Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
Justin Iurman <justin.iurman@uliege.be> Tue, 14 June 2022 10:22 UTC
Return-Path: <justin.iurman@uliege.be>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A98C1649F4; Tue, 14 Jun 2022 03:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.004
X-Spam-Level:
X-Spam-Status: No, score=-4.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uliege.be
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPs7CkhNMqFi; Tue, 14 Jun 2022 03:22:28 -0700 (PDT)
Received: from serv108.segi.ulg.ac.be (serv108.segi.ulg.ac.be [139.165.32.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41249C1649FA; Tue, 14 Jun 2022 03:22:22 -0700 (PDT)
Received: from [192.168.1.62] (148.24-240-81.adsl-dyn.isp.belgacom.be [81.240.24.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by serv108.segi.ulg.ac.be (Postfix) with ESMTPSA id 7375C200E1D1; Tue, 14 Jun 2022 12:22:18 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 serv108.segi.ulg.ac.be 7375C200E1D1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uliege.be; s=ulg20190529; t=1655202138; bh=S3bcthVK6lG+GIZbNglrin4RWUidKpKhqQSmVdt8J+o=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=S14jr3jyeU/k7MrZ2SguKznnz1ALxs2zHHqfUyIQHHgCE7Y/7ZMO1ULeXtpa89HWL 2GCbiqseLgJcyQa2QCEejaNGHdz+YctHIhZtcPLl632IXqEocNZVvsM67qXRJrnHAV 6oi1wQ8rDEymd4sXAZdBODPmf+rnQAmqJFw4oY7i5gAmagBImR+9QaIudT7Ytg8koU mV8lEs8bGVIVB8JZqDH9J9NkuzWSYtqNDYNRtMG66YI0kTL699LRaTH7xrR2kAMrl8 fz0pcDyUDU3ShrIPkOwf4CMS8bENP8phCRXIIckvf6Tu0ZAntTopUZQPqGWia5air+ zdqbJp2qjthyA==
Message-ID: <7175e35c-7230-e633-d2f1-b18291e086e4@uliege.be>
Date: Tue, 14 Jun 2022 12:22:17 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: Colin Perkins <csp@csperkins.org>, tsv-art@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, draft-ietf-ippm-ioam-direct-export.all@ietf.org, IETF IPPM WG <ippm@ietf.org>
References: <163068085282.8497.2281892161766368778@ietfa.amsl.com> <CABUE3XkLEN8k5-t33UAPXiViOBWSs6NEZkPutVkESoWKb8ifXw@mail.gmail.com> <77C2CDAF-5911-4EF8-B841-A7B98653BA77@csperkins.org> <CABUE3Xm45AsskRbg7qG6+=3r_1e5MwkRREuiT5QoHfR1p=-Zkw@mail.gmail.com> <bdd2de70-f048-1d88-0ab1-5aa84ec9e8a2@uliege.be> <CABUE3X==McggSrPx1i+vHNA=ORXbuLo6yf_v70aJ7bNr3+cwww@mail.gmail.com>
From: Justin Iurman <justin.iurman@uliege.be>
In-Reply-To: <CABUE3X==McggSrPx1i+vHNA=ORXbuLo6yf_v70aJ7bNr3+cwww@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/JDNLG6-hIcRtonYxAKlGCtg0Fo8>
Subject: Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 10:22:32 -0000
Hi Tal, Sounds good. I'd replace the following, though: - s/DEX option/DEX Option-Type/ - s/IOAM option/IOAM Option-Type/ - s/IOAM data fields/IOAM-Data-Fields/ not only for this paragraph but for the entire document, so that we keep consistency with notations from RFC 9197. + see inline for my answer to your remark ([JI]). Thanks, Justin On 6/14/22 11:06, Tal Mizrahi wrote: > Hi Justin, > > Thanks for the heads up. You raised a good point. > > I suggest the following text instead. > > > The integrity of the DEX option can be protected through a mechanism > of the encapsulating protocol. While [I-D.ietf-ippm-ioam-data-integrity] > introduces an integrity protection mechanism that protects the > integrity of IOAM data fields, the DEX option does not include IOAM > data fields, and therefore these integrity protection mechanisms are not > applicable to the DEX option. As discussed in the threat analysis of > [I-D.ietf-ippm-ioam-data-integrity], injection or modification of IOAM > option headers are threats that are not addressed in IOAM. > > + please see an additional comment below, marked [[TM]]. > > Cheers, > Tal. > > > On Tue, Jun 14, 2022 at 11:00 AM Justin Iurman <justin.iurman@uliege.be> wrote: >> >> Hi Tal, >> >> I believe the new paragraph should be: >> >> The integrity of the DEX option can be protected through a mechanism >> of the encapsulating protocol. >> >> Indeed, integrity protection of headers is out of scope regarding >> [I-D.ietf-ippm-ioam-data-integrity]. Only the integrity protection of >> IOAM-Data-Fields is proposed in this draft. And, the DEX Option-Type has >> no IOAM-Data-Fields, per se. >> >> Actually, [I-D.ietf-ippm-ioam-data-integrity] could be applied between >> the IOAM transit nodes and the collector (or entity, whatever it is >> called), once triggered by the DEX Option-Type. > > [[TM]] Let's not go there. The exporting format is something that is > not currently within the scope of any working group document, and > specifically the integrity of the exporting format is currently out of > scope. It