[ippm] Re: Erik Kline's Discuss on draft-ietf-ippm-encrypted-pdmv2-09: (with DISCUSS and COMMENT)
"nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com> Tue, 22 October 2024 05:48 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38481C22207E for <ippm@ietfa.amsl.com>; Mon, 21 Oct 2024 22:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70hMbHSxX0ZC for <ippm@ietfa.amsl.com>; Mon, 21 Oct 2024 22:48:25 -0700 (PDT)
Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BE3CC22919A for <ippm@ietf.org>; Mon, 21 Oct 2024 22:48:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1729576104; bh=gQJr8dtxqdC21xJtX7Qwha1yRfY/S10iG+7uFJdzLJA=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=RyWcIdwjqFu47wkL5/mqetJaWb7Pf71Q2G1xtj8WMXgq5B42Ugg+W/UQLHou4thyDfqe2h41XB0AJnNM1Sk0mJ3yAIxLQsFb3d/2V0OM1kRmpxDVWzE7vevaVO/lvtvicV3zN8E951avXXog75DGgB5pjZi9jsvcHEg4w8UyiTOMj7XR70FTDzUXfsdFWWwzjWqrc+pq/32bTyM2k4kTu3yJaeYOTuOcTK+m6mvoWyl7KHK9sIPFe8reRRwUZdElpiBvxUhr/S4bQJzwAILqFB3vCuHY/9r/TymuG6zOt336ZeTNHXHsUC3vpeitzrcPSr1021FV80Viuatt5XHabw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1729576104; bh=DwEI2L5wJCbC8pJrv0n8SuZNOIwz/jrCNn39E34bI4V=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=dvC4ivKaRNnPTm3LGxoF9vmQzw7U4dH41OAEU6Fvv2n458qeV56nHZ52N6JooswCb4dVdyWH05u2wu4/Bi77nWBmLhQN7qUJnp83vdLv8AjWJRXyThTvYd+6pqA/L9RlLwvGAGnwu16T4l7DhFDhR8fvLw08FtFZyMlRyNtuonVopyZuMi+IItXnhByW2MaYvwDVkdmaKoYSp081RDpQe+r+OesctYUgwDlY6F0wn6t5iOHCH9CdFU744efuW73Kt0pk/a+f65FdDjJ1CGrljXdqzMh6p/Q51P8HMzTlgR1rqaZnG4uP3P1zr8K55PJa84CO/MGqZjlm8Zv6/Dq5QA==
X-YMail-OSG: xa6UyVcVM1ktNOkgW_jA9fu_GfOovwhbtUNVLSbnwoj5M.CvCBKi0cHUEEkiZi2 NtXlbvFTPZytIi7lMamu4XlqpM0QIMGB9M8s5EPveywEFEeBI0WKs5e3fu1A7AXhkcMO.8_KqCBd 1IHGP.vG9oJEZQ9S4sDf23w0zKBAEYBO8DjTjVvp81ORdF7w4hn1nskPTqTeOFLqVY57Cri6N9HH Y69F3CFd0TRxBA47yJoqnrWcdJR7ANuBNiIulW5at.5LLJMfB.R5qCoEs7omU_sJKb6.BYpH6r2K jlgwsbEEcgcXtTgOc7w7a51hZypWfjdhwkVNqVB1M15qm1baD0IPBQX0aIpcZ4PZr2bczAYqbeDy IxqXOVFqHWp3m589MTIOlIydT_KRRkwLsZCib0PlwDI1Gm7RdBJuThdtGkNrFYqDZdJSjQrzU6ME EmZGz36SbeRTs9PLJ_tI.UpEgXE3EKcWa9HLK2v60RN8WBiLM6FOyVk3MBgyQgTPTbeX320TkBd1 PSzr3MIkvDZ6542pZxwfhPLRMuhRtOulpNXVpkbaKI3PfhklJ.xmxxIMXuJbA3jOFC9.cvvzfGe1 GiiAR0yJQjGPrIGMB3Yk6bZQL6aJwlkU7cuv0c972VbgWse.cUeqs.vVjGyzyJqKbBO8sNyMd9sZ TqG2FK.XVnVQuqlhgq7vbA.AifW1un7bWi90Kkj.8y6gSvJDsDSxMlyiTqNMU0vODPhEVe.Ygsit yc3TUrG.s5I6dZNmKLsWfdsbOHmNjZL0pkIAZFp.mtDhun.qs4AV2ECilaf1DphuCgFXmsB_73wk 1Ec_rVzgIQoM8rLEmOpu4mAoRwIgsqXPwqAdE4yiX6ODAOII3xPcmd5Wpy7wNLt5RQ.Oq_5blxvU uCHZwnSIeHal.2syOpX..zhAENYnP0qtf1CZSS1rVvVNAohLSgHA21.4E_QSeXkASHyyZEgS74r5 xrzK.jZXW8lXJ2t0Q4J0vGjuChSu69_7hpd8yhnCyUaR3A6XjbAdeSGIdN5n9WvYNuLCBrYu5g4F Eokwbe.5YfGG9FC65Q8D5ZIAjKLuMcBXot7rHWASjsCOdw0.Hg1BFugmAQ6DfsFtaFR3lYmcJg3J hM5YE5Q86t7.CxZnMdB5mlzEKPHyNREyllsXWOT9L9m5jLA.MTFJpyqLJP_u1zBMd.FeqpjfpAIY vmqO3hjEadc.8XX2S1Sa1AaI1Ox7i8v6RrzRN4d2cOL2dqYiiZ_AhSPEsGz.hs7HTH7dow.0DRY4 glxsSb2PsK_bDQXd1wKsmhJaZ9Taxf4Ly9x3vh0WXOnTBTvb2QS9sg6TWHGtAg3Vfi329wLfktj0 puvxflfkfU1O.FqXvTrOt8MsXzaLRFo_McnvcoBMHy0UAYdDSlPF9OZiqads681gc0kcKEbofRfn .Ol4ECZBScnMeBE8z8ravsOKGWGx31ubAczz_7VDB3ChlFFabSBjpUFpJ.hmweDnC2GIjFn_ADXq Lmg02IXpCbHd7c17nfCIyo7Y_SnxaLGIT92HY31sWuEF8BotFa.6ZLNSanA9hrrpJJonOcVeDIzu rFtHlJlSEq21FERj99r6R3foFNARQHayAeFJWFtPPkUCLwuOAUBQzdLEL1KufyqPXkRpqxo4A1sc 83Ttrwl5DoFt5454HuCT.gfBJnoc65.faqNpBbgeQCLQlKkgFi_50iDNJoQn2Wft3F6LXvwWzI.8 kadsWFk1M3bryWDduSTyjv7WKrWRhG23TFE9P_qNzpjmEbefMuezzsuXum3obcKWyFeZA1awIVHI nQa_KlMEp0uyEZBNEvVU1y7ILdrRH36F_ZUjKI2Vm7M038yMbSqQPKNmmxnt8HIElnlmy70Ylvwk fSd06MKzzMWS_2k.xABIU8LKL_OgXTxCXqLFNNsdf1u.4rEy4GMifUxGnhq4EQKVXnvV6M919cTd 59n0LvK64BNArjpenMTxr4CGr4Xrjpv4k8W7VWpmG8qhtS6y8iNU0h7Zjca8EPivGdZ_FzkRi5wh qMUwTYJtjd2H5Ix3HmnkwNlUDaQlEkFX9mVYckvD0P2ef1nSKMyHBGzTi2RN1B7xmi4AHmt7yD1t vkcLob67qQrXgPwo.wsXQMxrfBjHLwR7GqwQtMIu5kSNQ0PE5EmAM_gjwbRLHocp4rOeJbk0GqWE 2lFcEPKC8RKJkjKO6cf9AeRXGlUSRsBSXcCbJxytvY4lMovODgok6K1HPYWQ0HlffBL0egeKJZRG N7Cp7Yf1wKXzMe.1INDgiIKV44P0Zg_5eB9gSPRXFk_XY9zHl6gZpF3_cvZonfqC68AGwC6YlINE 0UX3TUX069wVeOGfO6Qgl
