[ippm] Re: IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
Greg Mirsky <gregimirsky@gmail.com> Tue, 14 May 2024 18:07 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F7EC18DB94 for <ippm@ietfa.amsl.com>; Tue, 14 May 2024 11:07:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5OiMP6EXDps for <ippm@ietfa.amsl.com>; Tue, 14 May 2024 11:07:22 -0700 (PDT)
Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9157C13632F for <ippm@ietf.org>; Tue, 14 May 2024 11:07:22 -0700 (PDT)
Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-dee72970df8so2466747276.0 for <ippm@ietf.org>; Tue, 14 May 2024 11:07:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715710042; x=1716314842; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Xl2aE14yJThGRsmVVbC8lRVkeGyBjFWz3CVg9Cg0Bl0=; b=hQSThCwy1MHL8z6x4fEVtC0yPFuvH8UWbiO8aY0VAkBpDbtXI9QOuqGe4Z6VB1B0AE JQmgyIg2F6cWPTJuZ+wFp9jnshaaCvbFsa50iaNQxNvC82cNEDDoB66xGRMPLqr9IXua W4pYmsncFM+wfIJZ+OkSFludkp/MclCBcRvDnN/iDHXNkdJVR4A3Rpq2RirUYqXKicFs f2BK6r7JuV87bU0AOT34OmvKWZZhpCbiG7kp14tacz7MTckircMuCoSBh8NULk0AmmQq PxFhnfjeODGAZvgtM5n0PnJn5gq8zZABbDjagZhMekX/lt5pq7av43l1MTWv8226p6az Zetg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715710042; x=1716314842; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Xl2aE14yJThGRsmVVbC8lRVkeGyBjFWz3CVg9Cg0Bl0=; b=MTMBrfdIJ9jk9TK361+oMS7VzywKDM/wa5QQF4Cog4RkRSbKqcnEIYnJuwLMvDzO+Z V9ZaCTCATRqBBI5SqswgkTG/aiX1hLdGW8aLKfCrr4a7EVx78PFY71SeOwTDRC3AozyM fmqFBL9clrLp/vz+nYWJejJY/kTubOT5Kolozndwifn6fr/wkaKmlszVkqFF2r6+3RAB WzAACqTeSG1MryN4qiTsmS+jJaS+PD7WhfRuDjSlCaheNMLLg0SfgfnFjFeuAhUXyw75 dCEqlF4u33//qlI4YLjhESEEp+A0Swca/IQ6401NGHcnoDYm+ZRKjL6dSPcxazgGbYAV hwuA==
X-Forwarded-Encrypted: i=1; AJvYcCUmiNMq2Eji2yCpk75JIfK11BBWw+hxg+gzBjzs7wCk7NMioo16ALWYqPPdbXG//Crmwk79nFLKcpIvv1AX
X-Gm-Message-State: AOJu0YxLnWsI35TaMUHQ6kExmpF38qG5mfMXYiqAG6GbHIW6PSzkH+K7 qYfTzLGvSyZPbpeio/Ot3SNnORwBEQDhxDTpvMGjaN84dx7i+DNKJZYOG9rwtqc9O0uW+SAcUoI CtCRyaKr6UHJ5AVaS7mzkzNzUMva6A2lB
X-Google-Smtp-Source: AGHT+IETIEObgu6VunspfimCsCa2X0dt3nQI8i15vwlNZibBGvR6Y7p8qAmSBIZJfnBy+ZJs1+4Gj0ytcsLsJyyHPVs=
X-Received: by 2002:a25:b20e:0:b0:dc6:db56:eb6a with SMTP id 3f1490d57ef6-debcfc3533dmr12537040276.28.1715710041822; Tue, 14 May 2024 11:07:21 -0700 (PDT)
MIME-Version: 1.0
References: <EB9C8A72-2118-4D5F-8A49-BB6CC327297F@apple.com> <CABUE3Xm+9Tbx9Pn0rdtuqoRsOQuR4cdUjMzqb2pOsQLqyrn_VQ@mail.gmail.com>
In-Reply-To: <CABUE3Xm+9Tbx9Pn0rdtuqoRsOQuR4cdUjMzqb2pOsQLqyrn_VQ@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 14 May 2024 11:07:10 -0700
Message-ID: <CA+RyBmUZNyT-iJyXGv-qeeknK3MXz7oKQrr=hnzffQY7HKrFPw@mail.gmail.com>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000949e3a06186ddf9b"
Message-ID-Hash: RC7J3GLEDVX7PYXN2JMCIGEZJ62SRZTF
X-Message-ID-Hash: RC7J3GLEDVX7PYXN2JMCIGEZJ62SRZTF
X-MailFrom: gregimirsky@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ippm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [ippm] Re: IPPM adoption call for draft-mirsky-ippm-asymmetrical-pkts
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/ZdnBTRK9kA6XW5a4n4-IRDrM5K8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Owner: <mailto:ippm-owner@ietf.org>
List-Post: <mailto:ippm@ietf.org>
List-Subscribe: <mailto:ippm-join@ietf.org>
List-Unsubscribe: <mailto:ippm-leave@ietf.org>
Hi Tal, thank you for your suggestions and references to the comprehensive security analysis of IOAM and related use cases. The new STAMP extension defined in the draft might be used, as it is noted in Section 4, as a new DDoS attack vector. Among potential scenarios are those listed below: - Spoofed STAMP test packets that include Reflected Test Packet Control and Return Path (RFC 9503) TLVs. To mitigate that risk, we note that HMAC TLV can be required if the domain is not trusted. - Attacking MiM might be intercepting STAMP test packets and altering content of Reflected Test Packet Control TLV. That seems similar to the scenario above, that can be mitigated by including HMAC TLV as well. - Human error, e.g., requesting too many and/or too frequent reflected STAMP test packets. We added the requirement that an implementation must control rate of reflected packets and if the parameters in Reflected Test Packet Control TLV exceed limits then the Session-Reflector acts as described in Section 2: If a Session-Reflector that recognizes the Reflected Test Control TLV cannot sustain the transmission of reflected test packets at the interval requested in the Interval Between the Reflected Packets field on the received TLV, the Session-Reflector MUST set the U flag [RFC8972] to 1, and MUST transmit a single reflected packet. Otherwise, the Session-Reflector MUST set the U flag to 0 in each of reflected test packets. - And here we come to the question of mitigating the risk of excessive packet reflection. We consider that the task of controling the reflection process is the task of a Session-Reflector, not the Session-Sender. We propose adding the following text in Security Consideration as a second paragraph: Furthermore, a DoS attack using the Reflected Test Packet Control TLV might target the STAMP Session-Reflector by overloading it with test packet reflection, e.g., extremely small intervals and/or too many concurrent test sessions. To mitigate that, an implementation that supports the new TLV MUST control the rate and volume of reflection of STAMP test packets by the Session-Reflector. What are your thoughts? Regards, Greg On Thu, Apr 11, 2024 at 6:56 AM Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote: > Hi, > > I believe that an asymmetric exchange in STAMP has value, and > therefore I support the adoption of this document. > I share the concerns raised on this thread regarding the potential of > amplification attacks, and I believe this will need to be resolved, > but not necessarily before WG adoption. > > I have the following suggestions about mitigating the amplification > concerns: > - The security considerations section should be more detailed and > discuss the potential for amplification and DDoS attacks, including an > upper bound on the order of magnitude of amplification. > - The "Number of the Reflected Packets" and "Interval Between the > Reflected Packets" should be reconsidered. Maybe consider a way to > limit them to a sufficiently small "Number" and large "Interval". > - Regarding amplification and how to mitigate it, you may want to take > a look at RFC9322 and RFC9326, as we had many discussions about > amplification when we were working on these documents. > > Cheers, > Tal. > > On Tue, Apr 9, 2024 at 7:37 PM Tommy Pauly > <tpauly=40apple.com@dmarc.ietf.org> wrote: > > > > Hello IPPM, > > > > This email starts an adoption call for > draft-mirsky-ippm-asymmetrical-pkts. This is a document we’ve discussed > several times, and is a normative dependency for another document we > discussed adopting at IETF 119, draft-gandhi-ippm-stamp-ext-hdr. > > > > You can find the draft here: > > https://datatracker.ietf.org/doc/draft-mirsky-ippm-asymmetrical-pkts/ > > > https://www.ietf.org/archive/id/draft-mirsky-ippm-asymmetrical-pkts-04.html#name-reflected-test-packet-control > > > > Please review the draft and respond to this email to indicate if you > think IPPM should adopt this document as a working group item. > > > > This call will last for 3 weeks. Please reply by Tuesday, April 30. > > > > Best, > > Tommy & Marcus > > _______________________________________________ > > ippm mailing list > > ippm@ietf.org > > https://www.ietf.org/mailman/listinfo/ippm > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm >
- [ippm] IPPM adoption call for draft-mirsky-ippm-a… Tommy Pauly
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Ernesto Ruffini
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Sebastian Moeller
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Giuseppe Fioccola
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Rakesh Gandhi
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tal Mizrahi
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… xiao.min2
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Footer Foote (Nokia)
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Bjørn Ivar Teigen
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Ruediger.Geib
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Henrik Nydell (hnydell)
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tommy Pauly
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- [ippm] Re: IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Greg Mirsky
- Re: [ippm] IPPM adoption call for draft-mirsky-ip… Tianran Zhou
- [ippm] Re: IPPM adoption call for draft-mirsky-ip… Tal Mizrahi