[ippm] Re: IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
Tal Mizrahi <tal.mizrahi.phd@gmail.com> Thu, 16 May 2024 04:36 UTC
Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20530C1D4A7B for <ippm@ietfa.amsl.com>; Wed, 15 May 2024 21:36:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6RSXrQ0OMtd for <ippm@ietfa.amsl.com>; Wed, 15 May 2024 21:36:17 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47FE5C1CAF4C for <ippm@ietf.org>; Wed, 15 May 2024 21:36:17 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id ca18e2360f4ac-7e1b8718926so2448439f.2 for <ippm@ietf.org>; Wed, 15 May 2024 21:36:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715834176; x=1716438976; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=gioSwB4+VNLsrtlEki2G5fgIfsiznP/IsiwLEpHEK14=; b=bWWe3GSVXl0VzMBGJrId+EAVhfHJ0sJnFerPyKjv7TyWB0UPMNQMdhV3CpuHbsCfLC IBc2Cmlw5/1x84Ud+ZfOwVtl8pbUWCMpUlISPGdoD+LEQvNaCKwCDNsX+jfu02PuMNDL VRJd8oUOJZFQ1wz1EUh/JlpzYt4rvGF6Ax58d530KPPJvKX6l8SVrjc9ZotL95oBe3rN 7eyouR60Ff3USdeflTBhoG6iZnv41va43m5eCfsJo8Zc/ntHkurWq6Ov0eA1KOTAZMNs svgMnZ5LyONy9/0oGzV8qFgnesITu5hLFS1IpQHkkrHdKDBfDoMBk56EF5x+yc3ozd9O UtgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715834176; x=1716438976; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gioSwB4+VNLsrtlEki2G5fgIfsiznP/IsiwLEpHEK14=; b=vR47e/hbzs7NRk2FkxZ9xi7KYbGSbrzviByShdrlMEmbL8UQOVFzoVcGgNealq328m phGrnqTkkGmV+mVM7GWbtZOp4fmGPK39AdIm2z1kcXgqZuuZlew0Y94ExB5EOZMswxqn cWmH1yPfMMp6sOkgze1VtoFFx/R/qj49lrge8mRU+AM6JMJnTCpWLmKfU68sOK3T44U9 zmkWULCcRuJ50LC9PsTpITv7MA1aUxE43X0Py+cb7EZmImEtsNtUmu55/MYHgtDWcQRB hoPtOAIRsX+q9FQma8HJ8O91EqL8y/DZyCY+7oirkwKxVAO2uqfFzMBky0fKrwG5ZMh1 aHjA==
X-Forwarded-Encrypted: i=1; AJvYcCWySjpyh5eY/j4DKVlchobvWHVNmN/y09ozRezoWhiQBsuQfd/pcvDt0nOtEcxSCJuUPoGjCLFzNzVcuG+7
X-Gm-Message-State: AOJu0YzYvuxOtJJbiJ7s4/0msvq5qjCx9Slg6IR/ZrdPVp93+KpTTAo2 XyTsjgkI/73HLtm1hVUb4GQxLfGFOu8CVd4mIK2vuvBhRcJf3R5cyNkT2/d97kj7fxFp4yJdOLV ep5xx3RghC/ckKtEqbNkeR0xBGUI=
X-Google-Smtp-Source: AGHT+IEGUoOlR9hF5aA1lX0Q3dWnTKPF8jmyQXLojJONTxi/s0ri2Wh+E/mWcU2ZFwsVRV3qBuBZTGRmmtfxMST2cBY=
X-Received: by 2002:a6b:d203:0:b0:7de:e04b:42c3 with SMTP id ca18e2360f4ac-7e1b5022577mr1866469739f.0.1715834176377; Wed, 15 May 2024 21:36:16 -0700 (PDT)
MIME-Version: 1.0
References: <EB9C8A72-2118-4D5F-8A49-BB6CC327297F@apple.com> <CABUE3Xm+9Tbx9Pn0rdtuqoRsOQuR4cdUjMzqb2pOsQLqyrn_VQ@mail.gmail.com> <CA+RyBmUZNyT-iJyXGv-qeeknK3MXz7oKQrr=hnzffQY7HKrFPw@mail.gmail.com>
In-Reply-To: <CA+RyBmUZNyT-iJyXGv-qeeknK3MXz7oKQrr=hnzffQY7HKrFPw@mail.gmail.com>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Thu, 16 May 2024 07:36:03 +0300
Message-ID: <CABUE3Xn_JLYGv=Ta7JpD-T3h_27xA+stb_5t2DDH5NVG8W92hw@mail.gmail.com>
To: Greg Mirsky <gregimirsky@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: FOGLZYSJOBK5WPU2CKKPFIWEJKESHX5D
X-Message-ID-Hash: FOGLZYSJOBK5WPU2CKKPFIWEJKESHX5D
X-MailFrom: tal.mizrahi.phd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ippm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [ippm] Re: IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/PhdvECjUR93JYE4eCXbYYSbfH14>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Owner: <mailto:ippm-owner@ietf.org>
List-Post: <mailto:ippm@ietf.org>
List-Subscribe: <mailto:ippm-join@ietf.org>
List-Unsubscribe: <mailto:ippm-leave@ietf.org>
Hi Greg, Thanks for considering my comments. Your suggestions make sense and address the concerns I noted. Cheers, Tal. On Tue, May 14, 2024 at 9:07 PM Greg Mirsky <gregimirsky@gmail.com> wrote: > > Hi Tal, > thank you for your suggestions and references to the comprehensive security analysis of IOAM and related use cases. > The new STAMP extension defined in the draft might be used, as it is noted in Section 4, as a new DDoS attack vector. Among potential scenarios are those listed below: > > Spoofed STAMP test packets that include Reflected Test Packet Control and Return Path (RFC 9503) TLVs. To mitigate that risk, we note that HMAC TLV can be required if the domain is not trusted. > Attacking MiM might be intercepting STAMP test packets and altering content of Reflected Test Packet Control TLV. That seems similar to the scenario above, that can be mitigated by including HMAC TLV as well. > Human error, e.g., requesting too many and/or too frequent reflected STAMP test packets. We added the requirement that an implementation must control rate of reflected packets and if the parameters in Reflected Test Packet Control TLV exceed limits then the Session-Reflector acts as described in Section 2: > > If a > > Session-Reflector that recognizes the Reflected Test Control TLV > > cannot sustain the transmission of reflected test packets at the > > interval requested in the Interval Between the Reflected Packets > > field on the received TLV, the Session-Reflector MUST set the U > > flag [RFC8972] to 1, and MUST transmit a single reflected packet. > > Otherwise, the Session-Reflector MUST set the U flag to 0 in each > > of reflected test packets. > > And here we come to the question of mitigating the risk of excessive packet reflection. We consider that the task of controling the reflection process is the task of a Session-Reflector, not the Session-Sender. We propose adding the following text in Security Consideration as a second paragraph: > > Furthermore, a DoS attack using the Reflected Test Packet Control TLV > might target the STAMP Session-Reflector by overloading it with test > packet reflection, e.g., extremely small intervals and/or too many > concurrent test sessions. To mitigate that, an implementation that > supports the new TLV MUST control the rate and volume of reflection > of STAMP test packets by the Session-Reflector. > > > What are your thoughts? > > Regards, > Greg > > > On Thu, Apr 11, 2024 at 6:56 AM Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote: >> >> Hi, >> >> I believe that an asymmetric exchange in STAMP has value, and >> therefore I support the adoption of this document. >> I share the concerns raised on this thread regarding the potential of >> amplification attacks, and I believe this will need to be resolved, >> but not necessarily before WG adoption. >> >> I have the following suggestions about mitigating the amplification concerns: >> - The security considerations section should be more detailed and >> discuss the potential for amplification and DDoS attacks, including an >> upper bound on the order of magnitude of amplification. >> - The "Number of the Reflected Packets" and "Interval Between the >> Reflected Packets" should be reconsidered. Maybe consider a way to >> limit them to a sufficiently small "Number" and large "Interval". >> - Regarding amplification and how to mitigate it, you may want to take >> a look at RFC9322 and RFC9326, as we had many discussions about >> amplification when we were working on these documents. >> >> Cheers, >> Tal. >> >> On Tue, Apr 9, 2024 at 7:37 PM Tommy Pauly >> <tpauly=40apple.com@dmarc.ietf.org> wrote: >> > >> > Hello IPPM, >> > >> > This email starts an adoption call for draft-mirsky-ippm-asymmetrical-pkts. This is a document we’ve discussed several times, and is a normative dependency for another document we discussed adopting at IETF 119, draft-gandhi-ippm-stamp-ext-hdr. >> > >> > You can find the draft here: >> > https://datatracker.ietf.org/doc/draft-mirsky-ippm-asymmetrical-pkts/ >> > https://www.ietf.org/archive/id/draft-mirsky-ippm-asymmetrical-pkts-04.html#name-reflected-test-packet-control >> > >> > Please review the draft and respond to this email to indicate if you think IPPM should adopt this document as a working group item. >> > >> > This call will last for 3 weeks. Please reply by Tuesday, April 30. >> > >> > Best, >> > Tommy & Marcus >> > _______________________________________________ >> > ippm mailing list >> > ippm@ietf.org >> > https://www.ietf.org/mailman/listinfo/ippm >> >> _______________________________________________ >> ippm mailing list >> ippm@ietf.org >> https://www.ietf.org/mailman/listinfo/ippm
- [ippm] IPPM adoption call for draft-mirsky-ippm-a… Tommy Pauly
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Ernesto Ruffini
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Sebastian Moeller
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Giuseppe Fioccola
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Rakesh Gandhi
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tal Mizrahi
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… xiao.min2
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Footer Foote (Nokia)
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Bjørn Ivar Teigen
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Ruediger.Geib
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Henrik Nydell (hnydell)
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tommy Pauly
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- [ippm] Re: IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- [ippm] Re: IPPM adoption call for draft-mirsky-ip… Tal Mizrahi