IETF Logo Mail Archive

Re: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt

Greg Mirsky <gregimirsky@gmail.com> Wed, 07 November 2018 06:51 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2164130F29 for <ippm@ietfa.amsl.com>; Tue, 6 Nov 2018 22:51:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7flBOBZ5DbD for <ippm@ietfa.amsl.com>; Tue, 6 Nov 2018 22:51:46 -0800 (PST)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2151D130E19 for <ippm@ietf.org>; Tue, 6 Nov 2018 22:51:46 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id h192so10694052lfg.3 for <ippm@ietf.org>; Tue, 06 Nov 2018 22:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ywaOUV8I+6+QE1S1tXMmmZjerQklqoaeOIXcumud3t4=; b=ZRpy6w5YEqQW9RC9HCuPsC7fI1TlHXNxK0l7+SldTjeyf6MkKBpdWLzjsw7b1I9mvF EAk/7cBIPhiGGz5pBSUp1RT4LmuC/qOc54B6qokwT8bElF/+irx68RUlWSPl+g7ijmRz VjZmxPQYYqvQXgP4i7zcQh6e3qsFkv1yaKk9ZVLhAyf1viLeMA6VpLP+ploHM+Orw0LO 4kci7juyHWKW5pW+FyAvhLaVUp+ZX2nA5s+uClPtJu9h2I0JRDEcFeTJQ4/Ilv7cHXxD b3YbCykL2jheo5q6D0AcUUDeBJ7Vp2/XxcYv65QgQH4TMn0czK4L8PRphtGY+7jCKWgw pPSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ywaOUV8I+6+QE1S1tXMmmZjerQklqoaeOIXcumud3t4=; b=nPfgnHE9f3XsjEVNt5B4ZIPvx9S9RTQn7xxKduoQyqJ3qTah6Oeq5d/z7mRgQ5Xv6o cS7oH7I5JoNaN0Mnmuy4XK70YVt6k84OnUCIaz5zSAELoE6PCVVqPxY4cCrVLj11QVwc 0I+qvqTrU0cX9FmlLUCGhejj3RCUGdUNgRnWK3Yf+n/doeBaAWb1gkBQjHn3QMGDM50X D3h/PffjcG0CHFagXUEWJ35+UckRHcM9HlIP2ZuIEA8NZbQhFz+DRu3RFtbZS99drrXD RQKvIXh2b1E9e9O+SeADH+quW5xmZPnm3gT+bRoWlVI50OzEJM6sMj2IcgTMkieHeYSx O/rg==
X-Gm-Message-State: AGRZ1gLLyoShLwLnePxQRKxZygVKb6Jkdq4GFJ5XvI/wcpyTNZQVMKcd UlIMwaOPL0xvtwDX0hapVhwu9Cd/pFMVE8r3gQc=
X-Google-Smtp-Source: AJdET5f4gTUOB53HpL5SCBp4ZhiLm1WJKEiDRaXENhPzFcTRKhSzj8Uv/J8MjjwxrozAF2Vun29watbtpHuhvv59Pxw=
X-Received: by 2002:a19:e601:: with SMTP id d1mr405226lfh.71.1541573503775; Tue, 06 Nov 2018 22:51:43 -0800 (PST)
MIME-Version: 1.0
References: <153635740444.28980.6908501775124770245@ietfa.amsl.com> <CA+RyBmV_BQbjuf63eZWShaZ1DnZB0cUmbaJMzDQrnZHG7xGxtA@mail.gmail.com> <0861E2EE-9403-4F71-AFD7-1C89D73C773C@trammell.ch> <CA+RyBmXWMq1c79O9x2uhmZxXjt0gipe=B_KTCcstW5Jxum8nrw@mail.gmail.com> <730E50FA-3318-43FE-9C1E-60D29B748BE0@trammell.ch> <B869E846-83DF-429C-A833-A1D2B613DA73@cnet.fi.uba.ar> <CA+RyBmWS-3hpWU=37b1geHtXZFAVA3Ap5ohz3DYpeOhShGiv0g@mail.gmail.com> <F77B6597-C36C-483B-8325-AE69DE393E86@cisco.com>
In-Reply-To: <F77B6597-C36C-483B-8325-AE69DE393E86@cisco.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 07 Nov 2018 13:51:34 +0700
Message-ID: <CA+RyBmWwM9V9dZbbfrRk9=TYupRM3G=wAPpzN2LBCWN0eqmozQ@mail.gmail.com>
To: bew@cisco.com
Cc: "J. Ignacio Alvarez-Hamelin" <ihameli@cnet.fi.uba.ar>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000016782e057a0d8dec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/6yP9K0FLkMoSfK3bgAeAjC2QYR4>
Subject: Re: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 06:51:55 -0000

Hi Brian,
thank you for helpful insights. As this is the WG document, we'll follow
the decision of the experts that participate in the WG discussion. I like
the proposal to move encryption out of the STAMP base specification as it
helps in keeping timing measurements more accurate by reading the wall
clock closer to the packet transmission.

