Re: [ippm] Secdir last call review of draft-ietf-ippm-ioam-deployment-02
"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Tue, 03 January 2023 17:52 UTC
Return-Path: <fbrockne@cisco.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 577C9C14F6E5; Tue, 3 Jan 2023 09:52:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.899
X-Spam-Level:
X-Spam-Status: No, score=-11.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=D6Yisya3; dkim=pass (1024-bit key) header.d=cisco.com header.b=FLoouM7R
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFGzY9VC04QY; Tue, 3 Jan 2023 09:52:06 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CBD0C1AFF56; Tue, 3 Jan 2023 09:51:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10154; q=dns/txt; s=iport; t=1672768304; x=1673977904; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=t4i/YvTv1kwzbXJNqBdwn7rYXC9UXtYRFhSUZ1CC6xE=; b=D6Yisya3ZeEw3J0zH0DZofGFh83hVZe0V0ivNztvI1XxW1hIKrLl9MGG plHx4AXr9INRZBJ4SlTVC+Ot8BO3LxEmGr/OPrJkUZILqhVoTXNb97r4S SwLZo284YbQL8EUjo5oaaVlbztbsUnm+B7o2lfUPKL2Cp6WDELmtATGlb 8=;
X-IPAS-Result: A0AZAADtabRjmJBdJa1aHAEBAQEBAQcBARIBAQQEAQFAgTsHAQELAYFaUoEFAlk6RYROg0wDhFBfiCEDlyWBOIMwgSyBJQNWDwEBAQ0BATkLBAEBhQUCFoR6AiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUOECeFaA2GVgEBAQECARIREQwBATcBCwQCAQYCDgMEAQEDAiYCAgIwFQgIAgQBDQUIEweCXAGCfyMDAQ9DkyyPPAGBPwKKH3qBMoEBgggBAQYEBJ8eAwaBFCwBiQ6FYYEigREnHIFJRIEVQ4FmgQE+gmICgTcBKoNVOYIugQyQQ4dGCoE9fIEnDlAcNwNEHUADCzsyCkAUIQYFC0srGhsHgQoqCR8VAwQEAwIGEwMiAg0oMRQEKRMNJyZrCQIDImEFAwMEKC0JIAQcBxURJDwHVhIlAQQDAg8fNwYDCQMCHk9wCyUkBQMLFSpHBAg2BQYcNhICCA8SDwYmQw5CNzYTBlwBKgsOEwNQgU4EL0SBGQoCBCkomgtdgS4FIIEKGwgDAQNDECItLAQZKxEBAjwBFAQckjeEB5hQkkoJgS0Kg26SYod7hh8Wg3mMWpdzXpdGIKIkhRECBAIEBQIOAQEGgTExOoFbcBWDIlIZD44gGYNZhRSFSnUCOQIHAQoBAQMJiUoBJ4IxAQE
IronPort-PHdr: A9a23:/7UxzBfI2GEMJdMLY71i7Zx3lGM/tYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX93az9jUVXB74MFkdGw==
IronPort-Data: A9a23:VOeU76JIMVnjAIjLFE+R45UlxSXFcZb7ZxGr2PjKsXjdYENSgmQGm DYdXz+EPfneMzajeN1+O9y19h8OvZWGyIdmGwod+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcIZsCCW0Si6FatANl1EkvU2zbue6WbCs1hxZH1c+E3940Uk7x4bVv6Yx6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOria4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQslZwLZdQbdH1SgjuKnPZ3w /ZQnL2JHFJB0q3kwIzxUjFCGC14eKZB4rKCcT60sNeYyAvNdH6EL/dGVR5te9ZHvLcsRzgSq ZT0KxhVBvyHr+y82rWwSe9hrs8iN8LseogYvxmMyBmAXKp3Gc6TGM0m4/dp0xYZr9lCNM/bf pVIUAFkdAjxQg9QbwJ/5JUWxbf02SaXnydjgFacvrZy6GHXyCRw3aTjdt3PdbSiRN1Nm26Zq 37IuWPjDXkyOMaWxybA83+wiKrOhTv+HYMVHbj9+vNyhFqCw2EVFFsfUV+ToPSlhAi5Qd03A 1cZ8SYvt4Az+VClCN7nUHWQqnOb+AUAV8F4HOgz6QXLwa3Rizt1HUAeRTJHLdchrsJzFXoh1 0SCmJXiAjkHXKCppWy16PCunWKcPjUvKGYMZiwiSwAm/vDCmdRm5v7QdepLHKmwh9zzPDj/x TGWsSQz74kuYd43O7aTpg+Y3mr9znTdZktkuVWNBzPNAhZRPdb9P+SVBU7nAeGsxbt1o3Gbt 3QC3sOZ9u1LXdeGlTeGR6MGG7TBCxe53N/03QUH83oJrmTFF5ufkWZ4u2gWyKBBaZxsRNMRS BWP0T69HbcKVJdQUYd5YpiqF+MhxrX6GNLuW5j8N4QROMYhKFXdrHE+OCZ8OlwBdmBxzMnT3 r/GL66R4YoyUsyLMRLvHb5GiO93rszA7TqIHMqTI+ubPUq2PS7JFuht3KqmZeEi56TMuxTO7 9taLKO3J+Z3DoXDjt3s2ddLdzgidCFjbbiv8pA/XrDYeGJORjp+Y8I9NJt8IeSJaYwPyLeRl px8M2cFoGfCaYrvdV3XMCA+MuqwAP6SbxsTZEQRALph4FB7Ca7H0UvVX8JfkWUPnAC78cNJc g==
