IETF Logo Mail Archive

Re: [ippm] Zaheduzzaman Sarker's Discuss on draft-ietf-ippm-ioam-direct-export-09: (with DISCUSS)

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Mon, 19 September 2022 12:54 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89071C14F720; Mon, 19 Sep 2022 05:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LIIdeUP1zwyr; Mon, 19 Sep 2022 05:54:55 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF7F1C1524B9; Mon, 19 Sep 2022 05:54:35 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id s6so35560330lfo.7; Mon, 19 Sep 2022 05:54:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date; bh=83NPTKYm2T6G7zZ4hk5txL6dl5BQyhCFoVsa7kXpQGo=; b=Y/jKvMgkifXQSt/OmfpRqdk9oVzF8T5b/VWYNy6npsn5u+w+12kkmMI8Fruq0Oy4x5 vLE3pOkNDKI+8QkVsFJmhYXx6Rr4B/a+rf5B3pe6r8AZW5geR48S504vBWPBBRRtfqaZ tbXjjed/d021YNBJhm7xoxRTyKAWkMa0IIEra6flV1lCX6iWMrWtsQGwyWJDjapdiiBz bZe/SnD95yxmvm2ISMCvXPGMGjjPPk+n9pb+3VU03bW4lQbnl4f8ouqnl2jgpeS6iQOn y618KqA4zlaWUFeSNtVyiyI1xRqux16K0XLx/6/jDwdtbkjMpb8T8HChVMQGojdY8mZo Df0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=83NPTKYm2T6G7zZ4hk5txL6dl5BQyhCFoVsa7kXpQGo=; b=VNHnMSyfbytLIyfPqTmCrK/kqB5j9rYz1bMo2lqycONw7FP3cAtbxkQfJtd5msYKXm z2OSpHG4pS28pTR1+bVV5oqDhNLlX+uM8Yp5ya6viJHX3+gDkHwsQOoHfOL9jKASy/nM +5TkenAm821at1hEcjHydhfqjhozr30133s+U6SZpVKjBjVZyF+pm7y+rYvx0zWZLHZd ryfftJVKlDNz8ck+2Xa+g+rU0nwXxZ23nXUjGvfv1o6Vb/Ju8/ntfvrS2QLd5WidDugH h3fLqOvQomnH6tx1LB53bASFPnyccsRxS3MZ7P0CuOkF6/DidLkZrIXCgdkz17qBQpuX BpUA==
X-Gm-Message-State: ACrzQf2zRqZWwv9UWz59ZdheptVjFIOc+oVQiYFObfWWZ78WW78BRbpi 8vvPcp4wluNJNpWe1UAaT42kKn+TME+p1x1CuPI=
X-Google-Smtp-Source: AMsMyM5ufDVyPQ9/9hkKZlR0j3S32dkuqD5pRdVa54CVLWUHjBEZIGzvMpuRw0ufcWS+IAX52Jr2qsDao5d4vO9tlD0=
X-Received: by 2002:a05:6512:2207:b0:496:db23:c2a3 with SMTP id h7-20020a056512220700b00496db23c2a3mr5833355lfu.447.1663592073172; Mon, 19 Sep 2022 05:54:33 -0700 (PDT)
MIME-Version: 1.0
References: <165653760608.27520.5309528880057245173@ietfa.amsl.com> <CABUE3Xnz+xg0y2whG0_gZzuxT6Ys9Ad+LDtSmbCaXMvWKEnMVA@mail.gmail.com> <26CD61B5-BDE8-484C-ACD9-5C1C451E2F69@ericsson.com> <CABUE3XmrqdUfG2OYsE=Lc4-QknaE7Qhb47VjsX6MoZx1cW-_zw@mail.gmail.com> <783A4A80-6E31-4A09-BD79-596DB79ADB4D@ericsson.com>
In-Reply-To: <783A4A80-6E31-4A09-BD79-596DB79ADB4D@ericsson.com>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Mon, 19 Sep 2022 15:54:21 +0300
Message-ID: <CABUE3XkxeC65u57EZUz+iQygsTrCTMMwdE4CMM_V+ZooD2ziLA@mail.gmail.com>
To: Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-ippm-ioam-direct-export@ietf.org" <draft-ietf-ippm-ioam-direct-export@ietf.org>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, "tpauly@apple.com" <tpauly@apple.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/_8nKytv0W_xYfAm38R-nX-zA8lg>
Subject: Re: [ippm] Zaheduzzaman Sarker's Discuss on draft-ietf-ippm-ioam-direct-export-09: (with DISCUSS)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2022 12:54:59 -0000

Hi Zahed,

I propose the following text edit. Given that this is a general
requirement and the specific exporting method is not within the scope
of this document, I believe the following change seems reasonable.

OLD:
Although the exporting method is not within the scope of this
document, any exporting method MUST secure the exported data from the
IOAM node to the receiving entity.  Specifically, an IOAM node that
performs DEX exporting MUST send the exported data to a pre-
configured trusted receiving entity that is in the same IOAM domain
as the exporting IOAM node.  Furthermore, an IOAM node MUST gain
explicit consent to export data to a receiving entity before starting
to send exported data.
NEW:
Although the exporting method is not within the scope of this
document, any exporting method MUST secure the exported data from the
IOAM node to the receiving entity, in order to protect the confidentiality and
guarantee the integrity of the exported data. Specifically, an IOAM node that
performs DEX exporting MUST send the exported data to a pre-
configured trusted receiving entity that is in the same IOAM domain
as the exporting IOAM node.  Furthermore, an IOAM node MUST gain
explicit consent to export data to a receiving entity before starting
to send exported data.

Cheers,
Tal.

On Mon, Sep 19, 2022 at 12:14 PM Zaheduzzaman Sarker
<zaheduzzaman.sarker@ericsson.com> wrote:
>
> I have noticed that paragraph, however,  I didn’t interpreted that immediately to use of secure connection in that paragraph. May be we should be a bit more specific/descriptive about what is included in the "secure the export of data”.
>
> //Zahed
>
> > On 15 Sep 2022, at 17:12, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
> >
> > Hi Zahed,
> >
> >
> > On Sun, Sep 11, 2022 at 8:37 PM Zaheduzzaman Sarker
> > <zaheduzzaman.sarker@ericsson.com> wrote:
> >
> >> This is good. I haven’t noticed any requirements on exporting over a secure connection to and trusted destination in this specification. I may have missed this, could you please point me to that?
> >
> >
> > Yes, the following paragraph addresses this topic:
> >
> >   Although the exporting method is not within the scope of this
> >   document, any exporting method MUST secure the exported data from the
> >   IOAM node to the receiving entity.  Specifically, an IOAM node that
> >   performs DEX exporting MUST send the exported data to a pre-
> >   configured trusted receiving entity that is in the same IOAM domain
> >   as the exporting IOAM node.  Furthermore, an IOAM node MUST gain
> >   explicit consent to export data to a receiving entity before starting
> >   to send exported data.
> >
> > Cheers,
> > Tal.
> >
> > On Sun, Sep 11, 2022 at 8:37 PM Zaheduzzaman Sarker
> > <zaheduzzaman.sarker@ericsson.com> wrote:
> >>
> >>
> >>
> >>> On 18 Aug 2022, at 15:16, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
> >>>
> >>> Dear Zahed,
> >>>
> >>> Thanks for the comments.
> >>>
> >>> Here is an  updated version of the draft:
> >>> https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-1191a6b94b1b8ef3&q=1&e=832af60a-d8a4-4ce6-b114-803e40c69f48&u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ippm-ioam-direct-export%2F
> >>>
> >>> Regarding the following DISCUSS point:
> >>>
> >>> [snip]
> >>>> Thanks to Colin Perkins for his valuable TSVART review. I find the TSVART early
> >>>> reviewer's concern on rate limiting the exported traffic triggered by DEX
> >>>> Option-type as only protection mechanism
> >>>> (https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-f1a8e03896e17207&q=1&e=832af60a-d8a4-4ce6-b114-803e40c69f48&u=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Ftsv-art%2F1WNgYWGJmxLd4f3RAiDk-LJ-S8Y%2F)
> >>>> very valid but haven't seen it addressed. In this discuss, I would like to
> >>>> bring back attention to that concern and would like to discuss why there should
> >>>> not be a circuit breaker kind of functionality required here?
> >>> [snip]
> >>>
> >>> The rate limiting is just one of the security measures in this
> >>> document. There was a long discussion in the IPPM working group about
> >>> amplification attacks and how to mitigate them:
> >>> https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-85de22596797bb61&q=1&e=832af60a-d8a4-4ce6-b114-803e40c69f48&u=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fippm%2FPyfokOEsBBCTtRdNYG-Vr-674Nw%2F
> >>> https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-a9aaeff04156da3d&q=1&e=832af60a-d8a4-4ce6-b114-803e40c69f48&u=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fippm%2FJNiX94A7fN6tUPsA-VQizQEBWms%2F
> >>>
> >>> Following this discussion, what we came up with in order to mitigate
> >>> these attacks is a combination of the following components:
> >>> - Rate limiting (1/N) at the encap node.
> >>> - Export traffic rate limiting (1/N) at the exporting node.
> >>> - No exporting over DEX-enabled tunnels.
> >>> - The DEX option is not pushed into packets that already include an IOAM encap.
> >>> - Exporting over a secure connection to a trusted destination.
> >>>
> >>> We believe that this combination of components, which are discussed in
> >>> the document, provides reasonable measures to address the threat.
> >>
> >> This is good. I haven’t noticed any requirements on exporting over a secure connection to and trusted destination in this specification. I may have missed this, could you please point me to that?
> >>
> >> //Zahed
>

v2.14.0 | Report a Bug | By Email