IETF Logo Mail Archive

Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06

Justin Iurman <justin.iurman@uliege.be> Tue, 14 June 2022 10:22 UTC

Return-Path: <justin.iurman@uliege.be>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A98C1649F4; Tue, 14 Jun 2022 03:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.004
X-Spam-Level:
X-Spam-Status: No, score=-4.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uliege.be
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPs7CkhNMqFi; Tue, 14 Jun 2022 03:22:28 -0700 (PDT)
Received: from serv108.segi.ulg.ac.be (serv108.segi.ulg.ac.be [139.165.32.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41249C1649FA; Tue, 14 Jun 2022 03:22:22 -0700 (PDT)
Received: from [192.168.1.62] (148.24-240-81.adsl-dyn.isp.belgacom.be [81.240.24.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by serv108.segi.ulg.ac.be (Postfix) with ESMTPSA id 7375C200E1D1; Tue, 14 Jun 2022 12:22:18 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 serv108.segi.ulg.ac.be 7375C200E1D1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uliege.be; s=ulg20190529; t=1655202138; bh=S3bcthVK6lG+GIZbNglrin4RWUidKpKhqQSmVdt8J+o=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=S14jr3jyeU/k7MrZ2SguKznnz1ALxs2zHHqfUyIQHHgCE7Y/7ZMO1ULeXtpa89HWL 2GCbiqseLgJcyQa2QCEejaNGHdz+YctHIhZtcPLl632IXqEocNZVvsM67qXRJrnHAV 6oi1wQ8rDEymd4sXAZdBODPmf+rnQAmqJFw4oY7i5gAmagBImR+9QaIudT7Ytg8koU mV8lEs8bGVIVB8JZqDH9J9NkuzWSYtqNDYNRtMG66YI0kTL699LRaTH7xrR2kAMrl8 fz0pcDyUDU3ShrIPkOwf4CMS8bENP8phCRXIIckvf6Tu0ZAntTopUZQPqGWia5air+ zdqbJp2qjthyA==
Message-ID: <7175e35c-7230-e633-d2f1-b18291e086e4@uliege.be>
Date: Tue, 14 Jun 2022 12:22:17 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: Colin Perkins <csp@csperkins.org>, tsv-art@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, draft-ietf-ippm-ioam-direct-export.all@ietf.org, IETF IPPM WG <ippm@ietf.org>
References: <163068085282.8497.2281892161766368778@ietfa.amsl.com> <CABUE3XkLEN8k5-t33UAPXiViOBWSs6NEZkPutVkESoWKb8ifXw@mail.gmail.com> <77C2CDAF-5911-4EF8-B841-A7B98653BA77@csperkins.org> <CABUE3Xm45AsskRbg7qG6+=3r_1e5MwkRREuiT5QoHfR1p=-Zkw@mail.gmail.com> <bdd2de70-f048-1d88-0ab1-5aa84ec9e8a2@uliege.be> <CABUE3X==McggSrPx1i+vHNA=ORXbuLo6yf_v70aJ7bNr3+cwww@mail.gmail.com>
From: Justin Iurman <justin.iurman@uliege.be>
In-Reply-To: <CABUE3X==McggSrPx1i+vHNA=ORXbuLo6yf_v70aJ7bNr3+cwww@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/JDNLG6-hIcRtonYxAKlGCtg0Fo8>
Subject: Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 10:22:32 -0000

Hi Tal,

Sounds good. I'd replace the following, though:

  - s/DEX option/DEX Option-Type/
  - s/IOAM option/IOAM Option-Type/
  - s/IOAM data fields/IOAM-Data-Fields/

not only for this paragraph but for the entire document, so that we keep 
consistency with notations from RFC 9197.

+ see inline for my answer to your remark ([JI]).

Thanks,
Justin

On 6/14/22 11:06, Tal Mizrahi wrote:
> Hi Justin,
> 
> Thanks for the heads up. You raised a good point.
> 
> I suggest the following text instead.
> 
> 
>        The integrity of the DEX option can be protected through a mechanism
>        of the encapsulating protocol. While [I-D.ietf-ippm-ioam-data-integrity]
>        introduces an integrity protection mechanism that protects the
>        integrity of IOAM data fields, the DEX option does not include IOAM
>        data fields, and therefore these integrity protection mechanisms are not
>        applicable to the DEX option. As discussed in the threat analysis of
>        [I-D.ietf-ippm-ioam-data-integrity], injection or modification of IOAM
>        option headers are threats that are not addressed in IOAM.
> 
> + please see an additional comment below, marked [[TM]].
> 
> Cheers,
> Tal.
> 
> 
> On Tue, Jun 14, 2022 at 11:00 AM Justin Iurman <justin.iurman@uliege.be> wrote:
>>
>> Hi Tal,
>>
>> I believe the new paragraph should be:
>>
>>       The integrity of the DEX option can be protected through a mechanism
>>       of the encapsulating protocol.
>>
>> Indeed, integrity protection of headers is out of scope regarding
>> [I-D.ietf-ippm-ioam-data-integrity]. Only the integrity protection of
>> IOAM-Data-Fields is proposed in this draft. And, the DEX Option-Type has
>> no IOAM-Data-Fields, per se.
>>
>> Actually, [I-D.ietf-ippm-ioam-data-integrity] could be applied between
>> the IOAM transit nodes and the collector (or entity, whatever it is
>> called), once triggered by the DEX Option-Type.
> 
> [[TM]] Let's not go there. The exporting format is something that is
> not currently within the scope of any working group document, and
> specifically the integrity of the exporting format is currently out of
> scope. It will be in scope once the working group adopts an exporting
> format.
> 