IronPort-HdrOrdr: A9a23:BTksCKo44i6qPwGdFH2sXUIaV5ufL9V00zEX/kB9WHVpm5Oj+f xGzc516farslossSkb6Ky90KnpewK5yXcH2/hvAV7EZnirhILIFvAu0WKG+Vzd8kLFh5ZgPM tbAspD4ZjLfCVHZKXBkUaF+rQbsaK6GcmT7I+0pRoMPGJXguNbnn1E422gYypLrXx9dOME/e 2nl6x6TlSbCBEqR/X+IkNAc/nIptXNmp6jSwUBHQQb5A6Hii7twKLmEjCDty1uHQ9n8PMHyy zoggb57qKsv7WQ0RnHzVLe6JxQhZ/I1sZDPsqRkcIYQw+cyzpAJb4RG4FqjgpF4t1H22xa1e UkZC1Qe/ib3kmhPV1dZyGdnDUIngxerUMKgmXo/0cL6faJNQ7STfAx3L6wtnDimhEdVBYW6t MS44vRjesmMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1WwKp5KuZ3IMvB0vFvLM B+SMXHoPpGe1KTaH7U+mFp3dy3R3w2WhOLWFILtMCZ2yVf2CkR9TpT+OUP2nMbsJ4tQZhN4O rJdqxuibFVV8cTKaZwHv0IT8e7AnHEBRjMLGWRK1L6E7xvAQOHl7fnpLEuoO26cp0By5U/3J zHTVNDrGY3P1njDMWftac7hSwlgF/NKQgF5vsukqSR4IeMN4YDGRfzOmwTrw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.96,297,1665446400"; d="scan'208";a="19490683"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jan 2023 17:51:42 +0000
Received: from mail.cisco.com (xfe-rcd-001.cisco.com [173.37.227.249]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 303Hpg7e024506 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 3 Jan 2023 17:51:42 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Tue, 3 Jan 2023 11:51:42 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Tue, 3 Jan 2023 11:51:42 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bMkZIXzVAh5mwfvCffgjKEkhqi8+CY4rI4xIVqw3QjlLXCgOuXL4YwXsfdX0OtpKF7vZ4gTG66EbZtsORBzLUDj1MHBZq7Ij/PFb52KrmbaU6AXVams73zE2MItrwVldT9VBwtqEbDkwEuyaV/Tbrlc3P3RjbBw1MGx1hLNisyg+uABKkQdVzt+hF89XnU5AWCL2pJQIAC/drE0h8B/b3oDpWErFgnh4DgmZCi7HnRuZpZWZpPsYjcSWkMq9TOLXgvZtb7hnh3nSO/LJem037ac4T8ixt0H3XO3+TJZYT4aj/y/FOi90+/hzwOVbEpY4haisJ9h4Vo6pY7MKbEIioQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t4i/YvTv1kwzbXJNqBdwn7rYXC9UXtYRFhSUZ1CC6xE=; b=BpoX0Q3kGvz5MAjVmAw1QjRDQxs158QgRriE4lr0iczi+fQjO5d+Gmavk+/a/bA1C+lW31MoNUtcjTBzfkxgQdk23zQb/1EEH6XNBbOXoEoO5+lwmr8JIaLpa0/sfJk3cM9Iqm4iIxIF6w+8NFjgh7S4q+wKFkIdPBB9lJw1mYZ9TnBF9ep+qnQ7FKog9Ip9yLN+xAEIWF8sgcpYjrkhDjZbdolnyXGOv1JEjdqZJ+JpvQzgrLVvwqhSWq1CygeS7dKBhCHtVM1ILfq49P9kiE06fnMpqB69LJc3gqyylIMhuLraceyCBorI4Umv/IWINQEptsMOAQadgcwlGLgTSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t4i/YvTv1kwzbXJNqBdwn7rYXC9UXtYRFhSUZ1CC6xE=; b=FLoouM7R3hPJ2ibBm9u0a1Fdo+/dU1qvPvtJnKMRdyXPOMjpr2DYVHQn6hjalegEa7YcoyMtZ3TaV8o447tMhs97n7qwT1Z5LHcIkEXD+w7w3A0PSVW3goj1EvyWTwDmlCyMcKke70WIw8/7nvWqyyUoi/kRItoZAIPDiMx8puU=
Received: from MWHPR11MB1311.namprd11.prod.outlook.com (2603:10b6:300:2a::14) by PH8PR11MB6856.namprd11.prod.outlook.com (2603:10b6:510:22b::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Tue, 3 Jan 2023 17:51:40 +0000
Received: from MWHPR11MB1311.namprd11.prod.outlook.com ([fe80::f85:15f2:890f:a396]) by MWHPR11MB1311.namprd11.prod.outlook.com ([fe80::f85:15f2:890f:a396%4]) with mapi id 15.20.5944.019; Tue, 3 Jan 2023 17:51:40 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: Brian Weis <bew.stds@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-ippm-ioam-deployment.all@ietf.org" <draft-ietf-ippm-ioam-deployment.all@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-ippm-ioam-deployment-02
Thread-Index: AQHY+UigvlXrXTZRC0yUNc3JJYoV2a6NQxtQ
Date: Tue, 03 Jan 2023 17:51:40 +0000
Message-ID: <MWHPR11MB1311C60B9D284B2024A7D88FDAF49@MWHPR11MB1311.namprd11.prod.outlook.com>
References: <166855431827.26416.12780454647898611660@ietfa.amsl.com>
In-Reply-To: <166855431827.26416.12780454647898611660@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MWHPR11MB1311:EE_|PH8PR11MB6856:EE_
x-ms-office365-filtering-correlation-id: b48ada45-e094-4754-0ad5-08daedb32b34
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ttN9ppy6Iq1yC/4QorLYvWfuHa/7QHK0yWvaACEq5DXgXvu9Y5N57ljKeDmDlf1fiBRIUpAZDgwXY4Tt5WYGrmzcusYo852+qs7ybxkZoVVDyE0vRVnszZRM/m44Q8DdYFoSMJEpobYsbtfcyzq86SoD9fjyZp5IvGZc54vvn7rBQdRGYUxjBpOLD2TlS2OtPpTd+5f9jkryF2lmHL4MMXI2nR0uRPI1voIh5pzacRDHZVl47y5fFYJdoCTYwqet9C6w0++r7xRIKaI287Jb9OfVATrUuO5FWXa+5nyGvDP3NR86gKpfUjQxI/fI7VHjzs+t5T/jPj4KQ2d63blq92g0VjdrM0jXxXkHSXneeSM2jCzVDv4xtP5cW4ReHC4nHoI2ejABG8F1WFoC1A8b/K7yj46a5ynxPXKB+8/TI37qdXnkkKCcjMQsorwhovyDVD/2rwxgFV7Ij/vWiaYCV75+KndaSw0uO+OW1yb7fUWNDqgGyDU8b7p6mcQg/IMamiFEMe29GAZhUVxcLF8/dyC/8puEv0H/uFa1grHZubD0/izAiZE5rVtk7r3Cx+xdmArMWzoYD5xx0XFV7aYWFYg+Z6j+gjDFCBOLQZQR7bh9R5q9C2acQ7Tkrcda6LRc4uQovvTcHJEitDdTbH/vBKP2kiJ2nz1uNoAso0SfaWvtFRMWBrSm6tntLSO/s/WAmeAbVPeqQlUAdJBoOFluSC01VOdYZQQ3dhE5Yk5hWwENQakOAgsKa+NmXiWHm9bJ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1311.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(376002)(396003)(346002)(39860400002)(136003)(451199015)(64756008)(478600001)(83380400001)(5660300002)(966005)(38100700002)(316002)(122000001)(86362001)(66556008)(54906003)(66446008)(66476007)(66946007)(76116006)(110136005)(41300700001)(4326008)(38070700005)(8676002)(52536014)(2906002)(33656002)(7696005)(71200400001)(66899015)(55016003)(26005)(186003)(9686003)(53546011)(6506007)(8936002)(22166006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nVbS+kLQSiuBfX3L4y1f5/gsD/lqqDYTEAAGY5xDRxnfXtNCsJr8QH6CUON8KdlsZAXXSDDdPtWufH2j17XhjbnOLAuOc8qPBrvvsmJDDFEDKVDHM1BsScgcJE3U/unlx57i+WWS2elrWZjwr6RJRaflC+G1fR1fpVvuBfw8Hx1nTv16JJy4ngHx3ng9aBhhBhnoFIvfa7LOoOCwpwMormTjdMhlhLnKq/0ohkpp8HW9Tz3TSxaNOTBIsJAPXIPydvaJUi6V69bnZkG4Gt+6jHSDIzCkpzE+nymwyZKk5UdaEetu/h/DZbXrEC/raVEcrz70Pyfa8B6TF3SxZLf6Cv7bkdCsngLDzGoYLm+UGPBjo0P02pbRRl+ECGwOeEduMm4OMY9d3prD91mmQmYNRDdh3EehDwUpDrxl5EHy3+OgCWWNp+YGmW5tPDb9YJ2uQzrmQ4dhKaRr8fxJ08yLBDdLKjwjQ+6ecuTCHDzn7VslhJksOuEE4IfORHfAHzNLfALy4GMJr9gKp9rCg5gwQKN9kYk7VBCmlGzE6Ud1+mIpHnC7bedjCs/lWV/x2Lgomy5ebXI9sGoa8qxEdOt2ppsZP+q7AGs/FCGV6nBcd2KOOws+7rLa+JW9O+VtvQWbVp7L7ZPD0ZYLFje1uLLQtUcboc+mD9p6/SjLIacCR3J/OQbbAdGO60evwiz1ZsbW0XlJqcfKeBqho/KnnOnx22gm7cxTQ4SAAnfLKkb5t4tEjel8NCpAumfijPvUE4hVQQv2fz9bvQWpzlzX3b9ajwCazdzk8ptZddaAImhueiIYVscRsUBT3bu6fy5DLQPEvwW2LKhAHuB8raV4d7+fTA/tNFcfisG6gWyriEIB6u1fffK5jDSPqjNwuuxWLf0EsqYxqIFWgCUD02F2MQc45WXhmrysJiDWByMFoCb8m7+DbA9zIxvIKhOhoAC8/0AbDANO1Sd+4Jpu5oyzYtLNgB0mKVl43QfE8kEZCtMNn1vV14yVFs0ucesHrGjvrieT9Ha43hr+4GJ7R/D1xIEF5nQWOVxp4+yFHcU7Ev74lb92+GWsj5YMb01goYQjgYb5lLuairrotXZ6CHG6n98g4y3gWZmL/5y4xx4Ya1n69Sdw8kirsmOwYdoCZx2sE2aaBRUvps/W6nz6cADqCpg7xnqAGvDm6/UNqrMFSJ88C3h5cGaC71xtE+wlJD4e7wsCK3oqAtgJTeWjxQenSvaFQy2Hm1IKwfRdBlqTCpavGPUzmUyPyYQd4TPU6rc+lkeMpl8xnjZL0Ez9BrKs3ko3hBiUhYnvx4Lda5TQIVVfJOvcUR5wAT1ihnl5Bhvd/CKDdSSgHaySKL5yYqxmFMdr4nuMiW5YEjSxM2nUQB5gXgJgvZ5Y4PSQZXwuZKEZieYDJhT+tcD+Kjc0EIchA+5tBdueboH8Ii5fpeaFAujJgCOB4R2uB78LUxsyXw5UGAmmmjLmyPQV2yxsSkA3V8sSJDIOJv+86xTM2LpN3v4eFTOpycXRiJIp7kodYEeSncr2bXXNAMphL45MKsOrXR+J4mXX2W2sgvWesC21bBoZsCQ=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1311.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b48ada45-e094-4754-0ad5-08daedb32b34
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2023 17:51:40.5637 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SDpn7FysOiHcT1JNy/HdyXpyX/U4kysB60UnCbTbWEkfcjowPgrX7yhiqMnRALbgVUu7DHlsMqYfMaEVymutJw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB6856
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.227.249, xfe-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/J0DwS-hsxNYdJ33gU9NzMrWCAEY>
Subject: Re: [ippm] Secdir last call review of draft-ietf-ippm-ioam-deployment-02
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2023 17:52:11 -0000
Hi Brian, Happy New Year! Thanks a lot for your review - and sorry for the delay. We've just posted a new revision https://www.ietf.org/archive/id/draft-ietf-ippm-ioam-deployment-04.txt which is to address your comments. Please see inline. > -----Original Message----- > From: Brian Weis via Datatracker <noreply@ietf.org> > Sent: Wednesday, 16 November 2022 00:19 > To: secdir@ietf.org > Cc: draft-ietf-ippm-ioam-deployment.all@ietf.org; ippm@ietf.org; last- > call@ietf.org > Subject: Secdir last call review of draft-ietf-ippm-ioam-deployment-02 > > Reviewer: Brian Weis > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments just like any > other last call comments. > > This document declares itself to be a deployment guide for In-situ OAM (IOAM). > It provides an overview of the different models that IOAM can have (e.g., per- > hop tracing), the IOAM protocol encapsulations that are in development, and > deployment considerations. It is well written, providing a good overview to the > use of IOAM. > > The Security Considerations section is well-written, but I have some suggestions > on how to more clearly state the threats to IOAM. > > 1. While there is mention of integrity for the Proof-of-transit option data, there > is no mention of generally needing to protect IOAM data for integrity within an > OAM domain. I understand that this IOAM deployment document can specify no > particular method, and I see that the Security Requirements of RFC 9197 does > make some more specific statements about integrity protection at the protocol > level. But it would be good here to state that in some deployments it is > important for an IOAM transit node and IAOM decapsulating node to know that > the data it received hadn’t been tampered with, and that in those cases the > IOAM data should be integrity protected. ...FB: Good point. In particular given that we have a dedicated draft that discusses the integrity of IOAM data fields. I've expanded the section about integrity protection and added I-D.ietf-ippm-ioam-data-integrity as a solution approach. Even though IOAM focused on limited domains [RFC8799], there might be deployments for which it is important for IOAM transit nodes and IOAM decapsulating nodes to know that the data received hadn't been tampered with. In those cases, the IOAM data should be integrity protected. In addition, Since IOAM options may include timestamps, if network devices use synchronization protocols then any attack on the time protocol [RFC7384] can compromise the integrity of the timestamp- related data fields. Synchronization attacks can be mitigated by combining a secured time distribution scheme, e.g., [RFC8915], and by using redundant clock sources [RFC5905] and/or redundant network paths for the time distribution protocol [RFC8039]. Integrity protection of IOAM data fields is described in [I-D.ietf-ippm-ioam-data-integrity]. > > 2. Security Considerations says > > “… in order to limit the scope of threats to within the > current network domain the network operator is expected to enforce > policies that prevent IOAM traffic from leaking outside of the > IOAM domain, and prevent IOAM data from outside the domain to > be processed and used within the domain. “ > > Filtering IOAM traffic at the edge of a domain is important. But I suggest that > the text highlight the threats a bit more strongly. > There are two issues mentioned here. > > a. “policies that prevent IOAM traffic from leaking outside of the IOAM > domain”. While there may be little or no threat to the leaking of timestamps and > other network data, there could be actual privacy issues for an IOAM > encapsulating node that is a home gateway in an operator’s network. A home > gateway is often identified with an individual, and revealing IOAM data such as > “IOAM node identifier” > and especially geo-location information outside of the domain could be > catastrophic for that user. If this threat could be incorporated into that sentence > somehow, it would be stronger. > > b. “prevent IOAM data from outside the domain to be processed and used within > the domain”. This data “processed and used within the domain” could be just > bad data where a device outside the domain is accidentally leaking into the > domain. But it could also be an agent introducing IOAM data from outside the > domain in an effort to attack the system. Perhaps this could be worded “prevent > an attacker from introducing malicious or false IOAM data to be processed and > used within the domain”. ...FB: Thanks a lot. I've followed your suggestion and also include the scenario of the home gateway: Notably, IOAM is expected to be deployed in limited network domains ([RFC8799]), thus confining the potential attack vectors to within the limited domain. Indeed, in order to limit the scope of threats to within the current network domain the network operator is expected to enforce policies that prevent IOAM traffic from leaking outside the IOAM domain, and prevent an attacker from introducing malicious or false IOAM data to be processed and used within the IOAM domain. IOAM data leakage could lead to privacy issues. Consider an IOAM encapsulating node that is a home gateway in an operator's network. A home gateway is often identified with an individual, and revealing IOAM data such as "IOAM node identifier" or geolocation information outside of the limited domain could be harmful for that user. Note that the Direct Export mode [RFC9326] can mitigate the potential threat of IOAM data leaking through data packets. > > 3. Similarly, Security Considerations also says: > > “… deployments that are not confined to a single LAN, but span > multiple inter-connected sites (for example, using an overlay > network), the inter-site links can be secured (e.g., by IPsec) > in order to avoid external eavesdropping.” > > This is a good advice, but the wording “can be secured” is rather weak. > Considering again the privacy consideration and desire for accurate data > mentioned above, this should at least say “are expected to be secured” rather > than “can be secured. Indeed, I wish that formal requirements language could > be used here but as an Informational document I’m not sure if that would be > appropriate. > > Also, a better ending to that sentence would be something like “in order to > avoid external eavesdropping and introduction of malicious or false data”. ...FB: Great suggestion. The sentence now reads: However, in deployments that are not confined to a single LAN, but span multiple interconnected sites (for example, using an overlay network), the inter-site links are expected to be secured (e.g., by IPsec) in order to avoid external eavesdropping and introduction of malicious or false data. Thanks again for your review. Cheers, Frank >
- [ippm] Secdir last call review of draft-ietf-ippm… Brian Weis via Datatracker
- Re: [ippm] Secdir last call review of draft-ietf-… Frank Brockners (fbrockne)