Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

Ameya Deshpande <ameyanrd@yahoo.com> Sun, 04 July 2021 15:00 UTC

Return-Path: <ameyanrd@yahoo.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E67B3A1FD3 for <ippm@ietfa.amsl.com>; Sun, 4 Jul 2021 08:00:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yk0KieLZm5xd for <ippm@ietfa.amsl.com>; Sun, 4 Jul 2021 08:00:38 -0700 (PDT)
Received: from sonic306-20.consmr.mail.sg3.yahoo.com (sonic306-20.consmr.mail.sg3.yahoo.com [106.10.241.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 514CF3A1FCB for <ippm@ietf.org>; Sun, 4 Jul 2021 08:00:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1625410835; bh=Lx3Fvqya1Mvwfv95DEIXJVrn4ZBP3f8PalPiRRu7XTM=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=adzKwoXUs5yDVMSruZIVeb92ROcGZ7ZpFwE6NP+pBSO30e3WUZ+mdy6Fl8zfgAHyJrstjvUb5YvMGLfPq3DUP/zpqj6AuTlafGpf+zbAOtTbzMGWsB2t1fMYjYyhzMty51MzZJyYC79PDLQze/5Oy8dn1RGKgBhAgNt6Shd9YVGySJswUMN7CV5cDEtLJ58/e295Yv4J4jVXxT0HBtmLsyKCAlPzVYeS7VegLuhzN619wKGNZKHc+sIDGh+w1W9dSsftL6rLlbtxiwqEGRnL3nU99quFdmWBL89dCJf12xyHtaHgchked12nLZ3Yal0vgmnoeCcn1Fv6IPXefvP3Kw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1625410835; bh=eIC4CTob+0oOdAQc9n1KQD45cW9nDOfEGU57r1f3NQ3=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=oDijGpS3HWg4kMkxxBrQ4XAFRpM09GNuxVpx5yC+6nxqayXYuIT9pvwJYeav7WQxfjjPcZHUBcyJgfrkKpumM6KtlLcAbsb7fb094DzxtISkAgOgBWCiq3OV+8M+5ZxXSfa1Q+MAm742CZZFYW9XvqJhmJNyhJhb0LZcMVP/kpmvSFW7mtOPLVNj4ZLZYeuLRVxd/h7adpZ14D0ay/wfmZoM/e2RLCqFUfqjaiJ4mz1QyPVQI4MEWbN7hRM+8uWx4oPYJhG+ZZKPF+UhHlCAA5Mjh5CxHzewQcerbdyk3gx8UoC17I9tSI8UMfxrjyqO6KZ8i3/F/UPBsp8BDfdEzw==
X-YMail-OSG: ZGghn8MVM1kfHBjrkA6kJ3EQo9iDok_Y92fmRqdsksjvpiXWSxgesa14T0rf9Gd jYjMKZI4JyFlBfhav3.QZ6Uo74kKqUFUBbYI7xWwT3rcB3QD1y.aUoKZs1l7mHPRw7r3USkr59Od wxCWHQYSVvUO57MdaGqivPXK8EdxiMEOjw5jjxA7HO3HcVf4gX.eeXW1O2f.WZ_xvo2qj.JOjLfr iuY2bw5UhCKzIoxM31ZBS797LPfSPFnqewA1Ye335OFbnI9t9YvPg55B0cK5zrOx53DHD9SBohrV 2xYAzCw72u467AoLMA.shDn_lf.19eCbdZCRhJAQzlGzFdriOMIEBilX7L0aYYk_pD1qPJDejaEJ t610sRi.92JWOP6OdaNQJxK8C5QrXX0bmdtkbPlDjfG7rQEsJCaBKELvgx1Q7frF3BVNblwOsexS m2FMzBQVWoQn.PKBfT5VEzxGNFWTXsFc9He8FByiZACmI9nP5wzCKjcQM9pMxb6h3QvTOwIQVBox mZhSIANpRZMfhQGoO7c4pj4.g_DfY6JPz.wJ1X3Bc2Bx30HmBXkh2GXwGoP9wFJ5YnB2yLynSrE_ yu.xsQawjeuRVn.OTr073yRdqCbMj3eWDMPfsYmlnwnLmurc3nNPwNTeXuti17HgQh6CJoenKmQk kXD3rF.96SKhK2BiZ3oa.hdvePGm7AH0BkyPrVUweoAsYYrri19YBs9xW98uIui.AUvix0RPQ.Q. AqosAnXsy5iUsFnHttJYl5qZFV4qdTHTBVCz470Uw_gW4pJgULcDi1oJdHeSVqwK40ibpT8XKEoI Y83McwCrb1CHWRVJwqA_Fsna6aAVOPntoR2pt4DOGLjlJN1tBGmq2Ncb4PX2ddiSTqegErsD7icv ofM3zgyPxPR4XdnjXoFRaNLilaFPF.9NwdQ1QfDoLvA.XAqA2tBt5n9GFOKYiLGnCcV0IKl0OucQ IpgPGVp8BWAANKbESm0JPZGRZz4AEji4RvAlcPJSS6kaIQ6MtK6oSRz4Igr_scbXlJiAq0LMGC.I Nvj65yu1DnNfJZ3tCRwKDIAXYCMpkMSyGvNr8NS00oTbuLyIbkiS8gQlQgb5d5vxfwRopifdGcPP 6e0QRHXzdNetvLxqo3O4FDDlbhwJpr2GyF_rMBVZsC_5jaC9khPoi4frAAJ0sfsjgMnmtUk_3.X5 lhsv9o12soWRLK2pqFNP_7TCGwqXIgq11NPVT6fbyQPyC2MMj5Shlw6kwv0flYLYFwzzc_e3HZG9 StJnAYDWkDGB57GC4QBSF5A0YCMUI5BYt0rDJmfYyXAaXAZwOLdu7xAeVmVMoKGzaPpc7z67CRYX b2gnmmRc8LigL2rWPKWjpPoA3WWhG0ZDKtCAxRlq57ZEvQkV6ocBrAbnIxU8QylraAN974fFB7e4 3u8tGjziEEObD1W2jZcPgNj0S1_7Bxp9FFwIlAK5adK8D762E2Lt4VXiMZ3dRfI3.qK9Hyhmodsd 1JmbXJCT.g7oOuc35dR7aj8KXInc6jummWUAKBURvvbP1YR7bJ5n.wbjCEuagCO_UWI9VqLsX17H .kRzH.DuNqPdUW9c8f7GSalFlE72a4fcxOO.UusTHtWEUAFKcaOZaMMK9eAhtMdSMdJyUJWEQTuy aB7bMo7YgmI5s_HpJJX6cjHt9Vp5vs3OatwPwyTVjPVCHmQTp1GTDUc9d.zjeEKCYVqdPL2r2A4F nMXLkMAo8smwMDBMFcuu4Kflr3loRcjUkAM1Ndile9ifRzx_zhNkaLFFEzuVW0h2.0tTcJQSZqBZ KIuRZL7FehTysPRrkgvoBDXQXPrA6G0AVeARvZIBkUWKNj8kTVYPI6sCim3UJblw7hNuKaIqDdYm uGr2fhZHg1jnskFzrJ3.ijHs1o_mSzB1HqHd95ICWRuoAImeWlGybVCnRptXZNTkdhtQpW2jkuHz aQAO7WOOrJMQmflyIr7iH2FcmSmCmDNENIQgikKZnQVIu0nejFR3Jof2Uolpu_8zTNLikS4Cgceq FxMklvR8AmCaYmJw4Ax_skgHSR3juf.TQd3MNo.It_yA_x4ELj.aGIcmXS55JlIzC4OXQDJqWmc8 TbDKPPhf94Lum4tiego8TFYe.sMy49htpyuGMOBocPmhP5ubJp2p11dJcm7DMb9WaUp9rYqmpEOh 0.iLjA06kqPtJiVn6xjfm.yzY_Xcr39p4BoDsQ4gz6jtLuMIEZlQNEnIb5U4MoBkj3VIEq0toj43 pshGEfEVWRDX7U9xJCNLpD5_AUzyDz_5fbEL536FaXEVUnXQAWlB6nF03dhJIDEwfEQ47a399ou0 snmWJeIWl1EI_t.iYC_QAuATqY.6yGsFXhRhDLWMyCQbWoC575smktB6nYXaHl23NKDVjtrG__nd yTWf0CvU7CW9oCOSXp9uwrfgKVa3rSkhLHY7HH1BZxJsr7LeYX_P2qN1kDRE9pNd_3u9riYEI_B4 YkuFz5fGS.jppTGXvpX_OZRx._y6aj08Ayio184TKmgNu26LjFRESCaXh2NanHNolgPXUT5rwy8H t5FligTOj_eZjbwbsJ1J.UsBB3FNXvROZqXB7RxopOtspwo8_dDZj1vtppUJQp1cYCOb1fHU7n5t XMN1z0NGm6Dn_1cm.3_NcK8nZCwQ_Ot8uGtS6HlGQww--
X-Sonic-MF: <ameyanrd@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.sg3.yahoo.com with HTTP; Sun, 4 Jul 2021 15:00:35 +0000
Date: Sun, 4 Jul 2021 15:00:21 +0000 (UTC)
From: Ameya Deshpande <ameyanrd@yahoo.com>
To: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>, "Mohit P. Tahiliani" <tahiliani.nitk@gmail.com>
Cc: "draft-elkins-ippm-encrypted-pdmv2@ietf.org" <draft-elkins-ippm-encrypted-pdmv2@ietf.org>, IETF IPPM WG <ippm@ietf.org>
Message-ID: <540530658.5400383.1625410821717@mail.yahoo.com>
In-Reply-To: <CA+4Fxsg4VnWQkyEZTm6h9LmCviq7GUOd=CY0O9P4FvRyW9wGZw@mail.gmail.com>
References: <162256330634.19677.3885804345914692467@ietfa.amsl.com> <28584824.2341925.1622563579715@mail.yahoo.com> <721002155.671981.1625161479360@mail.yahoo.com> <CA+4Fxsg4VnWQkyEZTm6h9LmCviq7GUOd=CY0O9P4FvRyW9wGZw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_5400382_65396450.1625410821714"
X-Mailer: WebService/1.1.18469 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/SXZRKi-XQhwfTEiPSrPCm5F-GOI>
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Jul 2021 15:00:48 -0000

 Hi Mohit,
Thanks for your comments.  I am one of the co-authors of the PDMv2 draft.
PDM provides important information on the server delay, round-trip delay, and correlating the flow packets. In PDMv2, we have also added a new metric called the global pointer, which provides information on the amount of traffic being processed at the sender node.
We think that PDMv2, with all its useful data, should provide encryption as well as integrity because it is possible for a malicious intermediate node to mislead the destination with modified data.
Thanks,Ameya Deshpande



    On Sunday, 4 July, 2021, 9:33:57 am IST, Mohit P. Tahiliani <tahiliani.nitk@gmail.com> wrote:  
 
 Greetings!

I am new to the IPPM list but I have been following the conversation on IOAM integrity: https://github.com/inband-oam/ietf/pull/222

I am wondering why you have chosen to do confidentiality (encryption of the data) as well as integrity.

Thanks,Mohit P. Tahiliani
On Thu, Jul 1, 2021 at 11:15 PM nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote:

IPPM,

Please do take a look at this draft.

I think that iOAM will need encryption as well.   We have spent quite a bit of time thinking over these issues.  We even have 2 cryptographers from Italy involved as co-authors.   I want to do a side meeting where we can have quite a bit more time to discuss this but would love to have comments from the group on the list.

I am very reluctant to push PDM out to the wider world without encryption.  I feel that we will become the attacker's best friend.
We have modified the Linux kernel to include PDM but as I say, without encryption, we do not wish to release.


Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360






On Tuesday, June 1, 2021, 09:06:39 AM PDT, nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote: 





Hello IPPMers!

We have just posted a new draft to encrypt PDM data.   We feel that this is an important feature to add before promoting widespread adoption of PDM.

We would appreciate any thoughts or comments from the group.

Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360






----- Forwarded Message -----

From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
To: mackermann@bcbsm.com <mackermann@bcbsm.com>om>; Adnan Rashid <adnan.rashid@unifi.it>it>; Ameya Deshpande <ameyanrd@gmail.com>om>; Michael Ackermann <mackermann@bcbsm.com>om>; Nalini Elkins <nalini.elkins@insidethestack.com>om>; Tommaso Pecorella <tommaso.pecorella@unifi.it>
Sent: Tuesday, June 1, 2021, 12:01:47 PM EDT
Subject: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt



A new version of I-D, draft-elkins-ippm-encrypted-pdmv2-00.txt
has been successfully submitted by Nalini Elkins and posted to the
IETF repository.

Name:        draft-elkins-ippm-encrypted-pdmv2
Revision:    00
Title:        Encrypted IPv6 Performance and Diagnostic Metrics Version 2 (EPDMv2) Destination Option
Document date:    2021-06-01
Group:        Individual Submission
Pages:        16
URL:            https://www.ietf.org/archive/id/draft-elkins-ippm-encrypted-pdmv2-00.txt
Status:        https://datatracker.ietf.org/doc/draft-elkins-ippm-encrypted-pdmv2/
Htmlized:      https://datatracker.ietf.org/doc/html/draft-elkins-ippm-encrypted-pdmv2


Abstract:
  RFC8250 describes an optional Destination Option (DO) header embedded
  in each packet to provide sequence numbers and timing information as
  a basis for measurements.  As this data is sent in clear- text, this
  may create an opportunity for malicious actors to get information for
  subsequent attacks.  This document defines PDMv2 which has a
  lightweight handshake (registration procedure) and encryption to
  secure this data.  Additional performance metrics which may be of use
  are also defined.

                                                                                  


The IETF Secretariat




_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm