Re: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04
"MORTON JR., AL" <acmorton@att.com> Sun, 23 April 2023 13:26 UTC
Return-Path: <acmorton@att.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D92F5C151B29; Sun, 23 Apr 2023 06:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHxqygsOczUW; Sun, 23 Apr 2023 06:26:36 -0700 (PDT)
Received: from mx0b-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A6A4C151B02; Sun, 23 Apr 2023 06:26:33 -0700 (PDT)
Received: from pps.filterd (m0336696.ppops.net [127.0.0.1]) by m0336696.ppops.net-00191d01. (8.17.1.19/8.17.1.19) with ESMTP id 33NC7G5j021962; Sun, 23 Apr 2023 09:26:31 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0336696.ppops.net-00191d01. (PPS) with ESMTPS id 3q4vjtve0h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 23 Apr 2023 09:26:31 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 33NDQUTp000400; Sun, 23 Apr 2023 09:26:30 -0400
Received: from zlp27127.vci.att.com (zlp27127-zdr.vci.att.com [135.41.8.212]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 33NDQQcC000358 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 23 Apr 2023 09:26:27 -0400
Received: from zlp27127.vci.att.com (zlp27127.vci.att.com [127.0.0.1]) by zlp27127.vci.att.com (Service) with ESMTP id 8E2AE401BB8F; Sun, 23 Apr 2023 13:26:26 +0000 (GMT)
Received: from MISOUT7MSGEX2CB.ITServices.sbc.com (unknown [135.66.184.206]) by zlp27127.vci.att.com (Service) with ESMTP id 4ADF640006F1; Sun, 23 Apr 2023 13:26:26 +0000 (GMT)
Received: from MISOUT7MSGEX2CE.ITServices.sbc.com (135.66.184.201) by MISOUT7MSGEX2CB.ITServices.sbc.com (135.66.184.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 23 Apr 2023 09:26:25 -0400
Received: from MISOUT7MSGETA01.tmg.ad.att.com (144.160.12.221) by MISOUT7MSGEX2CE.ITServices.sbc.com (135.66.184.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Sun, 23 Apr 2023 09:26:25 -0400
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.44) by edgeso.exch.att.com (144.160.12.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Sun, 23 Apr 2023 09:26:23 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zfb5J12eH+aacmOnrCbOjjXNcROfT3eoMs2XPQLs1Br0Ce54gYlKd6WvLXU+ScB1uAG6SB7xc30ttebUUgbuf5F1IgcLLleOV8mJ4fXY0FqgMRmmLI59eiN5R5L32vqAxBAP5v9enk2iPr13gq1JQp+FVoBnskZ4wuXEJGnkSKBKx5mlHw0K6/S1bH604QnSFv8eu+bhyfroNEry7KLm3WkWMyn89I+faJTthVY4Il39NGRAILjDZUsys+eog1B1LhqX2UK1b0C7jlRefSB8V/MqgtHFVub3cR8kHjzdVanYAJHnJHNQI5sd+Qa6l45GheKjNsAZGMfHu5BMHiBzIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M869oa3A5h64ye6B47gGNjJ8ehtJH0IWYahPV+nOKxY=; b=FIYFloBa0msm5vZIWJU4GGNIS4EpDWw9tcunfdVXTsRhwO82r+LnNlMy1qwWpwFWjpdfwTnIiJkSTIk5PNmEHqNlWOoK1pzeNisOfjHhY+thBq6YywxHc8h8vMUQ5x18qqm5uBbDNHChZ8aWD+7wE5a+s+2U8IT15UFcAf4eaIuDfFSnzgeQ/Pj/A/Og3RJoNB/rx9ooMBYTnmaXnzGzVac8elMEals4QokuKe2EB36wWwGcvkKEqKFExLseUZ2oDoFC8ZyTvqZEHJe/m9M5T2QIeWkA7VEPM4WG9CZOCj3SqqZlBnOAJ5Qxovjn3uKbGvsogsEc8lTqjy/ZLrC5PQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M869oa3A5h64ye6B47gGNjJ8ehtJH0IWYahPV+nOKxY=; b=Zgeue0jnhfjQDuqMR6ddn/7aSxzgN8zE6S0XU51MVnVhia/YNZNPyoDWAwbXnvY0p8Yt3ryIH/tQJ523NvtRdkXtF4VPxmJg7WIqq8ZRcYfdbe2o1cl43LO1PEGzjmcUyPBiWMYTFuEGOqhW4ajkRaGLAZRF+BaU4FsJPs8TukI=
Received: from CH0PR02MB7980.namprd02.prod.outlook.com (2603:10b6:610:105::17) by SJ2PR02MB9753.namprd02.prod.outlook.com (2603:10b6:a03:53f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.22; Sun, 23 Apr 2023 13:26:20 +0000
Received: from CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::4ee4:9c4a:6c2a:e758]) by CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::4ee4:9c4a:6c2a:e758%7]) with mapi id 15.20.6319.032; Sun, 23 Apr 2023 13:26:20 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: Brian Weis <bew.stds@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-ippm-capacity-protocol.all@ietf.org" <draft-ietf-ippm-capacity-protocol.all@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04
Thread-Index: AQHZTuzbYBLPZe9D0kiW5s+CN9dy268CrwaggDaADfA=
Date: Sun, 23 Apr 2023 13:26:20 +0000
Message-ID: <CH0PR02MB79803DDAAF360B4E44E5E5F7D3669@CH0PR02MB7980.namprd02.prod.outlook.com>
References: <167797065961.46817.5654760092907121117@ietfa.amsl.com> <CH0PR02MB79807F2F36C90E0C668CF04DD3839@CH0PR02MB7980.namprd02.prod.outlook.com>
In-Reply-To: <CH0PR02MB79807F2F36C90E0C668CF04DD3839@CH0PR02MB7980.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR02MB7980:EE_|SJ2PR02MB9753:EE_
x-ms-office365-filtering-correlation-id: 55bee1e6-7f59-4efc-776f-08db43fe536e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KwBqRyof9DU4CIqHSxyLSuqKQknh4pKAi3SaHkDu2EuPxRUHgJQLSVXDU0C7R/mHcKrFcyi+bGos4xRI38MzY2ggzaC8PA4vSncYBOat+C1jLW7Io+aFnXi4HtZnvbaPm4n98v7nJTt8OqCr7kX5+aDn8+He+edpK6CCBV1RQkwq28I9Q7xagGQOYx2Jd7ZkzyD9DWkoqunq2vaLg26O0GgdD9ADpuJR0eiDWQg0xnoTtNl88iLDZxcYTdFPofNT1sBL8oFglhvaPzbKFHGHNjejABmRY7mI8IKZN7EI0rxAsfE1kLjnGOxIWYQUHzAsCCVJvmOtbLcbzDwevFPZzx1N0rVvO1MsgsfovmtJ+GMeGKjBOWmYO3BkGZLKvExcqyivgysdlTqVyvHGOyQmDAEBlH3Qm0mGjDQv/nZs29u+DlGi3YuEjOTXXJmQ0rEGEfLqUocWN//9hZ06Noqu83Yb7xRZuPXXd3ARzmFV8Trx0Lqyj7nMG/OSVeFLPQySkHCr9AiiFckdcIKDMeXRs0qx5506tj4ZY161NVfY2+gLqBe3VKxFaJuvABA8PKohR1kViT1DgHkNrPcmY4RDIOVBB25Lfo0VQEF9VVSAEcM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR02MB7980.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(346002)(376002)(366004)(136003)(396003)(451199021)(38100700002)(38070700005)(122000001)(82960400001)(83380400001)(2906002)(86362001)(9686003)(26005)(7696005)(186003)(6506007)(82202003)(53546011)(52536014)(33656002)(66556008)(478600001)(66946007)(55016003)(66446008)(71200400001)(66476007)(64756008)(4326008)(316002)(76116006)(110136005)(54906003)(5660300002)(8936002)(41300700001)(966005)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PcHMIbNAB7PZAPFC0jdrJ+wHZ9dAxYvzl8ZG1VxO1nOrmx8wHXU2QoUaDONYmkESmORQ7CWEMDSaGsUIg9tcI9zkmJcuJ+aTHDbvAIB4JbaMqMkS23Elhdb7pMPRhEckMeKx2vgPj/HlCdmWWkSC6/UcYWU2Xl8o/BmSkcjtWPmhf833P5Arzh+buCfniE6WUdGHLM14Q8j/MCkHGw/stVwqRaoFvmqTwYKxBKaVOcyfyDbaz9optwtIjRp4h3K1NLR+SsDvuwIzSLnfS3kRxJTSz/YcdI64CWh410buW3YPqDGy8OlpmK0PSJhTHONH37dlTP92vdK/TnEGxDZpGHt/6o06NQGFgc0WFuqZ3L21v8Bgf/EspTaFcg70DkV8X15JfGb9p4FcxOGJEhHilxUkx9F8Cz2gk2iaWWpVjs2LjLWx4SpQCVmo3CaG7gIi21+BL14fpaEOboqeERmABJKuq5yl7kmCCQ2hJmZNhlLuKA/98KFCnifXI5bdR/qEy8sPGDQiSvaavmk8UpesCh29AHGlfsBtI+4g6O8yNqE+JfGBERoQqE24kwqI4/C1nP+MKa5b2Kcnp8yOOFgw5HYjtXvEJMHwGdkQGohtuOGgkUgAGrkvJ9yt4tpcRgEFMBQHkL+IOz5yFZdjqj1YTgjGcZqHAbjcj/P3u05ZxrqIbJwYpBo1vxwK8Ih1THfQYQYokHWIPemrgkVcuK05r+zR/Z337UUY/RbI0sBWPOnTn/s6bTzCdXt9FwXGPuP7NW4Oa/BSdmqIci+p/nvQIkH883aOdQ8rM9AhCdgN6sHXXRETU1XNSqU403yH07C9/Zif66CV1zbve+59wlDR1TTb1gpqyDlEjwPEKojywQrFZVf3Oht1W0eHER78GCpNZpGxa9zODyCfCSZsfShBptgo80jb7Cl4J7w80aunEKgeMJSDPg5WN1GpzpF7d6+Z74a8+1Um50f8SHF2D8DnbNadgClhOqb0JKblZXAfStuiDRWMfYj/0ZoFw+o2gvRXLj6OzqcBUznUDEJNwPV1pQ0hM/aodZTaWbGBy/JRRwarmqJA8ghCGDfOLGLJOFtVFwW33rkF8XH1mJBeWv4/Dsku7iPP3MK4I9FmsgQe/Z2GgrIPRgOdl8BQE2SEbOr67VXU4Pmdh5xKFsbXtT0AYF7BaxHZRhZvaqFpSYWiwQsB3KJi6qKu6hmWMjHt0I9J2lfmtfcZNuZ5qD4F4GeijIpO+yZhqgzvo3ZjimoOsZKXpiqQmcVhxZA7rOwW2dU5RQJx0CF3i5Urycwunc4m4mnVYtiPmd126TbgIzgh0smusIxRU7gY2Tv1q2CrF6vVat3GmhrywH6OPVykYL7uwdGOarV2qpjaa8I7eUO4gTVVKbSaL8lEWLXjUaYDAf3qoDBbUpViLdNJPaE9HqWBTTOP2EKPZp55NJ2bd6IP+jEnEp+1TPZgv9qRyLYYSyiBQ5tDipIaQ5tlcPhVYEpifcZYyLo8K8mrOhXnUYCtNKei3unAgv/ti+NE/3fN/Wmt89A6PqzFt15Xjh/VwoTHkT3RKGsoSarf95JPmXaZR9o=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR02MB7980.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 55bee1e6-7f59-4efc-776f-08db43fe536e
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2023 13:26:20.3279 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dcXa8O8JG7WuXs/iQb02Unh1HPx79NEe8YDvX4Fpx6ukUg+m0WFIRRTS8dNOvJ9l
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR02MB9753
X-TM-SNTS-SMTP: D9D1414591E7CD8A1DD76CD86158F911E044AE7416668440F7B8006280B1C7D02
X-Proofpoint-GUID: QVZBO_gc6bR9GWJoxu0LhY7Tnr8vXhq1
X-Proofpoint-ORIG-GUID: QVZBO_gc6bR9GWJoxu0LhY7Tnr8vXhq1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-23_08,2023-04-21_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 clxscore=1011 suspectscore=0 malwarescore=0 adultscore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 mlxscore=0 impostorscore=0 spamscore=0 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304230124
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/KT_eAUAzCfoeOk_IMwLO_XIPiUo>
Subject: Re: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2023 13:26:39 -0000
Hi Brian, We would like to receive your feedback on our proposal for a replacement encryption algorithm: > Ok. We were attracted to the "authenticated encryption" aspect of GCM, but we > can get that with AES-CCM too. Does AES-CCM alleviate the issues and fit our plans to use long-lived keys, etc.? With this feedback, we can proceed with updates to the draft. thanks, Al > -----Original Message----- > From: MORTON JR., AL > Sent: Sunday, March 19, 2023 5:08 PM > To: Brian Weis <bew.stds@gmail.com>; secdir@ietf.org > Cc: draft-ietf-ippm-capacity-protocol.all@ietf.org; ippm@ietf.org > Subject: RE: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol- > 04 > > Hi Brian, > > Thanks for your reply on the second SEC-DIR early review! > > We have summarized the topics for reply, below. Your review is appended. > > Al and Len > > > # Key comments and replies for discussion: > > > — The use of AES-GCM with a long-lived symmetric key (such as one > > on an RFC 7210 key chain) is not safe. ... (suggests a CBC mode) ... > and > > — Unauthenticated encryption is generally seen as risky, so when... > > Ok. We were attracted to the "authenticated encryption" aspect of GCM, but we > can get that with AES-CCM too. The Initialization Vector (IV) will be > generated by a pseudo-random generator with unique seed for each session, and > have sufficient size to avoid duplication over the life of a long-lived key. > The IV can be communicated in the clear, so we will. > > > — Also, there are some additional parameters that need to determined > > to guarantee interoperability. For example, which octets are > > encrypted, if a partial block needs to be encrypted how is it padded > > out before encryption to make a full block, and requirements on IV > > generation (e.g., that is must be from a good quality random number > > generator). > > We need to check if padding is needed for any of our PDUs, but the PDUs will > be fixed size so it's a static fix. > We'll specify the IV generation method. > > > > # Tension between Security and Measurement operation: > > > — Section 5.1.1 doesn’t say the network addresses and headers are > > included in the digest. It’s generally good practice to include (them)... > > Our test scope includes ISP Subscribers, so NAPT transversal is critical and > precludes including the addresses. > > > ... a valid message > > (e.g., Setup Request) can be extracted and placed in a different > > measurement flow that is not intended by the original sender. This is > > a substitution attack. > > All of the IPPM test protocols are susceptible to the substitution attack, and > there is no thorough mitigation that we know-of (including time in the digest > is a partial mitigation). > > Packet De-duplication, in DTLS and IPsec: > > This is generally seen as a feature for network > > encryption methods. > Right, but measurement systems expect to observe packet duplication when it > occurs. A trade-off is required, and the primary goal is measurement. > > > # Edits and Nits: > We will take care of other requests for clarifications requested > - digest coverage > - MBZ definition > - “Support for client-server authentication ….”. > - four Security modes, but encrypted tunnel makes five - becomes a paragraph > - mismatch > > > -----Original Message----- > > From: ippm <ippm-bounces@ietf.org> On Behalf Of Brian Weis via Datatracker > > Sent: Saturday, March 4, 2023 5:58 PM > > To: secdir@ietf.org > > Cc: draft-ietf-ippm-capacity-protocol.all@ietf.org; ippm@ietf.org > > Subject: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04 > > > > Reviewer: Brian Weis > > Review result: Has Issues > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. These comments were written primarily for the benefit of the > > security area directors. Document editors and WG chairs should treat > > these comments just like any other last call comments. > > > > General comments > > > > (1) The guidance of what bytes are included in the SHA-256 calculation > > and result placed in the authDigest field might need some enhancement. > > > > — Some places say that the authDigest field is zeroed (e.g., Section > > 4.2.2 ) and some says “The SHA-256 calculation SHALL cover all the > > preceding fields.”, which seems to omit the auhDigest field. I guess > > these aren't mutually exclusive statements, but it would be cleaner > > to have all of the description in one place so it is clear. > > > > — Section 5.1.1 doesn’t say the network addresses and headers are > > included in the digest. It’s generally good practice to include > > more context into the digest calculation so that a valid message > > (e.g., Setup Request) can’t be extracted and placed in a different > > measurement flow that is not intended by the original sender. This is > > a substitution attack. > > > > — If network addresses and headers aren’t included in the digest, > > then it will be important to describe why the substitution attack > > isn’t a threat. I understand that if NAT on the client that including > > it's network address is not possible, but there's still an issue. > > > > — Note that the inclusion of authUnixTime with the receiver > > checking “acceptable immediacy” is only a partial mitigation for a > > substitution attack, since the receiver’s notion of “acceptable > > immediacy” is apparently quite long from an attacker's perspective > > “(+/- 2.5 minutes)” and any other message including this PDU sent > > fron an attacker (e.g., with different network headers) during this > > period will be acceptable to the receiver. Reducing the window > > size won’t completely mitigate this attack either. > > > > (2) There doesn’t seem to be a definition for the MBZ octets and > > remainder bits, or a description of their