Re: [ippm] On the integrity of IOAM data fields - new draft draft-brockners-ippm-ioam-data-integrity-00
Greg Mirsky <gregimirsky@gmail.com> Sun, 07 February 2021 00:37 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5131D3A2DBA; Sat, 6 Feb 2021 16:37:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oh2bHIjFO-Lv; Sat, 6 Feb 2021 16:37:23 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A316C3A2DB8; Sat, 6 Feb 2021 16:37:22 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id m22so16592544lfg.5; Sat, 06 Feb 2021 16:37:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Th0sIj1svmLhA7tmWPXLz3N3ZA5QS1PIvKPN9qK3now=; b=CwCQh8nO7kmmcr07Q3IXqaUC9ZTxySJLbZVCVoPcWVbawshJb7V0H3t7yvw0CBuID1 e2KcHq+qcXkLZ8+Yn28j59FAa81LKUkhFWv3UZ2vuwflSY4q2Ilf+7D823ukgnJwm+1B hEiH3GJclEwYb36iP2zFAq5p3VgJ1H/mIB+WKiQqdtRzFAbElQQxNrDgFsJ2mmxfjXvC EHM9hIVUd1NphcLsdL6s0Da8GpjSLVA6JqRwaRaBkh5ooBz519lpS/mJA/LyK8PEo9pC aNMaFdOy05g7pGICBWhVHfMvrbzZvhRA/3OmwWmwey4AhwRCs9MgJ5nT+TG0uVSPj8Hq HiTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Th0sIj1svmLhA7tmWPXLz3N3ZA5QS1PIvKPN9qK3now=; b=sbB09yj6gb9eAGJnvmKFUFQDvRwaFjdRezCwl2GNlde2KEXhsqxlwT/MSF8yg36Le+ TLHiupNgNWh4AKyfCRLMxZuYTVtN1diNA2WWLLh87Qx47NiiPhGSudK6edHB5cfKomrM pC9KFyTgaQY+rc+Ug2wilaqsM5/FCffHYkk9pYUFFP3PZeRmC+JBGAMBqu7d+qGMnPqt OW5dxBBEgNmuiPyOAz1uWakoClzL25IyS5fr49IMOnYI8usVZXnZrkYMefdOTScF1NhD RspP5+WQcUccEWjvtj4DolwwabTIFiFTGGcTLREoEW2L5Y/gGIh5OzftAZ5KpvA/GxBY 6f3w==
X-Gm-Message-State: AOAM532tbgJ9baqq1K0XQi1G+TG7vYo1r5U8r4Ba+8qNnse9O7IITBWM n2ngaHAyGhWDLYiBb7OMgdT7f5eL8B0G4XKGVJg=
X-Google-Smtp-Source: ABdhPJxAKHuJqtIwNYZm0O9rriQvPArWY+nzveR6u4BFNCWFws1rwHDEmGTHSwon65Yt8MjybiNFS6/TAnTAkFVOja8=
X-Received: by 2002:ac2:42cc:: with SMTP id n12mr6149547lfl.364.1612658240369; Sat, 06 Feb 2021 16:37:20 -0800 (PST)
MIME-Version: 1.0
References: <SN6PR11MB2589138CDBB694A95D0DE15BDABD9@SN6PR11MB2589.namprd11.prod.outlook.com>
In-Reply-To: <SN6PR11MB2589138CDBB694A95D0DE15BDABD9@SN6PR11MB2589.namprd11.prod.outlook.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Sat, 06 Feb 2021 16:37:09 -0800
Message-ID: <CA+RyBmXgkMcTSqqjqg-NZ6jWKMYhfa3d3QFgEOVw-skv5VfgUg@mail.gmail.com>
To: "Frank Brockners (fbrockne)" <fbrockne=40cisco.com@dmarc.ietf.org>
Cc: IETF IPPM WG <ippm@ietf.org>, IPPM Chairs <ippm-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008fb80e05bab4413b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/McAfSPd8V2oYQ19Graqd6e2zZlE>
Subject: Re: [ippm] On the integrity of IOAM data fields - new draft draft-brockners-ippm-ioam-data-integrity-00
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2021 00:37:25 -0000
Hi Frank and Authors, thank you for preparing this well-written and really mature document. I fully agree with your opinion that IOAM security is not limited to identifying potential attack vectors and mitigating threats. This document provides implementors with a comprehensive set of mechanisms to protect the integrity of IOAM data fields. While the draft gives us a detailed analysis of the potential threats and protection solutions for IOAM Trace Options, it could be helpful to expand the scope of the analysis by adding the Direct Export mode of IOAM. I think that for the Direct Export the native security mechanisms of IPv6, i.e., Authentication and Encapsulating Security Payload Headers (RFCs 4302 and 4303 respectively) can be used. Regards, Greg On Mon, Jan 25, 2021 at 6:20 AM Frank Brockners (fbrockne) <fbrockne= 40cisco.com@dmarc.ietf.org> wrote: > Dear IPPM WG, > > During the IETF last call, there's been a discussion on how to ensure the > integrity of IOAM data fields for those deployments that require it (see > e.g. the thread below). > > The IPPM chairs inspired an "integrity-00" draft to facility the > discussion and evolve towards a solution. We've just published a first cut > at discussing the different threads along with outlining different methods > for addressing the integrity of IOAM data fields: > https://tools.ietf.org/html/draft-brockners-ippm-ioam-data-integrity-00. > > It would be great to get a view on which method you see as preferable and > for what reasons, along with whether anyone has any additional > methods/solution approaches in mind. > > Thanks, > Frank, Shwetha, Tal. > > > -----Original Message----- > > From: Benjamin Kaduk <kaduk@mit.edu> > > Sent: Samstag, 28. November 2020 06:11 > > To: Greg Mirsky <gregimirsky@gmail.com> > > Cc: Tal Mizrahi <tal.mizrahi.phd@gmail.com>; last-call@ietf.org; MORTON, > > ALFRED C (AL) <acm@research.att.com>; IPPM Chairs <ippm-chairs@ietf.org > >; > > draft-ietf-ippm-ioam-data@ietf.org; IETF IPPM WG <ippm@ietf.org> > > Subject: Re: [Last-Call] [ippm] Last Call: > <draft-ietf-ippm-ioam-data-11.txt> > > (Data Fields for In-situ OAM) to Proposed Standard > > > > Hi Greg, Tal, > > > > On Thu, Nov 26, 2020 at 12:14:42PM -0800, Greg Mirsky wrote: > > > > > > On Wed, Nov 25, 2020 at 1:56 AM Tal Mizrahi > > > <tal.mizrahi.phd@gmail.com> > > > wrote: > > > > > > > > On Tue, Nov 24, 2020 at 11:30 PM Greg Mirsky <gregimirsky@gmail.com> > > > > wrote: > > > > > > > > I would suggest to consider a new IOAM option that incorporates an > > > > HMAC, which can be used alongside the conventional trace options. > > > > This would allow an optional integrity protection capability for > > > > those specific implementations that require it. This new option > > > > could be defined in a new draft, allowing the data draft to proceed > > > > to publication. > > > > > > > GIM>> I think that proceeding without addressing the essential > > > GIM>> security > > > issue of the protocol might be premature and may produce > > > implementations that are vulnerable to attacks. > > > > Thanks for raising this topic. > > > > Based on the discussion so far and skimming the first few sections of > the draft, I > > expect that I would put a discuss ballot in to ensure the availability > of a security > > mechanism such as this, which in effect would negate the intent to > "allow the > > data draft to proceed to publication". > > That said, my stance could change as the thread continues or when I take > a > > closer look at the whole document, so it is okay (from my point of view) > if you > > (Tal) choose to wait and see if this does end up being a discuss point. > > That said, I'd of course prefer if you and Greg can find a solution and > get it into > > place now :) > > > > Thanks, > > > > Ben > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm >
- [ippm] On the integrity of IOAM data fields - new… Frank Brockners (fbrockne)
- Re: [ippm] On the integrity of IOAM data fields -… Greg Mirsky
- Re: [ippm] On the integrity of IOAM data fields -… Frank Brockners (fbrockne)