Re: [ippm] Kathleen Moriarty's No Objection on draft-ietf-ippm-2679-bis-04: (with COMMENT)
"MORTON, ALFRED C (AL)" <acmorton@att.com> Thu, 20 August 2015 13:14 UTC
Return-Path: <acmorton@att.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 335121ACE40; Thu, 20 Aug 2015 06:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id emMR0dAZJFc1; Thu, 20 Aug 2015 06:14:54 -0700 (PDT)
Received: from mail-pink.research.att.com (mail-pink.research.att.com [204.178.8.22]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6571ACE2B; Thu, 20 Aug 2015 06:14:44 -0700 (PDT)
Received: from mail-blue.research.att.com (unknown [135.207.178.11]) by mail-pink.research.att.com (Postfix) with ESMTP id 7062B1234D3; Thu, 20 Aug 2015 09:39:23 -0400 (EDT)
Received: from exchange.research.att.com (njfpsrvexg0.research.att.com [135.207.240.40]) by mail-blue.research.att.com (Postfix) with ESMTP id E41C1F0484; Thu, 20 Aug 2015 09:14:40 -0400 (EDT)
Received: from NJFPSRVEXG0.research.att.com ([fe80::108a:1006:9f54:fd90]) by NJFPSRVEXG0.research.att.com ([fe80::108a:1006:9f54:fd90%25]) with mapi; Thu, 20 Aug 2015 09:14:40 -0400
From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Date: Thu, 20 Aug 2015 09:14:40 -0400
Thread-Topic: Kathleen Moriarty's No Objection on draft-ietf-ippm-2679-bis-04: (with COMMENT)
Thread-Index: AdDazj7deX5ohMs5Q5+UeCjcDdzc/QAd380wAAD70KA=
Message-ID: <4AF73AA205019A4C8A1DDD32C034631D09A003DE0A@NJFPSRVEXG0.research.att.com>
References: <20150819222713.20431.20468.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ippm/bwozkq08jBd2f7Tbgtdp8HL0Iko>
Cc: Bill Cerveny <ietf@wjcerveny.com>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "draft-ietf-ippm-2679-bis@ietf.org" <draft-ietf-ippm-2679-bis@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
Subject: Re: [ippm] Kathleen Moriarty's No Objection on draft-ietf-ippm-2679-bis-04: (with COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2015 13:14:56 -0000
Something went wrong in cut/paste, so here's the text I propose: Collecting measurements or using measurement results for reconnaissance to assist in subsequent system attacks is quite common. Access to measurement results, or control of the measurement systems to perform reconnaissance should be guarded against. See Section 7 of <xref target="I-D.ietf-lmap-framework" (security considerations of the LMAP Framework) for system requirements that help to avoid measurement system compromise. > -----Original Message----- > From: MORTON, ALFRED C (AL) > Sent: Thursday, August 20, 2015 8:45 AM > To: 'Kathleen Moriarty'; The IESG > Cc: Bill Cerveny; ippm-chairs@ietf.org; draft-ietf-ippm-2679- > bis@ietf.org; ippm@ietf.org > Subject: RE: Kathleen Moriarty's No Objection on draft-ietf-ippm-2679- > bis-04: (with COMMENT) > > Hi Kathleen, > > > -----Original Message----- > > From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com] > > Sent: Wednesday, August 19, 2015 6:27 PM > > To: The IESG > > Cc: Bill Cerveny; ippm-chairs@ietf.org; draft-ietf-ippm-2679- > > bis@ietf.org; ippm@ietf.org > > Subject: Kathleen Moriarty's No Objection on draft-ietf-ippm-2679-bis- > > 04: (with COMMENT) > > > > Kathleen Moriarty has entered the following ballot position for > > draft-ietf-ippm-2679-bis-04: No Objection > > > ... > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-ippm-2679-bis/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I support Alissa's discuss. > > > > Alissa's comment reads as being more focused on privacy considerations > > and this point should be expanded to consider operational security > > considerations that have been around for a long time, but were not in > > the original text of this RFC. Collecting measurement data or using > > measurement data for reconnaissance to later attack systems is quite > > common. Access to this data or the ability to use measurement > > techniques to do reconnaissance activity should be guarded agist or at > > least noted as a security consideration. When you look at text to > > address her comment, please expand it to include this operational > > security consideration as it is a very real and present threat. This > > is pretty much the same as my discuss on the other IPPM draft. > > > > [ACM] > There are some useful ideas here that can go into a note (for both > drafts). > Something like: > > --- > Collecting measurements or using measurement results for reconnaissance > to assist in subsequent system attacks is quite common. Access to > measurement results, or control of the to use measurement systems to do > perform reconnaissance should be guarded against. > See Section 7 of <xref target="I-D.ietf-lmap-framework" > (security considerations for the LMAP Framework) for system requirements > that help to avoid measurement system compromise. > --- > > Because we're guarding against access, we have a real recommendation we > can make and a lot of prior study to draw upon. > I don't think we need another memo for this aspect, the LMAP Security > considerations cover system access security very well. > > > I was struggling with the case where the attacker builds their own > measurement system, measures metrics, and uses the results (so far, > that's exactly what I do everyday), to assist a later attack. > There doesn't seem to be anything productive we can say about attacker's > purpose-built systems, and I doubt there's any value for attackers to > say that their measurement system conforms to RFC 2679 bis. > > Let me know if you have suggestions on the text above, Al > >
- [ippm] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [ippm] Kathleen Moriarty's No Objection on dr… MORTON, ALFRED C (AL)
- Re: [ippm] Kathleen Moriarty's No Objection on dr… MORTON, ALFRED C (AL)
- Re: [ippm] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [ippm] Kathleen Moriarty's No Objection on dr… MORTON, ALFRED C (AL)
- Re: [ippm] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty