IETF Logo Mail Archive

Re: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt

"Brian Weis (bew)" <bew@cisco.com> Mon, 12 November 2018 02:19 UTC

Return-Path: <bew@cisco.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E84D612D4F2 for <ippm@ietfa.amsl.com>; Sun, 11 Nov 2018 18:19:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6EhJ5fUepsKr for <ippm@ietfa.amsl.com>; Sun, 11 Nov 2018 18:19:20 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F0391276D0 for <ippm@ietf.org>; Sun, 11 Nov 2018 18:19:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=35430; q=dns/txt; s=iport; t=1541989160; x=1543198760; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=p46SNdkI37YlreCxn1VW+K8cK+C47oeFVRbVWw8fJ30=; b=aJMePYAr79H57v12Aj3YB1YhICt/fJ+Zsrkrm3wgEaJbUnfNpZ+h9/yS VYh2X0sZZe9oEfaK701o57qOIYQpkhBiuJZbaT1bVns40JGJ87VOXsJg1 xuBlCOzTnfYdvO6fp+BuCoBaxGuBlZhbBSZRuEa8mKpn5l2GNUGhxuc5u s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAAA34uhb/49dJa1gAxkBAQEBAQEBAQEBAQEHAQEBAQEBgVEEAQEBAQELAYIDZoECJwqDbogYi3iCDYdegSmOLhSBZgsBARgBDIRHAheDDSI0DQ0BAwEBAgEBAm0cDIU6AQEBAwEBASFLCwULAgEIEQMBAgEgBwMCAgIfBgsUCQgCBA4FgyEBgR1MAw0ID6hHgS+EMQIMQD+CMQ2CGYtjHReBf4ERJx+CTIJWRQEBAgEBFoEPBQESATYJAR0Jgj2CVwKJEiyFLoUHgSiKBi4JAoZ0gyeDVYMrEgaBWEyENoMihnSNJoEFiSYCERSBJg0QOGRxcBUaISoBgkEJgh0BF4F1hmmFPkExAYtZgR+BHwEB
X-IronPort-AV: E=Sophos;i="5.54,493,1534809600"; d="scan'208,217";a="200211852"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Nov 2018 02:19:19 +0000
Received: from XCH-RTP-005.cisco.com (xch-rtp-005.cisco.com [64.101.220.145]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id wAC2JI1H022205 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 12 Nov 2018 02:19:18 GMT
Received: from xch-rtp-001.cisco.com (64.101.220.141) by XCH-RTP-005.cisco.com (64.101.220.145) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sun, 11 Nov 2018 21:19:17 -0500
Received: from xch-rtp-001.cisco.com ([64.101.220.141]) by XCH-RTP-001.cisco.com ([64.101.220.141]) with mapi id 15.00.1395.000; Sun, 11 Nov 2018 21:19:17 -0500
From: "Brian Weis (bew)" <bew@cisco.com>
To: Greg Mirsky <gregimirsky@gmail.com>
CC: "J. Ignacio Alvarez-Hamelin" <ihameli@cnet.fi.uba.ar>, IETF IPPM WG <ippm@ietf.org>
Thread-Topic: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt
Thread-Index: AQHUdga0j7BtTkXoqE2P+bPcfo/CEqVD50GAgAAabwCABSTLgIACnX2A
Date: Mon, 12 Nov 2018 02:19:17 +0000
Message-ID: <EA717254-C51C-4E04-810C-588464200852@cisco.com>
References: <153635740444.28980.6908501775124770245@ietfa.amsl.com> <CA+RyBmV_BQbjuf63eZWShaZ1DnZB0cUmbaJMzDQrnZHG7xGxtA@mail.gmail.com> <0861E2EE-9403-4F71-AFD7-1C89D73C773C@trammell.ch> <CA+RyBmXWMq1c79O9x2uhmZxXjt0gipe=B_KTCcstW5Jxum8nrw@mail.gmail.com> <730E50FA-3318-43FE-9C1E-60D29B748BE0@trammell.ch> <B869E846-83DF-429C-A833-A1D2B613DA73@cnet.fi.uba.ar> <CA+RyBmWS-3hpWU=37b1geHtXZFAVA3Ap5ohz3DYpeOhShGiv0g@mail.gmail.com> <F77B6597-C36C-483B-8325-AE69DE393E86@cisco.com> <CA+RyBmWfG0Mjb+H0vUAoA0hBzPmSePWssr5dLmBkkVcy0ZXYHA@mail.gmail.com>
In-Reply-To: <CA+RyBmWfG0Mjb+H0vUAoA0hBzPmSePWssr5dLmBkkVcy0ZXYHA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.30.241]
Content-Type: multipart/alternative; boundary="_000_EA717254C51C4E04810C588464200852ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.145, xch-rtp-005.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/NYk52lYf_qCNnfV8fPU2oV4inD4>
Subject: Re: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 02:19:24 -0000

Hi Greg,

On Nov 10, 2018, at 4:23 PM, Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>> wrote:

Hi Brian,
I've started the new working version to apply updates resulting from our discussion and need to clarify one question with you. You've suggested that confidentiality may be provided by encryption at a higher level, i.e., not on the STAMP message. Thus, as I understand, we would not need to define the encrypted mode in STAMP and only have two modes - unauthenticated and authenticated. Would you agree?

That plan makes sense to me.

Thanks,
Brian


Regards,
Greg

On Wed, Nov 7, 2018 at 10:50 AM Brian Weis (bew) <bew@cisco.com<mailto:bew@cisco.com>> wrote:
Hi Ignacio and Greg,

ECDSA is a digital signature algorithm, which is very expensive and because of this it is not traditionally used to protect network data packets.  I don’t recommend specifying it. Unless this is a rarely sent data packet sent, you would be consuming a substantial amount of the CPU by applying a digital signature to every packet sent with STAMP. Also, in order to get the value  you want, you actually have to create a hash of the packet (e.g., using SHA1/SHA256) and then sign the hash, where the result will be at least the length of a full HMAC output. So you’re not saving any space.

Using HMAC-SHA1 or SHA256 on network data packets as shown in Figure 4 is very reasonable.  Section 5 of RFC 2104 (HMAC) says how it’s acceptable to truncate the hash output, and security protocols usually do this.  IPSec truncates HMAC-SHA-1 output to 96 bits (RFC 2404), and HMAC-SHA-256 is truncated to 128 bits (RFC 4868).  Since -03 was willing to apply a 128-bit truncated hash, I think you could safely specify using HMAC-SHA-256 with a 128 bit truncation. Note that if you specify the use of HMAC-SHA1, you will very likely run into SecDir complaints when you get to IETF last call.

I did mention in the IPPM meeting that adding AES support is bit more problematic. I would recommend specifying that when confidentiality is needed that it be done a higher layer. If you do decide to keep it in this draft, you should describe what is the value of protecting only the first 16 octets. Also, you should know that cryptographers do not recommend using EBC. A Wikipedia page describes this plainly: "The disadvantage of this method is a lack of diffusion. Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.” (https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_(ECB)).

The other mode -03 mentioned is using AES-CBC to protect the entire message. That’s a conventional use of AES, but when AES-CBC is used, both the encryptor and decrypt need the same Initialization Vector (IV) used with the method. Traditionally it is included in the packet, so that’s another 16 octets you probably need to add to the packet format. This should NOT replace the HMAC field, because cryptographers strongly state that it is bad practice to send an unauthenticated encrypted packet.

I don’t see the rationale in -03 for needing confidentiality. So it might be best to stick with an HMAC-SHA256 hash, and if confidentiality is required to use a higher layer encryption. Otherwise, you’ll need to do a lot more specification of how the confidentially is done in this draft.

I hope that helps.

Brian

On Nov 7, 2018, at 9:15 AM, Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>> wrote:

Ho J.Ignacio,
thank you for the comment and helpful suggestion. Will read the draft-alavarez-hamelin-tictoc-sic and respond accordingly in a short time. From the quick run through the draft, I agree with you that ECDSA offers advantages over the SHA1 of the same length. Just need to check for possible impact on YANG data model.

Regards,
Greg

On Wed, Nov 7, 2018 at 2:26 AM J Ignacio Alvarez-Hamelin <ihameli@cnet.fi.uba.ar<mailto:ihameli@cnet.fi.uba.ar>> wrote:
Hi Greg,

Today at the IPPM meeting I said that you could consider using SHA1 256 with bits for authentication, to respect some security standards. Your comment that is expensive, and I agree with that.
I propose another alternative, is the one that I used in draft-alavarez-hamelin-tictoc-sic-02, the Elliptic Curve Digital Signature Algorithm (ECDSA), which yields in few bits and has some securities form de cryptographic point of view.


