Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

"nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com> Fri, 02 July 2021 19:36 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BDF43A2B04 for <ippm@ietfa.amsl.com>; Fri, 2 Jul 2021 12:36:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8H-GNRDBPcdX for <ippm@ietfa.amsl.com>; Fri, 2 Jul 2021 12:36:48 -0700 (PDT)
Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5EAF3A2B00 for <ippm@ietf.org>; Fri, 2 Jul 2021 12:36:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1625254606; bh=3ceV272Em3pbMH/aPoQrlyI4M2DnGIKiEv4XL1OkYKg=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=deQ0bJn5SZBNPX4PdOMSIZPVPf6pvoh264WAC4etti3h9pU3rDb7tqXOohiIT+aPT1vrysPwM3fBWncFoCwI7uXjwz9PHMVQjFhij3lXsl+ltKp0AWJalAsxdU6AAZcdO4nkwSphSstBxYgfm5iI8VuqxEjlBwUgj7Z0qPaydFuRz6lZ8LN84t91hLcv8QjuJyZvC/9oRlyWmD5LAOWur60gUMz7r8FCPW7qRwFDp1RYs43bDrLvmIi0FMtW83/C1nl2gz/Jj264g8/HLamgzrwMOkKvxa8nbLhMv+dq9dhsYRhyuAcxlkvFnIzkwcbtuahiNAqoK2XST22dI8WDHA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1625254606; bh=kK+GlmH+il64Mu7SNlr4O9Mbw9yNBIiFqjKdTSkJjeg=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=am0X197K/oByfupzkQ3Agv0J+t8KzYDdCNjYlaPMALNwAMiL9ZVL1gkVBp34+gNcweRxcmcL1heWokRanAtPv7Ifw5hQlRh7JVWWQX94WyqArOWlkj/cbSbVSkdACrz8i5tI6bW1D97zfGHXzdRQMAwS+BimKt8PigTuhg+HZzSDnKWO8yb/OyRnygBHgVMMQR/z6MReWOACtdCESyuyXHjjLPzmWWIwzKib3Mc1bVPfSTmXkdI43zO4UqmOte0Ta4g0znn4h6WD2KoSMqWcTvDW6U5QqvhavXLIS7/HUjVRz3oN+sjqfxiRs6JlYzX/xOuUqi3Ldwgbu4ADz6KkWQ==
X-YMail-OSG: kuqmPlEVM1lrFc6ZHS5zJgwRKZnR8_9MSpRjydxvD_cdWAUkAMBiMuM8vzBUcoh QpUfnPqIkm5fLjLsFCybFR5LIVobx6IPAndG2POvcpEu3xmcQIKGfS6oYKVg5IWsjybBsCjG_sZq xPxK_7SGifHEwCQ7fUzMe871KJitX3R5T6oWEkhtQP0cb1SiKp_nK4z2KL3VBhSHaZxNWKsRBCN9 dVk7hCvxFJ7sm2BciqTjDuT5DDwG9IeMHC5ki2qdX4sNBir_Ut46C16dhZzOzXNn8U9k_iRDMcgM RDtSUlWbrXn1Pab0EaYqs12bjL9gnPYhCaEF_EPY1n3dOCBdZYG22YIcZzJEtp0oyB9QxLzTM_Wx zaSmkIzQlAfUe8hdqfx7SEtokjcAK6Pr7.M3czzPldZZn9dqOOJuw3gcgH5g3Db6Cu.aYIAJodgK fJuZfia2xiEsBnkWjMJ5UIdDeorpxL4NzN.odAzWfE7VCBDjD1afySzPVL38lcr4FbxzaY64k5v7 S7A2bGQY0Vd4DMUO5xYSkaefxXTpnUeD5cFtK_1UIc..GcaE2efRXo5O5r1GlTyMqeMgHw2AZKTU JRzbAP7RFy7cNN646XZRhKWMuLU7qJ3mujGmXREwJiQbFv3Fzlv41uksecFkbu.4aMtqLgm0lECG _AX3zn0AlwaO3CbHwWodK87BhFOyin.BjUCD7FMs73whOtVDOKBNpiON4_A9iFirr8UKSkpeORK_ CCBoC86JWkBEIa18MnyARsnEdZdOmt97XrVhVyViUGyKhMOFBnL8EXdTwHbJNwoZ4orwIvdTkSAj iI5NCDt5sMfzYsoT0Ao6qaSfMqHBPCs8ztDBl2dNwSBDGBZTnrnuwAnf_M.MtKB4WIG3uY6080nS W.x1.5YCNKIKhp6njPeVMqLDLTBFBqSaBp35CCEpD2pGNQU8TpI.2Ftd.JySAc7BuRpIMIV.0.3H s629AXu8SGaQJoy36Le3SzmJvpH4ZecBeuFU0Y71KwdEZky_4euU8asBk3H3DHaLDQlcoW4lwpIB 1bB3IPEpUDS4h2MWHU2tYM7IMVr7Whw.nsuov17KPLAv4kGS.79TleLOoB6fUZQ3fsqCtH7ici0j