.

But for POT, I wonder if that's saying enough.  The POT use case, in
particular, while you can say that a general DoS could be the outcome of
IOAM manipulation, I thought saying something to the effect of
circumventing security services in an SFC by "lying" about transit is
more than just preventing spotting actual problems or causing additional
processing.  I think the POT use case could use more fleshing out here
in terms of the threat model.  Though that can certainly happen after
adoption.

Joe

v2.23.0 | Report a Bug | By Email