Re: [ippm] Working Group Last Call: draft-ietf-ippm-ioam-data

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Wed, 22 January 2020 08:33 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67E0B120013 for <ippm@ietfa.amsl.com>; Wed, 22 Jan 2020 00:33:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NUKGLHtzwjXa for <ippm@ietfa.amsl.com>; Wed, 22 Jan 2020 00:33:07 -0800 (PST)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 242F41200A4 for <ippm@ietf.org>; Wed, 22 Jan 2020 00:33:07 -0800 (PST)
Received: by mail-wm1-x32c.google.com with SMTP id b19so5846719wmj.4 for <ippm@ietf.org>; Wed, 22 Jan 2020 00:33:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xqsvjZvm08wVkvCTxa1AeGvJtzRy99If2xxomOngDEY=; b=tEyri+DPZ6yixfVO/c2wJd2hFNqw4XnRj5RwR5Nap8lfxcqnZou7ilVe+XVeEPfGBX ItpOhGPyre3bcWAp6N91tnmGyykRAex1zxhh3ohxbulEPAEOIvNRHvbSgiwN+UA5GsKI 1ztZxVDL1mTO6m63LBz1xHXSmdVM7U5WM+CKRL/yBUQeQnZquEmE3dRfseIi209Eb9SS yOs0fch1tMdO28B8xTL8BuORgwDlhPNk/3DEwkCkUuDI3W9pnSDA0x4FtQQSGLk6MENO oYhYs/PuoQKfIe3lRoVCB6lTsgrmQeviidbmbxSu38SAzHulhV6jq/ALkVUl+zKQ65It irUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xqsvjZvm08wVkvCTxa1AeGvJtzRy99If2xxomOngDEY=; b=gy5KZFNIkPIIrEPPnxl+ICon5mZ3v411su2jI25itA1+vuQmyBmJSqIeM8aYrjKc1T 0WkVDQIqkJyPF9k8EIVp1W9ZlLn+e4wgeqNZNMprTdIRaHxDu5JR+sTDR+++USC01a0I NDX5S/MTg3duRpw8as1ic6Gerd/y1wc8OEOSQ/SdF2l85AcrbYB8kjKFi/uLDXifsxCP omiWP444zE7kLa+wmoEH3Wpa5upUtjT0ePJ4gI79KEH9T4uGbR2b1rofA0CHSUwfz2w4 n6KkT+EJ9+icXZQgcmukJwhw9v85CRf2HO+BsBNuc9au7oUYCr5ThFN7nwSFoczKLV9t KSAA==
X-Gm-Message-State: APjAAAVzFh6rCUbhxFnBjI7C2EJNTZ6aKE8AzdLTguzluYfq9rq4+ySK jTh1J77lW6/sUIqRCOyuzEl9DtVMp1fnyAuHr57RAivEuFs=
X-Google-Smtp-Source: APXvYqwiadrfTYgZyN3ZSS9LlV5m5/+S0a1D1LHWaTaMjWmrE72xM7Qo1LOplUbI6iU2D94SZavfLk+9IcFc3XEKd08=
X-Received: by 2002:a1c:6809:: with SMTP id d9mr1664385wmc.70.1579681985593; Wed, 22 Jan 2020 00:33:05 -0800 (PST)
MIME-Version: 1.0
References: <E5725DE6-0637-4D52-BD61-2437D29D3C3B@apple.com> <CA+RyBmU8zgJzqA6USXY5jyQeGpV+6JZUntX5e0hkcjNEnvg3qA@mail.gmail.com> <CA+RyBmXf32P8cmCop0Mbqds5N7nUfQcP+czfD8cd-ZoSBgS7jQ@mail.gmail.com>
In-Reply-To: <CA+RyBmXf32P8cmCop0Mbqds5N7nUfQcP+czfD8cd-ZoSBgS7jQ@mail.gmail.com>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Wed, 22 Jan 2020 10:32:54 +0200
Message-ID: <CABUE3X=SAi-UrEUXLMTHNa3_jWdYjrTs=1d-C6mtTQTKAUhN_Q@mail.gmail.com>
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009c04c0059cb65f21"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/hUMBEC0h_WXe06DfwKvYzRalUVE>
Subject: Re: [ippm] Working Group Last Call: draft-ietf-ippm-ioam-data
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2020 08:33:09 -0000

Hi Greg,

Thanks for this comment.

In the context of "confidentiality", since we are talking about OAM
information, the correct context here is reconnaissance. Recon and its
implications are indeed discussed in the Security Considerations section on
the third paragraph.

Regarding integrity protection, the first paragraph of the Security
Considerations section discusses the consequences of compromising the
integrity of IOAM.

In my opinion the current Security Considerations section covers the main
threats related to IOAM, and also explains the rationale of not including
explicit security mechanisms (the last paragraph of the section).

You make a good point that we did not explicitly use the terms
"confidentiality" and "integrity", and I will suggest new text that
explicitly refers to these terms in the relevant context of the section.

Cheers,
Tal.




