Re: [ippm] IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
Greg Mirsky <gregimirsky@gmail.com> Wed, 10 April 2024 10:18 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1DE1C14F6B8 for <ippm@ietfa.amsl.com>; Wed, 10 Apr 2024 03:18:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ewK84THrlywe for <ippm@ietfa.amsl.com>; Wed, 10 Apr 2024 03:18:46 -0700 (PDT)
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA585C14F5F4 for <ippm@ietf.org>; Wed, 10 Apr 2024 03:18:46 -0700 (PDT)
Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-6114c9b4d83so56404807b3.3 for <ippm@ietf.org>; Wed, 10 Apr 2024 03:18:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712744326; x=1713349126; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ahqZeIyoksjhKYo5CBOuMKnzy8mamOh71dJ011JoD8Y=; b=GfsP6mAz9AFwKOlUVbAG5aPH8+ctgD8qlsbExLzV4NcPKGAUoLrUF+VH/Lj3M/+TvV oIX8iwRHlt/uAUyAlTcOgfJsWVMQY2s3zArK7LSYk5QXTgCtKWQ6T404abYJzaLU8mcx 8shDCuIWnaG/6XgCWDKyH9fAXuNyq/hytavgEmalLUECC70+Y/wCOkreuZ+a/m3XLPbg 5GB1Xbd9Gm0/fnWDzGqPyuE9EIoRU+n1ef8yLyoR7o7mDLG5KBnux5/xwh6m/Jan6B5V BHbqlV9Kocjr6WcFfiRP7af5KG+/6Cprs3ZUZQrF/lJwYVwOIPKQDbZjgy/5DjtNRF+j 5GAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712744326; x=1713349126; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ahqZeIyoksjhKYo5CBOuMKnzy8mamOh71dJ011JoD8Y=; b=jse/waE/tQGiNEJh7ZfmRozj86CQhq3I2gGynpQRKc4TPv3EbapJsUpkXzmMbSXols 8uW7qg+Or8LkVYfjk6MsNh03slzs/tqOh4mstgPbPuwSCyNO/EqMwgQmL0DLZrdjhVsI b6SWkkogJbjotkxHMiKyZ8uhOtNiURtkwKD5OCmigbmj97r0IXmLJLufSSMxxGHx0aLk sVlWG3bNeZeWmHlXgXUIeqSSa6heelGj2m7+j9X16JAWARB3MVtZLWSqG1fgBORNlNW9 XFwaicJPYg8LwFQ0REjBm8PLHtjS8rES57Eotm5UeSeGBNKeFGQDCvBdWDDXzZhZO+qm 4VmA==
X-Gm-Message-State: AOJu0YxPGwQYGTP66Ykk1f7N7/kScoQNSBIqKQnVjMLcbEGmt91EJksF 36I36sVX2yf9CAsswFRpCc/GnBOAds6T9NpGwHLFJIjO6LyjKJqTv2EQUwt1tKTKUpfAEsphjqW LWMXVPfeHZ5uBB+K4qz4lcdN8KMzOZ2hg2SUfXw==
X-Google-Smtp-Source: AGHT+IHwo9VtB+CNYB7RnCNtpBTqMIageo2F5YqaG76EujlJTzdO3+J9ayfYbK8qJXi5UXLLLXAxY75Sh5YeUhal2cQ=
X-Received: by 2002:a81:9444:0:b0:615:2fa7:c513 with SMTP id l65-20020a819444000000b006152fa7c513mr2479137ywg.32.1712744325255; Wed, 10 Apr 2024 03:18:45 -0700 (PDT)
MIME-Version: 1.0
References: <EB9C8A72-2118-4D5F-8A49-BB6CC327297F@apple.com> <56A30EE5-26E6-4D6C-BD81-C1FA59941D42@gmx.de>
In-Reply-To: <56A30EE5-26E6-4D6C-BD81-C1FA59941D42@gmx.de>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 10 Apr 2024 12:18:34 +0200
Message-ID: <CA+RyBmVxRWT9Cim2Cdx94_fEFXHwXRTySt49KWaWrMfy3M280g@mail.gmail.com>
To: Sebastian Moeller <moeller0=40gmx.de@dmarc.ietf.org>
Cc: "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000191cde0615bb5da6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/AW-idY7id-63aPiQmMfBeel1qdc>
Subject: Re: [ippm] IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2024 10:18:50 -0000
Hi Sebastian, thank you for your interest in the draft, and your questions. It is noted in the Security Considerations section regarding the risks of using the Reflected Test Packet Control TLV: Furthermore, spoofed STAMP test packets with the Reflected Test Packet Control TLV can be exploited to conduct a Denial-of-Service attack. Hence, implementations MUST use an identity protection mechanism. For example, verify the information about the source of the STAMP packet against a pre- defined list of trusted nodes. Also, STAMP authentication mode [RFC8762] or HMAC TLV [RFC8972] could be used for a STAMP test session containing the Reflected Test Packet Control TLV. Considering the potential number of reflected packets that can be generated by a single test packet sent to a Multicast address, when sending such messages a Session-Sender SHOULD sign packets using the HMAC TLV. Certainly, other methods can be discussed and the section expanded accordingly. I hope that you agree with that and will support the adoption of this draft by the IPPM WG. Regards, Greg On Wed, Apr 10, 2024 at 10:49 AM Sebastian Moeller <moeller0= 40gmx.de@dmarc.ietf.org> wrote: > Dear IPPM, > > a quick question, why does the security considerations section not > explicitly mention the potential to use this for amplification attacks? > This might be obvious, but neither this draft nor the drafts cited in > security considerations mentions this. > > Regards > Sebastian > > > > On 9. Apr 2024, at 18:27, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> > wrote: > > > > Hello IPPM, > > > > This email starts an adoption call for > draft-mirsky-ippm-asymmetrical-pkts. This is a document we’ve discussed > several times, and is a normative dependency for another document we > discussed adopting at IETF 119, draft-gandhi-ippm-stamp-ext-hdr. > > > > You can find the draft here: > > https://datatracker.ietf.org/doc/draft-mirsky-ippm-asymmetrical-pkts/ > > > https://www.ietf.org/archive/id/draft-mirsky-ippm-asymmetrical-pkts-04.html#name-reflected-test-packet-control > > > > Please review the draft and respond to this email to indicate if you > think IPPM should adopt this document as a working group item. > > > > This call will last for 3 weeks. Please reply by Tuesday, April 30. > > > > Best, > > Tommy & Marcus > > _______________________________________________ > > ippm mailing list > > ippm@ietf.org > > https://www.ietf.org/mailman/listinfo/ippm > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm >
- [ippm] IPPM adoption call for draft-mirsky-ippm-a… Tommy Pauly
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Ernesto Ruffini
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Sebastian Moeller
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Giuseppe Fioccola
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Rakesh Gandhi
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tal Mizrahi
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… xiao.min2
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Footer Foote (Nokia)
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Bjørn Ivar Teigen
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Ruediger.Geib
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Henrik Nydell (hnydell)
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tommy Pauly
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- [ippm] Re: IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- [ippm] Re: IPPM adoption call for draft-mirsky-ip… Tal Mizrahi