X-Sonic-MF: <nalini.elkins@insidethestack.com>
X-Sonic-ID: 5eddb426-2ad0-4014-87fe-369e5e24ff1c
Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 22 Oct 2024 05:48:24 +0000
Date: Tue, 22 Oct 2024 05:48:20 +0000
From: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
To: Erik Kline <ek.ietf@gmail.com>
Message-ID: <885025853.4686869.1729576100377@mail.yahoo.com>
In-Reply-To: <CAMGpriUvjTWFFU5Zn9CRGAC-3v1ZHdCeG7QeQ=JddHovKc=bhg@mail.gmail.com>
References: <172938859090.1735191.13453695336155464408@dt-datatracker-78dc5ccf94-w8wgc> <1003106843.1184345.1729407394021@mail.yahoo.com> <CAMGpriUvjTWFFU5Zn9CRGAC-3v1ZHdCeG7QeQ=JddHovKc=bhg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_4686868_1724218245.1729576100372"
X-Mailer: WebService/1.1.22806 YMailNorrin
Message-ID-Hash: NDN3DZD6KXBG6US5FDIOHZBHGGUVCPY2
X-Message-ID-Hash: NDN3DZD6KXBG6US5FDIOHZBHGGUVCPY2
X-MailFrom: nalini.elkins@insidethestack.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ippm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-ippm-encrypted-pdmv2@ietf.org" <draft-ietf-ippm-encrypted-pdmv2@ietf.org>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [ippm] Re: Erik Kline's Discuss on draft-ietf-ippm-encrypted-pdmv2-09: (with DISCUSS and COMMENT)
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/5sTm6qICrxUjgRE2VWTk6XAuAqs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Owner: <mailto:ippm-owner@ietf.org>
List-Post: <mailto:ippm@ietf.org>
List-Subscribe: <mailto:ippm-join@ietf.org>
List-Unsubscribe: <mailto:ippm-leave@ietf.org>
Erik, > From a Python interactive shell: >>> 4294967296 / 83333.33 >51539.60961358438 >51,540 seconds, which is only about 14 hours. >Also: if the packets are the smallest (say, 68) then the rollover time is even shorter (less than an hour). Yes, sorry for the arithmetic error. You are correct. But, remember, there is also the 12bit unsigned EPOCH field. When the PSNTP rolls over, the EPOCH field will be incremented. When finally BOTH fields roll over, then we will stop collecting data for that session. Remember again, this is performance and diagnostic data only. The session itself will continue with no interruption. Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. https://www.insidethestack.com PresidentIndustry Network Technology Councilhttps://www.industrynetcouncil.org On Monday, October 21, 2024 at 03:40:43 AM GMT+2, Erik Kline <ek.ietf@gmail.com> wrote: On Sat, Oct 19, 2024 at 11:56 PM nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote: Erik, Thanks for your comments. > ### S3.3 > * The draft says "difference between the two types of headers is determined > from the Options Length value" but then shows two diagrams each with > 22 bytes post-"Option Length"-field contents and also: > Option Length > 0x22: Unencrypted PDM > 0x22: Encrypted PDM > which would seem to amount to 34 bytes. > Possibly I'm just missing something obvious, or I've completely misread > diagrams and/or the text, but how does an implementation distinguish > between these two formats? Sorry, that is a mistake. I thought I had changed that everywhere. The difference between unencrypted and encrypted PDMv2 is negotiated out of band (along with other registration attributes.) This is left over from some previous thoughts we had had on distinguishing between the two options on the wire. Ah, that makes more sense. I'll look for updated text whenever you post a newer revision. Thanks. >### S5.1 >* If I understand this correctly a new SessionTemporaryKey MUST be > renegotiated every 2^32 packets. Can you include a calculation to show > approximately how often this turns out to be? > I've probably done my math wrong, but assuming 1500 byte packets, a > 1 Gpbs link, and host sending at line rate I'd estimate a rollover > about every 14 hours. If the packets are smaller the rollover is even > faster I *think* I have done the calculation correctly below: 1. A 32-bit counter can count from 0 to 2 ** 32. Thus, the total number of unique values the counter can hold is 4294967296 packets 2. Each packet is 1500 bytes. Convert bytes to bits: 12000 3. Link speed of 1 Gbps=1×10**9 bits/second 4. Packets per second= Link speed / Packet size in bits or 1×10**9 bits per second / 12000 bits This equals 83333.33 packets per second 5. Time to overflow = Total packets possible in counter/ Packets per second or 4294967296 packets / 83333.33 packets = 515396.07 seconds. 6. 515396.07 seconds is 143.2 hours or 5.95 days. Please correct me if I am wrong. >From a Python interactive shell: >>> 4294967296 / 83333.33 51539.60961358438 51,540 seconds, which is only about 14 hours. Also: if the packets are the smallest (say, 68) then the rollover time is even shorter (less than an hour). Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. https://www.insidethestack.com PresidentIndustry Network Technology Councilhttps://www.industrynetcouncil.org On Sunday, October 20, 2024 at 03:43:42 AM GMT+2, Erik Kline via Datatracker <noreply@ietf.org> wrote: Erik Kline has entered the following ballot position for draft-ietf-ippm-encrypted-pdmv2-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ippm-encrypted-pdmv2/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Internet AD comments for draft-ietf-ippm-encrypted-pdmv2-09 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Discuss ### S3.3 * The draft says "difference between the two types of headers is determined from the Options Length value" but then shows two diagrams each with 22 bytes post-"Option Length"-field contents and also: Option Length 0x22: Unencrypted PDM 0x22: Encrypted PDM which would seem to amount to 34 bytes. Possibly I'm just missing something obvious, or I've completely misread diagrams and/or the text, but how does an implementation distinguish between these two formats? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Internet AD comments for draft-ietf-ippm-encrypted-pdmv2-09 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S5.1 * If I understand this correctly a new SessionTemporaryKey MUST be renegotiated every 2^32 packets. Can you include a calculation to show approximately how often this turns out to be? I've probably done my math wrong, but assuming 1500 byte packets, a 1 Gpbs link, and host sending at line rate I'd estimate a rollover about every 14 hours. If the packets are smaller the rollover is even faster _______________________________________________ ippm mailing list -- ippm@ietf.org To unsubscribe send an email to ippm-leave@ietf.org
- [ippm] Erik Kline's Discuss on draft-ietf-ippm-en… Erik Kline via Datatracker
- [ippm] Re: Erik Kline's Discuss on draft-ietf-ipp… nalini.elkins@insidethestack.com
- [ippm] Re: Erik Kline's Discuss on draft-ietf-ipp… Erik Kline
- [ippm] Re: Erik Kline's Discuss on draft-ietf-ipp… nalini.elkins@insidethestack.com