purpose. (I’m guessing > > it’s “must be zero” but even that should be defined for the reader.) > > > > Specific comments > > > > Section 4.2.4. > > > > — The use of AES-GCM with a long-lived symmetric key (such as one > > on an RFC 7210 key chain) is not safe. The IV used by GCM is not a > > random IV such as used by some other modes of which you might be > > aware (e.g., CBC), but rather it is a counter that must NEVER > > repeat with that key. Ensuring no repeats is not operationally > > feasible for a key kept on a key chain. I.e., The counter must keep > > incrementing between packets, reliably stored over a reboot so that > > it isn't used again, and when the counter reaches the maximum value > > the key is not longer usable. I would recommend specifying CBC mode > > and a randomly chosen IV. > > > > — Also, there are some additional parameters that need to determined > > to guarantee interoperability. For example, which octets are > > encrypted, if a partial block needs to be encrypted how is it padded > > out before encryption to make a full block, and requirements on IV > > generation (e.g., that is must be from a good quality random number > > generator). > > > > — Unauthenticated encryption is generally seen as risky, so when > > encryption is included the the authDigest should also be used as > > it is in the other modes. Figure 2 should have both authDigest AND > > IV fields. > > > > Section 4.2.5. This section mentions that DTLS is not useful because > > “The replay protection would remove duplicated packets and prevent > > transparent measurement of this impairment.”. IPsec will also > > transparently remove duplicate packets, and since TLS is based on > > TCP, which has duplicate segment protection, I would expect that > > the application would also never see duplicate measurement PDUs > > from TLS either. This is generally seen as a feature for network > > encryption methods. > > > > Section 10. “Client-server authentication and integrity protection > > for feedback messages conveying measurements is REQUIRED.” Since > > one of the methods allows “unauthenticated mode for all messages”, > > I think this is meant to start with “Support for client-server > > authentication ….”. That is, the REQUIRED language means > > it must be implemented, but not used. > > > > Nits > > > > — Section 4.2 says “There are four security modes of operation”, > > which is also stated elsewhere, but there seems to actually be five. > > I understand that the fifth one is actually an external security > > mode that can be combined with one of the four modes (e.g., > > “unauthenticated mode for all messages”) in the PDU. It might be > > clearer to take the fifth one out of the list and just make it a > > paragraph. > > > > — Section 4.2.1 s/miss-match/mismatch/ > > > > > > _______________________________________________ > > ippm mailing list > > ippm@ietf.org > > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ippm__;!!Bhd > > T!lLiKK4svDahYLFenpa6d7FQa-qA1f4ltd7wjaRx1S- > YZCr9cEveGl5UOAc3B7KuEPYEWE3uif4c$
- [ippm] Secdir early review of draft-ietf-ippm-cap… Brian Weis via Datatracker
- Re: [ippm] Secdir early review of draft-ietf-ippm… MORTON JR., AL
- Re: [ippm] Secdir early review of draft-ietf-ippm… MORTON JR., AL
- Re: [ippm] Secdir early review of draft-ietf-ippm… MORTON JR., AL
- Re: [ippm] Secdir early review of draft-ietf-ippm… MORTON JR., AL
- Re: [ippm] Secdir early review of draft-ietf-ippm… Brian Weis
- Re: [ippm] Secdir early review of draft-ietf-ippm… MORTON JR., AL