Re: [ippm] Questions on draft-morton-ippm-capacity-metric-protocol-01
"MORTON JR., AL" <acmorton@att.com> Thu, 21 October 2021 20:26 UTC
Return-Path: <acmorton@att.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA65B3A0A88 for <ippm@ietfa.amsl.com>; Thu, 21 Oct 2021 13:26:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.788
X-Spam-Level:
X-Spam-Status: No, score=-1.788 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jiy9rGRLJKnl for <ippm@ietfa.amsl.com>; Thu, 21 Oct 2021 13:26:45 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EDC13A0A84 for <ippm@ietf.org>; Thu, 21 Oct 2021 13:26:44 -0700 (PDT)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.1.2/8.16.1.2) with SMTP id 19LKQOHQ003381; Thu, 21 Oct 2021 16:26:42 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049462.ppops.net-00191d01. with ESMTP id 3buf89g0a4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Oct 2021 16:26:42 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 19LKQekn015014; Thu, 21 Oct 2021 16:26:41 -0400
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [135.47.91.177]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 19LKQcVl014958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 21 Oct 2021 16:26:38 -0400
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [127.0.0.1]) by zlp30486.vci.att.com (Service) with ESMTP id 21E614067503; Thu, 21 Oct 2021 20:26:38 +0000 (GMT)
Received: from GAALPA1MSGEX1AD.ITServices.sbc.com (unknown [135.50.89.99]) by zlp30486.vci.att.com (Service) with ESMTP id B56B44067500; Thu, 21 Oct 2021 20:26:37 +0000 (GMT)
Received: from GAALPA1MSGED2BA.ITServices.sbc.com (135.50.89.126) by GAALPA1MSGEX1AD.ITServices.sbc.com (135.50.89.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14; Thu, 21 Oct 2021 16:26:37 -0400
Received: from GAALPA1MSGETA02.tmg.ad.att.com (144.160.249.124) by GAALPA1MSGED2BA.ITServices.sbc.com (135.50.89.126) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14 via Frontend Transport; Thu, 21 Oct 2021 16:26:37 -0400
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.40) by edgeal2.exch.att.com (144.160.249.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.14; Thu, 21 Oct 2021 16:26:13 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oOYqTbJ/pydfHOveK+oA8Vi5Wwygh6xPdVYXp4TBrfvZ0GoLYjkBAKkxRaVt3EQHZnXBO62sJ81daozI4XRFCvlf41+XU/SCUJErAk6zA8oPRJLfmJjK/K+B1IHZWKs7n/j4ffCYO/xf7qmW1IdkL1RqR36cVhK+q3353Y+U7BdaEYC7xWhaLVJBkyfzWjIyw9/Vnvdb1hKxlc/TqQ5jtcuoIJ+ZS6NK7kOSk1Iug//Gd91BxffD4yNoGMUxZ4mjwu/a4lG4x4x9klpAYYTIVjTqvnxREmR9LUqcr5pUupsdh7nan5NLQZjCB7+dR4Uxf8ztg5t+cphKC4GzYK7wMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WsCishGOav0vjxBFxi85kUIXBexiv7+Xyc5u34eBvuY=; b=cSpc9lRS3opPuy+cgUNcGDmCdI3l9qSpZ956QOjt3+XnzoSNk7TJmNx/fKcN+yuyjP5pYGR7wA780M2ejhNfxVrgDyS0Dauo9VaL3IhxI3qdjOwkr9lRqnoqzrfPtw+QMnfGyHo85AbucJJXd8K7AZ2KWAPf3nXPgrYh4bhQNE5H/GHPSqXsurEOyg6SsDYU2UPAB73igkzzlv+dBsnT6p83krO/QQxyp51kK9T5CpQPfs8iRUYA4rjx2/mDiVs6pOw7PMojK7uyrw18xBNJda6vrnDdnhgFJHCbpZDPJvpIzV8nCrD8AFJH4a8CswZPU4YWJMLRVLtNX8PnldgR7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WsCishGOav0vjxBFxi85kUIXBexiv7+Xyc5u34eBvuY=; b=k8qBpmMQD44tyZzNW2/g/R0jjAPGCaiwki6iOFXAMIRRzh9ZhNYjk7fVNWoBhrPdBF0KkBLt180ixKW36+ZckZ1WYQITMYL0+t733wZiTr/vjfpjqVUdSYwZ4Z9T8IUeMDVOmAm6tvegJPLSQsclTs23hxeaPqS/EcdwWHBuJbk=
Received: from SJ0PR02MB7853.namprd02.prod.outlook.com (2603:10b6:a03:32e::8) by BYAPR02MB5032.namprd02.prod.outlook.com (2603:10b6:a03:71::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.15; Thu, 21 Oct 2021 20:26:11 +0000
Received: from SJ0PR02MB7853.namprd02.prod.outlook.com ([fe80::49a5:79a:dfde:9b56]) by SJ0PR02MB7853.namprd02.prod.outlook.com ([fe80::49a5:79a:dfde:9b56%5]) with mapi id 15.20.4628.018; Thu, 21 Oct 2021 20:26:11 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: Lincoln Lavoie <lylavoie@iol.unh.edu>, IETF IPPM WG <ippm@ietf.org>
Thread-Topic: [ippm] Questions on draft-morton-ippm-capacity-metric-protocol-01
Thread-Index: AQHXxewcIkcZuhY1wEGo2hM8lGifgKvdw8pw
Date: Thu, 21 Oct 2021 20:26:10 +0000
Message-ID: <SJ0PR02MB7853902AF803C61008D55523D3BF9@SJ0PR02MB7853.namprd02.prod.outlook.com>
References: <SJ0PR02MB78533269DB297F70106A8FE1D3BD9@SJ0PR02MB7853.namprd02.prod.outlook.com> <CAOE1vsP=pKgOx0g1Jj4e73wSaDn15U4dDZ7rSwT6DqKgLe-VvA@mail.gmail.com>
In-Reply-To: <CAOE1vsP=pKgOx0g1Jj4e73wSaDn15U4dDZ7rSwT6DqKgLe-VvA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: iol.unh.edu; dkim=none (message not signed) header.d=none;iol.unh.edu; dmarc=none action=none header.from=att.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f1cddb71-3811-4c7f-2dc6-08d994d10575
x-ms-traffictypediagnostic: BYAPR02MB5032:
x-microsoft-antispam-prvs: <BYAPR02MB5032C05C862A9978B3D2AF38D3BF9@BYAPR02MB5032.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AUdBV8ZBKfRqEcgv5wBC5d2cJvvGaoYrjjyv1R3a3tAztMCQSi0Iwidkata7FuiBfJa+iVOpbAQdI7D1DvnGiQMH0LChgBu6ZYEKRznPhQcdNelc2hDlhHa1IUHiWxtkwI6BwqoJ5aA2TKwwyz/s6U0PhyPZ6da7VOVmNQSpb29vt6nRMeb93EzImi1qRX+iuyCbW8BF25WW6IkLtUSiLzhXZn2S+lBBJ+QQHKq9K3AdheRYzebXDmymNO52PtpFKV+WJDi1TPXtrcBhPZK6DQDu28Us/cMNVWveqmtCdRug5faozrQAIpP7wqpt1m5w/KyvBHiAPxE1YEfFLg/JDF0HRMi4a8I633i3brsBeHleKtlGUSgRtwYtYEt1WenbAWNr3yGdOQR9xl+WHbjl+SLqMZOt0iU9TYU5dPcWnqhDsmO56UFKqAk8gCCiZFLgJq0EXtFpcC5qyTsB02gRPd1QgoxUDQi98U8Qc60g8tH5uiY6nUyG5GD1ui1c6eWE2lg88A5PBNFPQVniSjbbV89vrQzq7nefR5XOzwYLeUYhuc3VFhvzCmcRCnjeU2tk4hof1rebSi7WJshC21/FioIHO3bMyywS5iGG6pnVHl+LLWWlSaiEegmYpE6QnKw8bFTST3C7NPgSyhcoQKJgEnDGtG35TBdK5oPAaqoASou6DhUlKbLkX06eBOEQJH5icDOyiz9hk9lTwnBsoPJikqhDuYq3B6QYBUA9+PAswaLLn5xTyylpYwtG+53ZIKJAK4B7CEQlBmGXsiMfyTG0ocj5iFRTUX12DkEuPky7GUu6SwhpLwwcOoz2q5YApDqj326LJmL7lkjVU7mtDNlgKw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB7853.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(53546011)(7696005)(6506007)(316002)(26005)(38070700005)(186003)(82960400001)(52536014)(5660300002)(966005)(110136005)(9686003)(9326002)(508600001)(64756008)(66446008)(82202003)(8676002)(83380400001)(8936002)(2906002)(38100700002)(66946007)(76116006)(40140700001)(66476007)(86362001)(66556008)(71200400001)(55016002)(166002)(122000001)(33656002)(559001)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: P0iM5P4ytiOq7oyn4eqFa4eObCnYCPxlYQZqSl3OZJR5hVZx21waGlAyZJzhmbxl/TftLOrZDxNGtUkrkqz9dKSjhiFxbRaHwV7zOyH2I+o3etpc5tNeQhryppSk/71kU5LTxYgCbN56JGgzgbkK/gx0OPE7yBm2HCKLhJVi3UM/qAiB5fFMKga+a2gy2Dg3C3kWJAjTyIA6eCWVS45nVRIs2b5ZxWuUwUpFt5xTeW4hXT/KLbKnDYSSUJqowO1066DeCuL2OHhvCDKa1mRhttdIYT26UXWMfvTDcCF87pKJUowROHqmQJGu/viOU7c7SMRTWdudxDW3mhnWgBYjnAx9/LK6mkVNHNI929JssF2CruOqqSOuEUve64ETxuOCNvXItQM7SXkXYJbSSqYNOSg3t2GzqrDy6VAQA6Gp+GkV4/qLr3549AyGoDmPjskw/KMbhrBu5mIp88UslZDVhIFjBCNsfu89W/ZRkVqwT3+9NFXrgLEXSWQPABYSfx4KmxhcNLBX6nAfjEEjL706/JpUV8cG61JsU8A/F+gEqG5KEwCNZz1+s5fWikrvY/21R7jL2rdLP8cr7G1Dos8AK+wCqbnA8zH3BrVSiQD0GCQ/PnGRT/+LtWiBljd2FjyxoA+TEdOSkPwMJjmTMk8nhzujd7gA5v8CPxkkdd4Cs1AVTkQkOHK8nxWAyACAr41WtQe8LjmdDI/cw3/tVt/6/qGRJ8nR3+TI245cQlocx62cHKQf5Hxihb0fENKS87CrmTo+VroVcsFtuSm65r/QI8UGMGxflrXMv0zvdgQ9ARsMEMZ3OJatw/df5WvgxUC9rw9ToQrG65C2hL6Jw1ny+42HU34F2ArdUyMQ6ig4CxvMJPmQ2d/SoODS1em5EqskiYeZxISX4Jjyo6wMJ5PqjgekQ1smRujenYQC4OlcjZNaI9W4u3hvRCPmFFZg4LFP8oUeS8P4qePK4LdPG+ifxLjGAyx8weZArdeK7Q6qI73n96cj8+R372JgFTxSib9FN1G4v7iazu0uRPW+LaLaT0uCBwj4fNqETHlTFmLS78I///LY7n8W+hLH8IG29Q86LMazpb7zPGG6yZ4V0fK8WNWeaGvjQw6XFymi49CwU7R1LEg/F2P6Yhm9Yz9XKB8M+NCCI94Dt1dwwQ09CyHtKeJazTWWsaZ5A+JrGKBxzyiJ5okevtnfhgxBKy93tv0p8WHVsLkCBLwxi3XQCXpUF7PA2Vau8mH6r4NwF5YgePFKYvbPwSA5dvsdQJdKPTc5zOf8ej5Rlx4iRAqJ0viEH5/+5w7a1NfB4bw+b32QZMRZj0rS+bOEbQfHQuqWuepVGfxCJVEtkuaCFZTjqArSaEkkCG6lvnZNSlCy9jjNnZ4dInHhcP3sz6n7+uHls+M1tusvA5PWEvwW6f/VlfZFiw==
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB7853902AF803C61008D55523D3BF9SJ0PR02MB7853namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7853.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f1cddb71-3811-4c7f-2dc6-08d994d10575
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2021 20:26:10.8773 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: am2935@att.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB5032
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 6C80CA4AB356DEEDCB476B66BD8943EC058452C62D1766D5D4BD32DCD6E714742
X-Proofpoint-ORIG-GUID: 83pAteDCK7YdW8JpjTOZO663T0tjrB9A
X-Proofpoint-GUID: 83pAteDCK7YdW8JpjTOZO663T0tjrB9A
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-21_05,2021-10-21_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 suspectscore=0 adultscore=0 phishscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 spamscore=0 priorityscore=1501 clxscore=1015 bulkscore=0 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110210104
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/hRGzq7OXnwse_GfmHimgNwHHqhE>
Subject: Re: [ippm] Questions on draft-morton-ippm-capacity-metric-protocol-01
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 20:26:52 -0000
Hi Lincoln, Thanks very much for your review! You’ve raised some good questions and identified areas to improve the draft. I’ll reply point-by-point below, [acm]. I’ve left a few items for more discussion (haven’t implemented changes yet). Al From: Lincoln Lavoie <lylavoie@iol.unh.edu> Sent: Wednesday, October 20, 2021 3:53 PM To: IETF IPPM WG <ippm@ietf.org> Cc: MORTON JR., AL <acmorton@att.com> Subject: Re: [ippm] Questions on draft-morton-ippm-capacity-metric-protocol-01 Hello Al (and everyone), I give a quick read through and have some comments and questions on the current draft. Section 3, Phase Item 1: It’s not clear if the expectation is for alignment of the mentioned items, i.e. both the client and server must support jumbo datagrams, or for a mismatch the connection is rejected. [acm] thanks, I’ll write clearer text to replace #1, and disentangle the client and server operation in the first sentence below (not yet modified). 1. Setup Request and Response Exchange: client and server confirm matching protocol versions, authentication mode, and jumbo datagram support, or reject the connection. BTW, all three of these configuration settings have to match, or the server sends the reject reply. Put another way, is this a negotiation phase, where options are mutually agreed between client and server? This is more clear in the setup section below, in terms of an “AND” type requirement. [acm] At this beginning Setup Exchange, there is no negotiation possible in the current protocol. But assuming we expand the number of security modes (beyond the binary “authentication or unauthenticated” modes), the Setup Exchange could become more complicated, or be preceded by a new exchange to secure the communications. Section 3, Phase Item 2: The set up of firewall rules. It is unclear if this is a requirement or informative, such that linkage between the client implementation and a device's firewall might be required. Similarly, careful security considerations should be taken here, akin to duration of those “openings” [acm] This is an informative overview of the details in later sections that follow, and requirements will appear in the later sections. (I need to add this text in front of the list in Section 3). This is the current text in question: 2. Test Activation Request and Response: ... Note that the Test Activation exchange has opened any firewalls and network address/port translators for the test connection and the traffic that follows. To answer your question, the client assumes that the co-located firewall will open the bi-directional address and port combinations in response to a client’s packet sent into the network, and subsequently close that combination after an idle time-out determined by the firewall. We didn’t imagine explicit control of the firewall, but nothing stops a management system from exerting its control. Section 3, Phase Item 4: Should a comment be added to Item 4 about closing of firewall rules, etc. I'm thinking about this separately then the opening of a socket / network port and the creation of the actual firewall rule allowing access to that port. [acm] ok, we could say that we don’t control the Firewall, and it is assumed to delete the state for the test communication after traffic stops (in phases 2 and 4). In section 7.1, is the watchdog timer updated each time a test PDU is received, or each time a test PDU or status message is received. In the case of downstream testing, for example, the server is sending down test PDUs and receiving upstream status information from the client. If the client or its connection were to die, the server should be able to detect this, from a lack of upstream status messages. It is not clear if / how this is accomplished only at the receiver of test PDUs. [acm] In the current draft, I described the time-outs on the Test Setup, Test Activation, and Test Stream reception. Specifically in 7.1: The watchdog timer at the receiver SHALL be reset each time a test PDU is received. but I need to add the symmetrical time-out for Status PDUs in 7,2 (at least I don’t see it in the draft). However, we have the symmetrical watchdog timers in the running code, and are ensuring all the needed timers and time-outs appear in TR-471 Issue 2, RFC 9097-to-be, TR-181, etc. For the Setup Command Response Codes in Section 5, these seem to be indicated as an ENUM type parameter, but as an example, what if there were multiple conditions to be indicated to the client. Could these be made into “flags” such that multiple could be set. The consequence would be limiting the maximum number within the 8-bit size (which is already exceeded). [acm] Command Response Codes Control Header Setup Request Code CHSR_CRSP_NONE 0 = None Control Header Setup Request Code CHSR_CRSP_ACKOK 1 = Acknowledgement Control Header Setup Request Code CHSR_CRSP_BADVER 2 = Bad Protocol Version Control Header Setup Request Code CHSR_CRSP_BADJS 3 = Invalid Jumbo datagram option Control Header Setup Request Code CHSR_CRSP_AUTHNC 4 = Unexpected Authentication in Setup Request Control Header Setup Request Code CHSR_CRSP_AUTHREQ 5 = Authentication missing in Setup Request Control Header Setup Request Code CHSR_CRSP_AUTHINV 6 = Invalid authentication method Control Header Setup Request Code CHSR_CRSP_AUTHFAIL 7 = Authentication failure Control Header Setup Request Code CHSR_CRSP_AUTHTIME 8 = Authentication time is invalid in Setup Request Yes, it’s a good point How does the protocol handle the multiple error case explicitly (I’m not sure that we don’t, but more needs to be said, or convert to flags (except that we ran out of 8 bits already, as you point-out!). I’m leaving this as an open issue for more discussion. Currently none of the status messages are protected against bit errors (i.e. no checksum or similar). Would there be benefit in adding that level of protection to the control channel? This would protect against a bit flip that could cause "misalignment" between what the client / server are "doing." [acm] Possibly, the Status PDU could benefit. The feedback status messages convey critical measurements from, OR the Sending Rate Structure to, the client. Maybe we add a stronger protection at this point in time, to ensure these messages are not spoofed by an on-path attack (Attack in the middle). I’m leaving this as an open issue for more discussion. Also within the Section 5 Setup Command I’m guessing the authDigest of the setup request message is intended as a sort of “shared password” the valid clients would use to identify themselves. Would it make sense to mention, as an informative comment it might be worth setting more unique credentials per client via an out of band mechanism, like TR-069, assuming tests are being directed by someone like a service provider? I know security is a much larger topic, but discouraging any type of shared credential is always good practice in my opinion. [acm] Yes, shared password was a feature for the beginning open-source implementation. We didn’t want to put up a protocol with absolutely zero authentication, and Len added this last Summer before the first OB-UDPST Release. We can make more extensive changes when addressing the question of Security modes and methods, and TR-069 is surely a good OOB example. I’m leaving this as an open issue for more discussion, which will be subsumed by determining new Security Modes and how to implement them (Section 10). Please let me know if there are any other ways I can help out, great start on the protocol! [acm] Will do, and Thanks again! Look for an updated draft on Oct 25 at the submission deadline. Cheers, Lincoln On Tue, Oct 19, 2021 at 6:32 PM MORTON JR., AL <acmorton@att.com<mailto:acmorton@att.com>> wrote: Hi IPPM, Len Ciavattone and I am looking for some feedback on our protocol [0] designed to help measure the Maximum IP-Layer Capacity Metric (which will be published as an RFC shortly). We are asking folks to take a look at the draft, because we are fairly sure you will have some questions! One area where we know more development is required is the Modes of operation, which essentially describes how the different aspects/exchanges of the protocol will be made secure. This is pretty-much a green-field in our specification, so suggestions are very welcome. Section 10 currently describes the different modes that we imagined to be useful (A through F below), but practical aspects of any proposed solution might indicate modes that should be combined, split-up, or new modes. So, please give the draft and/or the list below a look, and let us know what you think. thanks! Al [0] https://datatracker.ietf.org/doc/html/draft-morton-ippm-capacity-metric-protocol-01.txt<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-morton-ippm-capacity-metric-protocol-01.txt__;!!BhdT!3tvhVp5KCcOOLuqFn3oe5hJS357FIVTqatfgkYHDgtdbpoX9VJk8xOFO-hbV$> 3. Client-server authentication and integrity protection for feedback messages conveying measurements is RECOMMENDED. To accomodate different host limitations and testing circumstances, different modes of operation are recommended: A. Un-authenticated mode (for all phases) AND B. OPTIONAL Authenticated set-up only SHA-256 HMAC time-window verification (5 min time stamp verification) (could add silent failure option) -=-=-=-=-=-=-=-=-=- C. Encrypted setup and test-activation (currently using OpenSSL Library, so KISS, but may be too slow for test packets) -=-=-=-=--=- Old/low-power host performance impacts -=-=-=-=-=-=- D. Encrypted feedback messages E. Integrity protection for test packets SHA-256 HMAC F. Encrypted test packets (maybe also valuable to defeat compression on links) _______________________________________________ ippm mailing list ippm@ietf.org<mailto:ippm@ietf.org> https://www.ietf.org/mailman/listinfo/ippm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/ippm__;!!BhdT!3tvhVp5KCcOOLuqFn3oe5hJS357FIVTqatfgkYHDgtdbpoX9VJk8xIAIxb4s$> -- Lincoln Lavoie Principal Engineer, Broadband Technologies 21 Madbury Rd., Ste. 100, Durham, NH 03824 lylavoie@iol.unh.edu<mailto:lylavoie@iol.unh.edu> https://www.iol.unh.edu<https://urldefense.com/v3/__https:/www.iol.unh.edu__;!!BhdT!3tvhVp5KCcOOLuqFn3oe5hJS357FIVTqatfgkYHDgtdbpoX9VJk8xBaQGOnn$> +1-603-674-2755 (m) [https://docs.google.com/uc?export=download&id=1j_iI6anwrnbQWNpTyuvukMLSNJJ8_8QU&revid=0B_0ujwABDnFZTmJiR3EzK0d1VjFKTjQvMENBWVM0QnA4ajhjPQ]<https://urldefense.com/v3/__https:/www.iol.unh.edu__;!!BhdT!3tvhVp5KCcOOLuqFn3oe5hJS357FIVTqatfgkYHDgtdbpoX9VJk8xBaQGOnn$>
- Re: [ippm] Questions on draft-morton-ippm-capacit… MORTON JR., AL
- [ippm] Questions on draft-morton-ippm-capacity-me… MORTON JR., AL
- Re: [ippm] Questions on draft-morton-ippm-capacit… Lincoln Lavoie
- Re: [ippm] Questions on draft-morton-ippm-capacit… Ruediger.Geib
- Re: [ippm] Questions on draft-morton-ippm-capacit… can desem
- Re: [ippm] Questions on draft-morton-ippm-capacit… MORTON JR., AL
- Re: [ippm] Questions on draft-morton-ippm-capacit… MORTON JR., AL
- Re: [ippm] Questions on draft-morton-ippm-capacit… Ruediger.Geib
- Re: [ippm] Questions on draft-morton-ippm-capacit… Greg Mirsky