fEU54e_fu_JPygzC7SO9VKPEdAyYkFJbUPOl.Q9OC5crmrnt6DnGNpJa0AR7sTYjwwArn7kd78Po KezdkUUF5NphtgnkiQT2i_irB7sJt.ZyoyRlafCymPckyT7eZubW..w8MzpUOJ98p7c7di6DxeDH qbrx5Deqz73u4sp3S68VcIYFU1SWgGwylAQz0deXV1PnhImFQIF_3c1r04aSFEXw7min9ryuku7H 2WNoSPaGju3BNM7ES45TiTgBw6Zbb3_4rHPxPaBaTwUFyDfqtDF0U2RLYQDoZwCqACvqgYu_dlyz IPzLeKuZyw7HolkmaDgqsxzfW5uUAV8PGvM5ADsV3B2CMAlhupSNgbln94gSyQ7xfz9.ZVr7gzes AuUEogboDD7oepUDg7wVN5EFsVCt9H9yZORs2RdMy.76JZRu1UggZkgTuJBOwXx9hLv38f_MZQ4z cLx17KW5_1sGysUo.3G.d9pSVRF9xaAeFFLyUcVaj_2hC4yEnkg2CvBvWlArjrsCKGHnEWTA.77Z 45On18jNGU7MDhQM8UxJSgjbfmDVqMweHmN6e2R2TaWQiihBD3XidRdejAdHjtH5PekTyypVyOFF Jp7x741KXmEsfzaGX_BGHV0Kh7fhhlEsVajYF3SGF_kdut1lcD2rmqxct2hX4i04zB5Tcg2KpWoL egC3omQrq4lkqAbTpK.4LVvsvZMZ.PD1GmJms16scu1k1d96Jfas37bdl.DPLi6fpcelX9s8o4We Nl24vPsuw1g82FzbOjoyR3BdX5P9wzc4eI.WZT9JyrIVGsHtfPvWesroycR84v.xMuuK4c5wele_ BB7aD9nRQjLO4SC_eBTZ3Smyjyb04AC2EFHYnInjv0RrkhcNIZNLhRjlR71IfH1AIYWMY7GT82dG EF6EcxZ73wVkKkzDTSoc766OJGWljEushoMgvi73XW2DRUKeQVPHMPyM8vsX1f.1DxADE8kpHOyg G.dJ1D3pFSWeMuSGbzWLMrlZhYqTPST0yldOXm0MN1UT_3oeKfeFf6DZyy8DJ7bABuP1SwIhNpYg UiNL8Yv7AQsm0ioBxro7I3K_sgm_6nLL4aYN.Ty0Ksv1cyfUXP.zO.igUW.nPbglkj.Of2gvfhB8 I4gODvJc8kbT5_1vp4QHWU62Mhng_wXLQpc_YkSEef.sYZGOuk2zV0B.EaITk1pX9zLd_FMnGV3c EW9L7FmljnNCvLi0oMyrH9TN8guGIdNIoatU_7ceDoUHh4XPebiKXCesaBuB7kw4JwNlYhhnIQ0v cod1Wdh.ElMAPrA1c28RilW3DjX6WpQAFJvRwY0SVcS6Qnp5pRHx_JkE48tj9kmOMPbLLYYjcsSD .rTyPjMUOPDXa.myvja5eQMku7BG63aiNK69aV_vssnbZ9Q4xyddNh9cqXQcFJX8PqclJ3wRrN3P hy2NgY7er1hah8uxKoeWSNkXMJZMWB9nYQerdTAZK2SQclqPUxDcYxeC6xkNoJIRei7L.f7C1OmV HhlE3yEGhU_6NlAMOIChXq1kWHwArS1JDQQgH8iXwYjzNl1.Ew4R0mVo0JLThHsxvJQBvxbVGaJT _eBKHkzx7.2faxWGiWex1jheHO1vGPyRgaf6tU0kYC7E-
X-Sonic-MF: <nalini.elkins@insidethestack.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 2 Jul 2021 19:36:46 +0000
Date: Fri, 2 Jul 2021 19:36:45 +0000 (UTC)
From: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
To: IETF IPPM WG <ippm@ietf.org>, "Hamilton, Robert" <RHamilton@cas.org>
Cc: "draft-elkins-ippm-encrypted-pdmv2@ietf.org" <draft-elkins-ippm-encrypted-pdmv2@ietf.org>
Message-ID: <825396776.1085119.1625254605356@mail.yahoo.com>
In-Reply-To: <b91ddfb8d6014d7abf41e0d34971fe5e@cas.org>
References: <162256330634.19677.3885804345914692467@ietfa.amsl.com> <28584824.2341925.1622563579715@mail.yahoo.com> <721002155.671981.1625161479360@mail.yahoo.com> <eeaf7db6b5af4ef79bb51a543ab728df@huawei.com> <b91ddfb8d6014d7abf41e0d34971fe5e@cas.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1085118_1146626629.1625254605353"
X-Mailer: WebService/1.1.18469 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/CbZ2pA6K3arcE_ZidGfrxgfW4Io>
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 19:36:53 -0000

Rob,
> I don't want to slow down the PDM implementation, and in general I think the encryption is a good idea. 
> Encryption is fast on this platform, but to my knowledge it doesn't do HPKE. I've just looked through the > RFE site and haven't seen any asking for HPKE support.
For a bit of context to IPPMers, I have had some offline interactions with Rob.  He is speaking of the IBM mainframe platform which something north of 90% of the Fortune 500 use.
I spoke recently to someone at ARM who is looking at implementing HPKE.  I believe Tommy stated that Apple is also using it.
Rob, I will work with you offline about possibly putting in a Request For Enhancement (RFE) to IBM for HPKE.
Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360 

    On Friday, July 2, 2021, 12:12:44 PM PDT, Hamilton, Robert <rhamilton@cas.org> wrote:  
 
 Paolo:

I'm particularly interested in PDM for helping with Enterprise Extender connections. Since we  are using the internet for these connections we are subject to the vagaries of ISP traffic management and outages on multiple continents. It's not just multinational companies that could make good use of this protocol, but any companies with business partners with whom they require reliable internet connectivity. In those cases I expect the end-node encryption is a relatively smaller portion of the total packet transmission time.

I don't want to slow down the PDM implementation, and in general I think the encryption is a good idea. Encryption is fast on this platform, but to my knowledge it doesn't do HPKE. I've just looked through the RFE site and haven't seen any asking for HPKE support.

Getting good value from PDM requires that destination headers be passed reliably from end to end. We probably have to lobby for that first, good extension header handling network-wide. I'll be happy when I see PDM headers show up in my Policy Agent logs.

R;


Rob Hamilton
Infrastructure Engineer
Chemical Abstracts Service

-----Original Message-----
From: ippm <ippm-bounces@ietf.org> On Behalf Of Paolo Volpato
Sent: Friday, July 2, 2021 10:26 AM
To: nalini.elkins@insidethestack.com
Cc: draft-elkins-ippm-encrypted-pdmv2@ietf.org; IETF IPPM WG <ippm@ietf.org>
Subject: [EXT] Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

[Actual Sender is ippm-bounces@ietf.org]

Hi Nalini,

Thanks for advising.

I have a couple of general questions.