will be in scope once the working group adopts an exporting > format. > [JI] Ofc, I only mentioned this as a possibility to explain the situation. Looks like we're on the same page :-) >> >> Thanks, >> Justin >> >> On 6/14/22 09:17, Tal Mizrahi wrote: >>> Dear Colin, >>> >>> Thanks again for your review. >>> I am revisiting this thread as the draft is in IETF last call. >>> >>> I believe most of the comment have already been addressed - see the >>> current version of the draft: >>> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-flags-08 >>> >>> There is one comment that is still outstanding, regarding your comment >>> about integrity protection. We propose to add the following paragraph >>> to the Security Considerations section: >>> >>> The integrity of the DEX option can be protected through >>> a mechanism of the encapsulating protocol, or by incorporating >>> the mechanisms specified in [I-D.ietf-ippm-ioam-data-integrity]. >>> >>> If there are no further comments, we will include this paragraph in >>> the next version of the draft. >>> >>> Thanks, >>> Tal. >>> >>> On Fri, Nov 26, 2021 at 3:40 PM Colin Perkins <csp@csperkins.org> wrote: >>>> >>>> Hi, >>>> >>>> Apologies – I realise I’m replying to this very late. >>>> >>>>> On 4 Oct 2021, at 08:13, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote: >>>>> >>>>> Dear Colin, >>>>> >>>>> Thanks for the feedback. >>>>> >>>>> Please see below a comment and a question regarding your feedback. >>>>> >>>>> >>>>> On Fri, Sep 3, 2021 at 5:54 PM Colin Perkins via Datatracker >>>>> <noreply@ietf.org> wrote: >>>>> [snip] >>>>> >>>>>> It may be worth considering to require the exporting mechanism to perform an >>>>>> authenticated handshake with the destination to which it will export data, to >>>>>> gain explicit consent to export the data to that destination, before starting >>>>>> to send exported data. >>>>> >>>>> [TM] The point is well-taken. The following text edit is proposed, >>>>> borrowing some of the text from your comment: >>>>> OLD: >>>>> Although the exporting method is not within the scope of this >>>>> document, any exporting method MUST secure the exported data from the >>>>> IOAM node to the receiving entity. Specifically, an IOAM node that >>>>> performs DEX exporting MUST send the exported data to a pre- >>>>> configured trusted receiving entity. >>>>> NEW: >>>>> Although the exporting method is not within the scope of this >>>>> document, any exporting method MUST secure the exported data from the >>>>> IOAM node to the receiving entity. Specifically, an IOAM node that >>>>> performs DEX exporting MUST send the exported data to a pre- >>>>> configured trusted receiving entity. Furthermore, an IOAM node >>>>> MUST gain explicit consent to export data to a receiving entity before >>>>> starting to send exported data. >>>> >>>> Something like that would seem appropriate. >>>> >>>>>> It may also be worth considering to add authentication >>>>>> of IOAM DEX triggers, to ensure they come from a known and trusted source, >>>>>> before acting on export requests. >>>>>> >>>>> >>>>> [TM] Can you please clarify what you mean by "add authentication of >>>>> IOAM DEX triggers"? What is the threat that you have in mind? >>>> >>>> >>>> As the security considerations section notes, there’s a risk that an attackers could inject a spoof packet containing an export trigger. One way to prevent that would be to use a digital signature to authenticate the trigger messages as being from an authorised source. Maybe the larger IOAM framework already includes this, or a discussion of why it’s not appropriate, in which case it’s sufficient to add a (clearer) reference to that discussion. But if not, then the draft could usefully either add that, or add some discussion about why it’s not needed/appropriate. >>>> >>>> -- >>>> Colin Perkins >>>> https://csperkins.org/ >>>> >>>> >>>> >>>> >>> >>> _______________________________________________ >>> ippm mailing list >>> ippm@ietf.org >>> https://www.ietf.org/mailman/listinfo/ippm
- [ippm] Tsvart early review of draft-ietf-ippm-ioa… Colin Perkins via Datatracker
- Re: [ippm] [Tsv-art] Tsvart early review of draft… Bernard Aboba
- Re: [ippm] Tsvart early review of draft-ietf-ippm… Tal Mizrahi
- Re: [ippm] Tsvart early review of draft-ietf-ippm… Colin Perkins
- Re: [ippm] Tsvart early review of draft-ietf-ippm… Tal Mizrahi
- Re: [ippm] Tsvart early review of draft-ietf-ippm… Justin Iurman
- Re: [ippm] Tsvart early review of draft-ietf-ippm… Tal Mizrahi
- Re: [ippm] Tsvart early review of draft-ietf-ippm… Justin Iurman