Best withes,

        J. Ignacio
_______________________________________________________________

Dr. Ing. José Ignacio Alvarez-Hamelin
CONICET and Facultad de Ingeniería, Universidad de Buenos Aires
Av. Paseo Colón 850 - C1063ACV - Buenos Aires - Argentina
+54 (11) 5285 0716 / 5285 0705
e-mail: ihameli@cnet.fi.uba.ar<mailto:ihameli@cnet.fi.uba.ar>
web: http://cnet.fi.uba.ar/ignacio.alvarez-hamelin/
_______________________________________________________________



> On 16 Oct 2018, at 05:24, Brian Trammell (IETF) <ietf@trammell.ch<mailto:ietf@trammell.ch>> wrote:
>
> hi Greg,
>
> We'll put this and a tentative start of WGLC on the Bangkok agenda..
>
> Thanks, cheers,
>
> Brian
>
>> On 16 Oct 2018, at 01:00, Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>> wrote:
>>
>> Hi Brian,
>> my apologies for the delayed response. The new version of the draft has been just uploaded. The updates include the new section that describes authentication and encryption operations on STAMP packets. I'd request the presentation slot at the meeting and, if there are no significant concerns, would ask to consider starting the WG LC on the base specification. The work on the STAMP YANG data model still on-going and we're addressing the comments from the early YANG Doctors review by Mahesh. I expect we'll have the new version by the end of November.
>>
>> Regards,
>> Greg
>>
>> On Thu, Oct 4, 2018 at 8:12 AM Brian Trammell (IETF) <ietf@trammell.ch<mailto:ietf@trammell.ch>> wrote:
>> hi Greg,
>>
>> following up a bit late, perhaps... when do you think this will be ready for LC?
>>
>> Cheers,
>>
>> Brian (as WG co-chair)
>>
>>> On 8 Sep 2018, at 00:53, Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>> wrote:
>>>
>>> Dear All,
>>> minor editorial improvements to the document..
>>> Your comments, questions, and suggestions always welcome and much appreciated.
>>>
>>> Regards,
>>> Greg
>>>
>>> ---------- Forwarded message ----------
>>> From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
>>> Date: Fri, Sep 7, 2018 at 2:56 PM
>>> Subject: [ippm] I-D Action: draft-ietf-ippm-stamp-02.txt
>>> To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
>>> Cc: ippm@ietf.org<mailto:ippm@ietf.org>
>>>
>>>
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the IP Performance Measurement WG of the IETF.
>>>
>>>        Title           : Simple Two-way Active Measurement Protocol
>>>        Authors         : Greg Mirsky
>>>                          Guo Jun
>>>                          Henrik Nydell
>>>                          Richard Foote
>>>        Filename        : draft-ietf-ippm-stamp-02.txt
>>>        Pages           : 14
>>>        Date            : 2018-09-07
>>>
>>> Abstract:
>>>   This document describes a Simple Two-way Active Measurement Protocol
>>>   which enables measurement of both one-way and round-trip performance
>>>   metrics like delay, delay variation, and packet loss.
>>>
>>>
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-ippm-stamp/
>>>
>>> There are also htmlized versions available at:
>>> https://tools.ietf.org/html/draft-ietf-ippm-stamp-02
>>> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-stamp-02
>>>
>>> A diff from the previous version is available at:
>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-ippm-stamp-02
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>.
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> _______________________________________________
>>> ippm mailing list
>>> ippm@ietf.org<mailto:ippm@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/ippm
>>>
>>> _______________________________________________
>>> ippm mailing list
>>> ippm@ietf.org<mailto:ippm@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/ippm
>>
>
> _______________________________________________
> ippm mailing list
> ippm@ietf.org<mailto:ippm@ietf.org>
> https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org<mailto:ippm@ietf.org>
https://www.ietf.org/mailman/listinfo/ippm

--
Brian Weis
Security, CSG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com<mailto:bew@cisco.com>


--
Brian Weis
Security, CSG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com<mailto:bew@cisco.com>

v2.23.0 | Report a Bug | By Email