At a first glance, it seems to me that PDMv2 is expected to be used mainly in the enterprise domain. Is it so? 
Do you have any thoughts on what may happen if e.g. a multinational company runs the protocol over multiple external backbones where the IPv6 extension headers (in general, not necessarily just the destination options header) may not be handled? Does this represent a serious issue?

Also,  I assume that PDMv2 is mainly used by end stations (e.g. hosts instead of routers). If this is the case, then I don’t expect that the performance degradation due to encryption is a serious issue. Do you see other different cases where instead degradation may be a concern?

Regards
Paolo

-----Original Message-----
From: ippm [mailto:ippm-bounces@ietf.org] On Behalf Of nalini.elkins@insidethestack.com
Sent: Thursday, July 1, 2021 7:45 PM
To: IETF IPPM WG <ippm@ietf.org>
Cc: draft-elkins-ippm-encrypted-pdmv2@ietf.org
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

IPPM,

Please do take a look at this draft.

I think that iOAM will need encryption as well.   We have spent quite a bit of time thinking over these issues.  We even have 2 cryptographers from Italy involved as co-authors.   I want to do a side meeting where we can have quite a bit more time to discuss this but would love to have comments from the group on the list.

I am very reluctant to push PDM out to the wider world without encryption.  I feel that we will become the attacker's best friend.
We have modified the Linux kernel to include PDM but as I say, without encryption, we do not wish to release.


Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=ae63ba6f-614c-40c5-9a6d-dbc4bc0fbb82&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-117b9ada8970552b00544efe952da754c5c92078
(831) 659-8360






On Tuesday, June 1, 2021, 09:06:39 AM PDT, nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote: 





Hello IPPMers!

We have just posted a new draft to encrypt PDM data.   We feel that this is an important feature to add before promoting widespread adoption of PDM.

We would appreciate any thoughts or comments from the group.

Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=ae63ba6f-614c-40c5-9a6d-dbc4bc0fbb82&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-117b9ada8970552b00544efe952da754c5c92078
(831) 659-8360






----- Forwarded Message -----

From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
To: mackermann@bcbsm.com <mackermann@bcbsm.com>om>; Adnan Rashid <adnan.rashid@unifi.it>it>; Ameya Deshpande <ameyanrd@gmail.com>om>; Michael Ackermann <mackermann@bcbsm.com>om>; Nalini Elkins <nalini.elkins@insidethestack.com>om>; Tommaso Pecorella <tommaso.pecorella@unifi.it>
Sent: Tuesday, June 1, 2021, 12:01:47 PM EDT
Subject: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt



A new version of I-D, draft-elkins-ippm-encrypted-pdmv2-00.txt
has been successfully submitted by Nalini Elkins and posted to the IETF repository.

Name:        draft-elkins-ippm-encrypted-pdmv2
Revision:    00
Title:        Encrypted IPv6 Performance and Diagnostic Metrics Version 2 (EPDMv2) Destination Option Document date:    2021-06-01
Group:        Individual Submission
Pages:        16
URL:            https://www.ietf.org/archive/id/draft-elkins-ippm-encrypted-pdmv2-00.txt
Status:        https://datatracker.ietf.org/doc/draft-elkins-ippm-encrypted-pdmv2/
Htmlized:      https://datatracker.ietf.org/doc/html/draft-elkins-ippm-encrypted-pdmv2


Abstract:
  RFC8250 describes an optional Destination Option (DO) header embedded
  in each packet to provide sequence numbers and timing information as
  a basis for measurements.  As this data is sent in clear- text, this
  may create an opportunity for malicious actors to get information for
  subsequent attacks.  This document defines PDMv2 which has a
  lightweight handshake (registration procedure) and encryption to
  secure this data.  Additional performance metrics which may be of use
  are also defined.

                                                                                  


The IETF Secretariat




_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm
_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm
Confidentiality Notice: This electronic message transmission, including any attachment(s), may contain confidential, proprietary, or privileged information from CAS, a division of the American Chemical Society ("ACS"). If you have received this transmission in error, be advised that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. Please destroy all copies of the message and contact the sender immediately by either replying to this message or calling 614-447-3600.