Re: [ippm] Adam Roach's Discuss on draft-ietf-ippm-twamp-yang-11: (with DISCUSS and COMMENT)

Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 29 June 2018 19:19 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B32E3130E03; Fri, 29 Jun 2018 12:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09XEPi0VEnFA; Fri, 29 Jun 2018 12:19:57 -0700 (PDT)
Received: from mail-pl0-x22b.google.com (mail-pl0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11BC9130DE0; Fri, 29 Jun 2018 12:19:57 -0700 (PDT)
Received: by mail-pl0-x22b.google.com with SMTP id z9-v6so4902329plo.1; Fri, 29 Jun 2018 12:19:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=1HV/CxdmnmzxoSe2mT6edXkbhdCJW/n64YS4nZwFQbY=; b=ReIvj3ajQAQqqbU9KXKdqgzi9ZnSN6q6udVtyM7zJI3IViXUSNQuaA53waMff8ZQHt il5zbwLasGjPfVXFWMQgcm92pcW3viwi0wrefFl3nNzHZLwuQ1438Dktt4y6OElsvpgN k9B2otpxOGCTAZpyxSdYZC/kJmTr/FiUo4znv8/wXavgPwBGmRDt/KqE7qfyEoHXXE/2 L4J0aYy6gAYrcvw+Kz4HTVmCM9Mv6YHRm1+HMBlGGlZ9qZCYWm9TeFI+E5ySJNukXVnR CUv3RLqGp50F7+TefKlB2qD2FIYYmtirX6fSF1sWQrLUAX+i+Hwoq75cxGNGHcGogasY vX2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=1HV/CxdmnmzxoSe2mT6edXkbhdCJW/n64YS4nZwFQbY=; b=hMeSrmgSytFkr1Q7kELYjYnPqnu9XriNlAreCQ0DuzOF4mahsDkXryR9o0fmPl/XRO tGPf5Pip5ZwhSK/PuS0tUxJZ9sJ1UxdN1TKHogJgZ1IV8MAiSG3rA0ash3BaHM/+99Jr lgXo5bOhmIB6QtTQnBlTsdmtFldOg0msfzccAXklimONY6B3u23e2VtRsvJj2xo+j9Ej VMgi8uhOhzBMWWZCXiuBPefGAwY1wfV4InVflCO2aOU94YnXFnkjFFVDVOr50FCgDd1j iuWg22MRxGqWtrUrk5XVCDxKd/PEYOHjajsogibPhqF9WsPVUaRJn2R33Vea0amnEQBZ Y+6w==
X-Gm-Message-State: APt69E0/k5Fgiysx2JRr6agj44slxEaJt+O305BS5E4b90IWMDOrYShV zLfTJb2lkVe7D0UVVrdkQTg=
X-Google-Smtp-Source: ADUXVKJ4iBKEKFVKHv96Q6p8B7QtVpqi9cgTo+0Ikwe1qt4hyAIpH9A4cGDrnKNe9OnQ/q01gp2+OQ==
X-Received: by 2002:a17:902:5602:: with SMTP id h2-v6mr16302181pli.314.1530299996590; Fri, 29 Jun 2018 12:19:56 -0700 (PDT)
Received: from ?IPv6:2601:647:4700:1280:1438:4517:4b81:9c47? ([2601:647:4700:1280:1438:4517:4b81:9c47]) by smtp.gmail.com with ESMTPSA id y15-v6sm14552365pfm.136.2018.06.29.12.19.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jun 2018 12:19:55 -0700 (PDT)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <5C8A4F3E-3FE0-4EBB-8A60-C974769DBB0C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7F454495-C560-41AF-8999-169792A5203E"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Fri, 29 Jun 2018 12:19:53 -0700
In-Reply-To: <CAKKJt-enitr0uC37-x3dJR13o4Ju-3b3SSjyR_qo=rGi1v=Dyg@mail.gmail.com>
Cc: Adam Roach <adam@nostrum.com>, ippm-chairs@ietf.org, draft-ietf-ippm-twamp-yang@ietf.org, The IESG <iesg@ietf.org>, ippm@ietf.org, Nalini Elkins <nalini.elkins@insidethestack.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
References: <152955610162.28620.13249468338471662781.idtracker@ietfa.amsl.com> <063FD288-AF03-43B0-A519-5BFE418D3DC0@gmail.com> <CAKKJt-enitr0uC37-x3dJR13o4Ju-3b3SSjyR_qo=rGi1v=Dyg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/fWFXLn9GCwcg67NJkEENh5yPjdY>
Subject: Re: [ippm] Adam Roach's Discuss on draft-ietf-ippm-twamp-yang-11: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 19:20:00 -0000

Hi Spencer,

> On Jun 29, 2018, at 8:08 AM, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> wrote:
> 
> Hi, Manesh, 
> 
> On Fri, Jun 22, 2018 at 2:14 PM Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>> wrote:
> Hi Adam,
> 
> > On Jun 20, 2018, at 9:41 PM, Adam Roach <adam@nostrum.com <mailto:adam@nostrum.com>> wrote:
> > 
> > Adam Roach has entered the following ballot position for
> > draft-ietf-ippm-twamp-yang-11: Discuss
> > 
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> > 
> > 
> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html <https://www.ietf.org/iesg/statement/discuss-criteria.html>
> > for more information about IESG DISCUSS and COMMENT positions.
> > 
> > 
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-ippm-twamp-yang/ <https://datatracker.ietf.org/doc/draft-ietf-ippm-twamp-yang/>
> > 
> > 
> > 
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> > 
> > Thanks for the work and thought that everyone involved in this document spent. I
> > find the model well described and easy to understand.
> > 
> > I agree with Ben's comments about including more information about the privacy
> > and security properties of specific entities in the module. See
> > https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines <https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines> for specific
> > guidance.
> > 
> > Since this conflicts with normative language in RFC 6087 §3.4 (and 6087bis
> > §3.7), it is a blocking defect that needs to be remedied prior to publication.
> 
> I have added more nodes in the Security Considerations section.
> 
> I'm not the Adam Interpreter, but I'm seeing considerable new discussion about the MTI security for NETCONF and RESTCONF, and about what happens if writable nodes are modified by an attacker. Thank you for that. 
> 
> Adam said in his Discuss that he was agreeing with Ben's comments on this topic, and Ben's comments included this question: 
> 
>  Are there no nodes that are privacy (or otherwise) sensitive when just readable?
> 
> I didn't see any new text about this. Are there privacy-sensitive read-only nodes?

I took another look at nodes that are marked read-only in the YANG module. These nodes include session state, sent and receive packet count, last sequence number received or transmitted, start time, repeat count, tcp/ip address and port numbers etc. Nothing jumped out as particularly privacy sensitive.

One field that did catch my attention was the ‘token’ field, which is defined as "This parameter holds the 64 octets containing the concatenation of a 16-octet Challenge, a 16-octet AES Session-key used for encryption, and a 32-octet HMAC-SHA1 Session-key used for authentication; see also the last paragraph of Section 6 in RFC 4656.”

I am not a security expert, and do not know if being able to read this or other read-only information is sufficient in itself to launch an attack or disrupt an existing or new session. Maybe somebody from SEC-DIR can comment on it. If it is, I would be happy to add some text around it. 

> 
> Thanks,
> 
> Spencer

Mahesh Jethanandani
mjethanandani@gmail.com