[JI] Ofc, I only mentioned this as a possibility to explain the 
situation. Looks like we're on the same page :-)

>>
>> Thanks,
>> Justin
>>
>> On 6/14/22 09:17, Tal Mizrahi wrote:
>>> Dear Colin,
>>>
>>> Thanks again for your review.
>>> I am revisiting this thread as the draft is in IETF last call.
>>>
>>> I believe most of the comment have already been addressed - see the
>>> current version of the draft:
>>> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-flags-08
>>>
>>> There is one comment that is still outstanding, regarding your comment
>>> about integrity protection. We propose to add the following paragraph
>>> to the Security Considerations section:
>>>
>>>      The integrity of the DEX option can be protected through
>>>      a mechanism of the encapsulating protocol, or by incorporating
>>>      the mechanisms specified in [I-D.ietf-ippm-ioam-data-integrity].
>>>
>>> If there are no further comments, we will include this paragraph in
>>> the next version of the draft.
>>>
>>> Thanks,
>>> Tal.
>>>
>>> On Fri, Nov 26, 2021 at 3:40 PM Colin Perkins <csp@csperkins.org> wrote:
>>>>
>>>> Hi,
>>>>
>>>> Apologies – I realise I’m replying to this very late.
>>>>
>>>>> On 4 Oct 2021, at 08:13, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
>>>>>
>>>>> Dear Colin,
>>>>>
>>>>> Thanks for the feedback.
>>>>>
>>>>> Please see below a comment and a question regarding your feedback.
>>>>>
>>>>>
>>>>> On Fri, Sep 3, 2021 at 5:54 PM Colin Perkins via Datatracker
>>>>> <noreply@ietf.org> wrote:
>>>>> [snip]
>>>>>
>>>>>> It may be worth considering to require the exporting mechanism to perform an
>>>>>> authenticated handshake with the destination to which it will export data, to
>>>>>> gain explicit consent to export the data to that destination, before starting
>>>>>> to send exported data.
>>>>>
>>>>> [TM] The point is well-taken. The following text edit is proposed,
>>>>> borrowing some of the text from your comment:
>>>>> OLD:
>>>>>     Although the exporting method is not within the scope of this
>>>>>     document, any exporting method MUST secure the exported data from the
>>>>>     IOAM node to the receiving entity.  Specifically, an IOAM node that
>>>>>     performs DEX exporting MUST send the exported data to a pre-
>>>>>     configured trusted receiving entity.
>>>>> NEW:
>>>>>     Although the exporting method is not within the scope of this
>>>>>     document, any exporting method MUST secure the exported data from the
>>>>>     IOAM node to the receiving entity.  Specifically, an IOAM node that
>>>>>     performs DEX exporting MUST send the exported data to a pre-
>>>>>     configured trusted receiving entity. Furthermore, an IOAM node
>>>>>     MUST gain explicit consent to export data to a receiving entity before
>>>>>     starting to send exported data.
>>>>
>>>> Something like that would seem appropriate.
>>>>
>>>>>> It may also be worth considering to add authentication
>>>>>> of IOAM DEX triggers, to ensure they come from a known and trusted source,
>>>>>> before acting on export requests.
>>>>>>
>>>>>
>>>>> [TM] Can you please clarify what you mean by "add authentication of
>>>>> IOAM DEX triggers"? What is the threat that you have in mind?
>>>>
>>>>
>>>> As the security considerations section notes, there’s a risk that an attackers could inject a spoof packet containing an export trigger. One way to prevent that would be to use a digital signature to authenticate the trigger messages as being from an authorised source. Maybe the larger IOAM framework already includes this, or a discussion of why it’s not appropriate, in which case it’s sufficient to add a (clearer) reference to that discussion. But if not, then the draft could usefully either add that, or add some discussion about why it’s not needed/appropriate.
>>>>
>>>> --
>>>> Colin Perkins
>>>> https://csperkins.org/
>>>>
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> ippm mailing list
>>> ippm@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ippm

v2.23.0 | Report a Bug | By Email