Re: [ippm] IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts

Greg Mirsky <gregimirsky@gmail.com> Wed, 10 April 2024 10:18 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1DE1C14F6B8 for <ippm@ietfa.amsl.com>; Wed, 10 Apr 2024 03:18:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ewK84THrlywe for <ippm@ietfa.amsl.com>; Wed, 10 Apr 2024 03:18:46 -0700 (PDT)
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA585C14F5F4 for <ippm@ietf.org>; Wed, 10 Apr 2024 03:18:46 -0700 (PDT)
Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-6114c9b4d83so56404807b3.3 for <ippm@ietf.org>; Wed, 10 Apr 2024 03:18:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712744326; x=1713349126; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ahqZeIyoksjhKYo5CBOuMKnzy8mamOh71dJ011JoD8Y=; b=GfsP6mAz9AFwKOlUVbAG5aPH8+ctgD8qlsbExLzV4NcPKGAUoLrUF+VH/Lj3M/+TvV oIX8iwRHlt/uAUyAlTcOgfJsWVMQY2s3zArK7LSYk5QXTgCtKWQ6T404abYJzaLU8mcx 8shDCuIWnaG/6XgCWDKyH9fAXuNyq/hytavgEmalLUECC70+Y/wCOkreuZ+a/m3XLPbg 5GB1Xbd9Gm0/fnWDzGqPyuE9EIoRU+n1ef8yLyoR7o7mDLG5KBnux5/xwh6m/Jan6B5V BHbqlV9Kocjr6WcFfiRP7af5KG+/6Cprs3ZUZQrF/lJwYVwOIPKQDbZjgy/5DjtNRF+j 5GAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712744326; x=1713349126; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ahqZeIyoksjhKYo5CBOuMKnzy8mamOh71dJ011JoD8Y=; b=jse/waE/tQGiNEJh7ZfmRozj86CQhq3I2gGynpQRKc4TPv3EbapJsUpkXzmMbSXols 8uW7qg+Or8LkVYfjk6MsNh03slzs/tqOh4mstgPbPuwSCyNO/EqMwgQmL0DLZrdjhVsI b6SWkkogJbjotkxHMiKyZ8uhOtNiURtkwKD5OCmigbmj97r0IXmLJLufSSMxxGHx0aLk sVlWG3bNeZeWmHlXgXUIeqSSa6heelGj2m7+j9X16JAWARB3MVtZLWSqG1fgBORNlNW9 XFwaicJPYg8LwFQ0REjBm8PLHtjS8rES57Eotm5UeSeGBNKeFGQDCvBdWDDXzZhZO+qm 4VmA==
X-Gm-Message-State: AOJu0YxPGwQYGTP66Ykk1f7N7/kScoQNSBIqKQnVjMLcbEGmt91EJksF 36I36sVX2yf9CAsswFRpCc/GnBOAds6T9NpGwHLFJIjO6LyjKJqTv2EQUwt1tKTKUpfAEsphjqW LWMXVPfeHZ5uBB+K4qz4lcdN8KMzOZ2hg2SUfXw==
X-Google-Smtp-Source: AGHT+IHwo9VtB+CNYB7RnCNtpBTqMIageo2F5YqaG76EujlJTzdO3+J9ayfYbK8qJXi5UXLLLXAxY75Sh5YeUhal2cQ=
X-Received: by 2002:a81:9444:0:b0:615:2fa7:c513 with SMTP id l65-20020a819444000000b006152fa7c513mr2479137ywg.32.1712744325255; Wed, 10 Apr 2024 03:18:45 -0700 (PDT)
MIME-Version: 1.0
References: <EB9C8A72-2118-4D5F-8A49-BB6CC327297F@apple.com> <56A30EE5-26E6-4D6C-BD81-C1FA59941D42@gmx.de>
In-Reply-To: <56A30EE5-26E6-4D6C-BD81-C1FA59941D42@gmx.de>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 10 Apr 2024 12:18:34 +0200
Message-ID: <CA+RyBmVxRWT9Cim2Cdx94_fEFXHwXRTySt49KWaWrMfy3M280g@mail.gmail.com>
To: Sebastian Moeller <moeller0=40gmx.de@dmarc.ietf.org>
Cc: "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000191cde0615bb5da6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/AW-idY7id-63aPiQmMfBeel1qdc>
Subject: Re: [ippm] IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2024 10:18:50 -0000

Hi Sebastian,
thank you for your interest in the draft, and your questions. It is noted
in the Security Considerations section regarding the risks of using the
Reflected Test Packet Control TLV:
   Furthermore, spoofed STAMP test
   packets with the Reflected Test Packet Control TLV can be exploited
   to conduct a Denial-of-Service attack.  Hence, implementations MUST
   use an identity protection mechanism.  For example, verify the
   information about the source of the STAMP packet against a pre-
   defined list of trusted nodes.  Also, STAMP authentication mode
   [RFC8762] or HMAC TLV [RFC8972] could be used for a STAMP test
  session containing the Reflected Test Packet Control TLV.

   Considering the potential number of reflected packets that can be
   generated by a single test packet sent to a Multicast address, when
   sending such messages a Session-Sender SHOULD sign packets using the
   HMAC TLV.

Certainly, other methods can be discussed and the section expanded
accordingly. I hope that you agree with that and will support the adoption
of this draft by the IPPM WG.

Regards,
Greg


On Wed, Apr 10, 2024 at 10:49 AM Sebastian Moeller <moeller0=
40gmx.de@dmarc.ietf.org> wrote:

> Dear IPPM,
>
> a quick question, why does the security considerations section not
> explicitly mention the potential to use this for amplification attacks?
> This might be obvious, but neither this draft nor the drafts cited in
> security considerations mentions this.
>
> Regards
>         Sebastian
>
>
> > On 9. Apr 2024, at 18:27, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
> wrote:
> >
> > Hello IPPM,
> >
> > This email starts an adoption call for
> draft-mirsky-ippm-asymmetrical-pkts. This is a document we’ve discussed
> several times, and is a normative dependency for another document we
> discussed adopting at IETF 119, draft-gandhi-ippm-stamp-ext-hdr.
> >
> > You can find the draft here:
> > https://datatracker.ietf.org/doc/draft-mirsky-ippm-asymmetrical-pkts/
> >
> https://www.ietf.org/archive/id/draft-mirsky-ippm-asymmetrical-pkts-04.html#name-reflected-test-packet-control
> >
> > Please review the draft and respond to this email to indicate if you
> think IPPM should adopt this document as a working group item.
> >
> > This call will last for 3 weeks. Please reply by Tuesday, April 30.
> >
> > Best,
> > Tommy & Marcus
> > _______________________________________________
> > ippm mailing list
> > ippm@ietf.org
> > https://www.ietf.org/mailman/listinfo/ippm
>
> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm
>