Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Mon, 04 October 2021 07:14 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E3C63A120D; Mon, 4 Oct 2021 00:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OPAv2wS30khS; Mon, 4 Oct 2021 00:14:01 -0700 (PDT)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DACE3A078A; Mon, 4 Oct 2021 00:13:56 -0700 (PDT)
Received: by mail-wr1-x42d.google.com with SMTP id s21so28903348wra.7; Mon, 04 Oct 2021 00:13:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wCd+DAdKl8l2LJyO54oA2E1vNiUiQpC7Bzz1oVvc7hU=; b=YIiRwIKy4KTA00Iy4HgXgVH0Yu4/y5JF9fkNZcseJEfBJkMMNHO8KQ3e8juM6woDML QKxH0ovHJyAQYlIUOzNEA2AEsx0Fk81NUr2yPMjJrLIFIjiXKx1id8eoi9iUqu8e6J8B RSbrrNXIzEaCnltKXP5BWR1NG8jI5VV1GaQxpDfj8sGVzZQUlwIQESy5UKowz01EXGLk H0HwI8v5naqWyFNCHCBQufL7Piu6IGz/YdOM8JE/PRZI0sg5siUqXtN+mrWzNS1Wr62/ k6eNpQRI3oh63hm2PsZqiqSMTIYCuoawm9mI3+jWph+6jwu3pDRAcFiT23a9mH5TzZrb ZoXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wCd+DAdKl8l2LJyO54oA2E1vNiUiQpC7Bzz1oVvc7hU=; b=FNAZX44BoS70yX+uv1mxj+jWZ3zJRnmjI2WRtyueKpTxs98Qn2SUnGKVRFyBDDMpc/ R79QQ+0ZaorHAE8IcokMEKS5VdyfH2YyEieYvGmelnVkO03CYgBU3UpPmA0zAVSfpQGx P7CaqMyASMdzBDhzk0147Adqk0sNGt07JEjfsctttNNcmxgFnzFw5iBoF3cbWoAjN/5l U/9Lf1wOoQLQKY62KgBT5iVYEjoPAW0CCbq3jDBXGNxrfZ5n9RsyJxCY35BjhIcySaiq G3DjNcZsS7cB4GWcs8MlJO6WYzWbjE1oLMEEerLOd4P2OciS+KoZDFexaQK4ocl1GpKI ydFg==
X-Gm-Message-State: AOAM533j2XRSt9+EuoJzmL+7EhyGZPO7zPj7+/dECpCZ+ZqrA1k/SMLn w8246BPYeYINLVjPjTuA1eZdtJLXO2P760MstLmXtThMJqtgWTFJ
X-Google-Smtp-Source: ABdhPJz1JlN3sMGGVlGcMHwWpjWReI4KxS4AXKhDa1/2bAAjmFjel3wQqAvmqQoisZlXRq9VmW/HaElWqPUq3pBKgDg=
X-Received: by 2002:a5d:6d8e:: with SMTP id l14mr11951099wrs.26.1633331634569; Mon, 04 Oct 2021 00:13:54 -0700 (PDT)
MIME-Version: 1.0
References: <163068085282.8497.2281892161766368778@ietfa.amsl.com>
In-Reply-To: <163068085282.8497.2281892161766368778@ietfa.amsl.com>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Mon, 4 Oct 2021 10:13:43 +0300
Message-ID: <CABUE3XkLEN8k5-t33UAPXiViOBWSs6NEZkPutVkESoWKb8ifXw@mail.gmail.com>
To: Colin Perkins <csp@csperkins.org>, IPPM Chairs <ippm-chairs@ietf.org>
Cc: tsv-art@ietf.org, draft-ietf-ippm-ioam-direct-export.all@ietf.org, IETF IPPM WG <ippm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/9zr59XUR9Ass_8BpPXv1XXYsCtE>
Subject: Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Oct 2021 07:14:30 -0000

Dear Colin,

Thanks for the feedback.

Please see below a comment and a question regarding your feedback.


On Fri, Sep 3, 2021 at 5:54 PM Colin Perkins via Datatracker
<noreply@ietf.org> wrote:
[snip]

> It may be worth considering to require the exporting mechanism to perform an
> authenticated handshake with the destination to which it will export data, to
> gain explicit consent to export the data to that destination, before starting
> to send exported data.

[TM] The point is well-taken. The following text edit is proposed,
borrowing some of the text from your comment:
OLD:
   Although the exporting method is not within the scope of this
   document, any exporting method MUST secure the exported data from the
   IOAM node to the receiving entity.  Specifically, an IOAM node that
   performs DEX exporting MUST send the exported data to a pre-
   configured trusted receiving entity.
NEW:
   Although the exporting method is not within the scope of this
   document, any exporting method MUST secure the exported data from the
   IOAM node to the receiving entity.  Specifically, an IOAM node that
   performs DEX exporting MUST send the exported data to a pre-
   configured trusted receiving entity. Furthermore, an IOAM node
   MUST gain explicit consent to export data to a receiving entity before
   starting to send exported data.



> It may also be worth considering to add authentication
> of IOAM DEX triggers, to ensure they come from a known and trusted source,
> before acting on export requests.
>

[TM] Can you please clarify what you mean by "add authentication of
IOAM DEX triggers"? What is the threat that you have in mind?

Thanks,
Tal.