Dear All,
please consider stating your support/no support for the following options:

   - for the integrity protection:
      - use HMAC-SHA256 truncated to 128 bits
      - use  ECDSA  truncated to 128 bits
   - for the confidentiality protection:
      - keep the current text
      - remove, stating it is by higher layer(s).

Regards,
Greg

On Wed, Nov 7, 2018 at 10:50 AM Brian Weis (bew) <bew@cisco.com> wrote:

> Hi Ignacio and Greg,
>
> ECDSA is a digital signature algorithm, which is very expensive and
> because of this it is not traditionally used to protect network data
> packets.  I don’t recommend specifying it. Unless this is a rarely sent
> data packet sent, you would be consuming a substantial amount of the CPU by
> applying a digital signature to every packet sent with STAMP. Also, in
> order to get the value  you want, you actually have to create a hash of the
> packet (e.g., using SHA1/SHA256) and then sign the hash, where the result
> will be at least the length of a full HMAC output. So you’re not saving any
> space.
>
> Using HMAC-SHA1 or SHA256 on network data packets as shown in Figure 4 is
> very reasonable.  Section 5 of RFC 2104 (HMAC) says how it’s acceptable to
> truncate the hash output, and security protocols usually do this.  IPSec
> truncates HMAC-SHA-1 output to 96 bits (RFC 2404), and HMAC-SHA-256 is
> truncated to 128 bits (RFC 4868).  Since -03 was willing to apply a 128-bit
> truncated hash, I think you could safely specify using HMAC-SHA-256 with a
> 128 bit truncation. Note that if you specify the use of HMAC-SHA1, you will
> very likely run into SecDir complaints when you get to IETF last call.
>
> I did mention in the IPPM meeting that adding AES support is bit more
> problematic. I would recommend specifying that when confidentiality is
> needed that it be done a higher layer. If you do decide to keep it in this
> draft, you should describe what is the value of protecting only the first
> 16 octets. Also, you should know that cryptographers do not recommend using
> EBC. A Wikipedia page describes this plainly: "The disadvantage of this
> method is a lack of diffusion. Because ECB encrypts
> identical plaintext blocks into identical ciphertext blocks, it does not
> hide data patterns well. In some senses, it doesn't provide serious message
> confidentiality, and it is not recommended for use in cryptographic
> protocols at all.” (
> https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_(ECB))
> .
>
> The other mode -03 mentioned is using AES-CBC to protect the entire
> message. That’s a conventional use of AES, but when AES-CBC is used, both
> the encryptor and decrypt need the same Initialization Vector (IV) used
> with the method. Traditionally it is included in the packet, so that’s
> another 16 octets you probably need to add to the packet format. This
> should NOT replace the HMAC field, because cryptographers strongly state
> that it is bad practice to send an unauthenticated encrypted packet.
>
> I don’t see the rationale in -03 for needing confidentiality. So it might
> be best to stick with an HMAC-SHA256 hash, and if confidentiality is
> required to use a higher layer encryption. Otherwise, you’ll need to do a
> lot more specification of how the confidentially is done in this draft.
>
> I hope that helps.
>
> Brian
>
> On Nov 7, 2018, at 9:15 AM, Greg Mirsky <gregimirsky@gmail.com> wrote:
>
> Ho J.Ignacio,
> thank you for the comment and helpful suggestion. Will read the
> draft-alavarez-hamelin-tictoc-sic and respond accordingly in a short time.
> From the quick run through the draft, I agree with you that ECDSA offers
> advantages over the SHA1 of the same length. Just need to check for
> possible impact on YANG data model.
>
> Regards,
> Greg
>
> On Wed, Nov 7, 2018 at 2:26 AM J Ignacio Alvarez-Hamelin <
> ihameli@cnet.fi.uba.ar> wrote:
>
>> Hi Greg,
>>
>> Today at the IPPM meeting I said that you could consider using SHA1 256
>> with bits for authentication, to respect some security standards. Your
>> comment that is expensive, and I agree with that.
>> I propose another alternative, is the one that I used in
>> draft-alavarez-hamelin-tictoc-sic-02, the Elliptic Curve Digital Signature
>> Algorithm (ECDSA), which yields in few bits and has some securities form de
>> cryptographic point of view.
>>
>>
>> Best withes,
>>
>>         J. Ignacio
>> _______________________________________________________________
>>
>> Dr. Ing. José Ignacio Alvarez-Hamelin
>> CONICET and Facultad de Ingeniería, Universidad de Buenos Aires
>> Av. Paseo Colón 850 - C1063ACV - Buenos Aires - Argentina
>> +54 (11) 5285 0716 / 5285 0705
>> e-mail: ihameli@cnet.fi.uba.ar
>> web: http://cnet.fi.uba.ar/ignacio.alvarez-hamelin/
>> _______________________________________________________________
>>
>>
>>
>> > On 16 Oct 2018, at 05:24, Brian Trammell (IETF) <ietf@trammell.ch>
>> wrote:
>> >
>> > hi Greg,
>> >
>> > We'll put this and a tentative start of WGLC on the Bangkok agenda..
>> >
>> > Thanks, cheers,
>> >
>> > Brian
>> >
>> >> On 16 Oct 2018, at 01:00, Greg Mirsky <gregimirsky@gmail.com> wrote:
>> >>
>> >> Hi Brian,
>> >> my apologies for the delayed response. The new version of the draft
>> has been just uploaded. The updates include the new section that describes
>> authentication and encryption operations on STAMP packets. I'd request the
>> presentation slot at the meeting and, if there are no significant concerns,
>> would ask to consider starting the WG LC on the base specification. The
>> work on the STAMP YANG data model still on-going and we're addressing the
>> comments from the early YANG Doctors review by Mahesh. I expect we'll have
>> the new version by the end of November.
>> >>
>> >> Regards,
>> >> Greg
>> >>
>> >> On Thu, Oct 4, 2018 at 8:12 AM Brian Trammell (IETF) <ietf@trammell.ch>
>> wrote:
>> >> hi Greg,
>> >>
>> >> following up a bit late, perhaps... when do you think this will be
>> ready for LC?
>> >>
>> >> Cheers,
>> >>
>> >> Brian (as WG co-chair)
>> >>
>> >>> On 8 Sep 2018, at 00:53, Greg Mirsky <gregimirsky@gmail.com> wrote:
>> >>>
>> >>> Dear All,
>> >>> minor editorial improvements to the document..
>> >>> Your comments, questions, and suggestions always welcome and much
>> appreciated.
>> >>>
>> >>> Regards,
>> >>> Greg
>> >>>
>> >>> ---------- Forwarded message ----------
>> >>> From: <internet-drafts@ietf.org>
>> >>> Date: Fri, Sep 7, 2018 at 2:56 PM
>> >>> Subject: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt
>> >>> To: i-d-announce@ietf.org
>> >>> Cc: ippm@ietf.org
>> >>>
>> >>>
>> >>>
>> >>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> >>> This draft is a work item of the IP Performance Measurement WG of the
>> IETF.
>> >>>
>> >>>        Title           : Simple Two-way Active Measurement Protocol
>> >>>        Authors         : Greg Mirsky
>> >>>                          Guo Jun
>> >>>                          Henrik Nydell
>> >>>                          Richard Foote
>> >>>        Filename        : draft-ietf-ippm-stamp-02.txt
>> >>>        Pages           : 14
>> >>>        Date            : 2018-09-07
>> >>>
>> >>> Abstract:
>> >>>   This document describes a Simple Two-way Active Measurement Protocol
>> >>>   which enables measurement of both one-way and round-trip performance
>> >>>   metrics like delay, delay variation, and packet loss.
>> >>>
>> >>>
>> >>> The IETF datatracker status page for this draft is:
>> >>> https://datatracker.ietf.org/doc/draft-ietf-ippm-stamp/
>> >>>
>> >>> There are also htmlized versions available at:
>> >>> https://tools.ietf.org/html/draft-ietf-ippm-stamp-02
>> >>> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-stamp-02
>> >>>
>> >>> A diff from the previous version is available at:
>> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-ippm-stamp-02
>> >>>
>> >>>
>> >>> Please note that it may take a couple of minutes from the time of
>> submission
>> >>> until the htmlized version and diff are available at tools.ietf.org.
>> >>>
>> >>> Internet-Drafts are also available by anonymous FTP at:
>> >>> ftp://ftp.ietf.org/internet-drafts/
>> >>>
>> >>> _______________________________________________
>> >>> ippm mailing list
>> >>> ippm@ietf.org
>> >>> https://www.ietf.org/mailman/listinfo/ippm
>> >>>
>> >>> _______________________________________________
>> >>> ippm mailing list
>> >>> ippm@ietf.org
>> >>> https://www.ietf.org/mailman/listinfo/ippm
>> >>
>> >
>> > _______________________________________________
>> > ippm mailing list
>> > ippm@ietf.org
>> > https://www.ietf.org/mailman/listinfo/ippm
>>
>> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm
>
>
> --
> Brian Weis
> Security, CSG, Cisco Systems
> Telephone: +1 408 526 4796
> Email: bew@cisco.com
>
>

v2.23.0 | Report a Bug | By Email