On Wed, Jan 22, 2020 at 8:52 AM Greg Mirsky <gregimirsky@gmail.com> wrote:

> Dear All,
> I'd like to add a note on the scope of the Security Considerations
> section. While it discusses the potential use of iOAM as the new DDOS
> attack vector, I didn't find a discussion of the protection of integrity
> and confidentiality of collected data. As I understand, please correct me
> if I've missed that in other sections of the document, all data is
> collected and transported in the clear text, no provisions for
> authentication or encryption except for Proof-of-Transit. I think that in
> addition to stressing the importance of protecting the integrity of clock
> synchronization and of the management plane, possible ways of protecting
> integrity and, possibly, the confidentiality of collected data must be
> discussed in the document.
>
> Regards,
> Greg
>
> On Tue, Jan 21, 2020 at 3:56 PM Greg Mirsky <gregimirsky@gmail.com> wrote:
>
>> Dear All,
>> please consider my comments to draft-ietf-ippm-ioam-data as part of IPPM
>> WG Last Call:
>>
>>    - In Abstract and Section 3, Segment Routing is characterized, among
>>    other networking technologies, as a transport. RFC 8402 defines Segment
>>    Routing as a method to leverage the source routing paradigm. Where else
>>    could the Segment Routing be defined as transport?
>>    - Also, "native IPv6" is mentioned in the Abstract as transport.
>>    Could it be just a reference to IPv6? What is the significance of singling
>>    out "native IPv6"?
>>    - Introduction section explains the "in-situ" term as
>>
>>    The term "in-situ" refers to the fact that the OAM
>>    data is added to the data packets rather than is being sent within
>>    packets specifically dedicated to OAM.
>>
>> But with the introduction of Loopback and Direct Export as iOAM
>> behaviors, iOAM data are not added to the data packet. And how these new
>> iOAM functions affect the definition of IOAM control points in Section 3?
>>
>>
>>    - I-D.lapukhov-dataplane-probe referenced as describing "recent
>>    active probing mechanisms". That could have been the case in 2016 when the
>>    draft was last time updated. But has expired and has not been discussed or
>>    worked for 3.5 years.
>>    - In regard to the control over iOAM, text in Section 3 states "It
>>    SHOULD be possible to enable IOAM on a selected set of traffic ..." Does
>>    that mean that not providing the selective enabling of iOAM is an
>>    acceptable option?
>>    - Further in Section 3, the requirement for encapsulation
>>    independence is using SHOULD "Data formats for IOAM SHOULD be defined in a
>>    transport-independent manner." What are the examples of exceptions?
>>    - section 4.4 introduces the notion of an "iOAM capable node". Which
>>    of iOAM objects are expected to be supported by the iOAM capable node? If a
>>    node doesn't support a sub-set of iOAM data types, would it still be
>>    considered as iOAM capable?
>>    - Section 4.4.1 I'm having a hard time figuring how the presence
>>    of Opaque State Snapshot space can be deduced. The explanation in NodeLen
>>    is not clear to me.
>>    - The definitions of Bit 0 and Bit 8 of IOAM-Trace-Type differ only
>>    in part of the latter specifying that the format is wide. What is the
>>    length on data identified by Bit 0?
>>    - Hop_limit in Section 4.4.2 is defined as
>>
>>         This is copied from the lower
>>          layer, e.g., TTL value in IPv4 header or hop limit field from
>>          IPv6 header of the packet when the packet is ready for
>>          transmission.
>> What is the value of Hop_Limit field if the lower level does not include
>> TTL/Hop Limit field?
>>
>>
>>    - Four octets are allocated for timestamp subseconds in Section
>>    4.4.2. Both PTP and NTP have formats that can provide a higher resolution
>>    of a timestamp. That likely to be useful where a higher resolution of time
>>    measurement, e.g. delay variation is needed (for example, URLLC
>>    applications of 5G, TSN or DetNet). Can iOAM data be extended in the future
>>    to support a different length of the subsecond field?
>>    - What was the rationale to choose nanoseconds as the unit for
>>    transit delay?
>>    - How future proof is allocating four octets to express the length of
>>    an egress queue (queue depth)? What should be the value if an iOAM node
>>    cannot write the local value in four octets?
>>    - Similar to the questions above but in regard to the buffer
>>    occupancy field.
>>    - Checksum Complement may be practical but it raises serious security
>>    issues. I couldn't find these being identified and discussed in the
>>    document.
>>    - Section 5 defers the specification of the particular timestamp
>>    format used in the given iOAM Namespace to the management plane. Does that
>>    mean that all nodes in the given iOAM Domain must support the same format?
>>    In other words, timestamps collected in the domain required to be in the
>>    homogeneous format - either all in NTP, all in PTP, or all in POSIX. That
>>    looks like unnecessary complexity and limitation and may cause lower
>>    accuracy of time measurement as an iOAM node may be required to transform
>>    from its native time format into the format chosen by the management plane.
>>
>> Regards,
>> Greg
>>
>> On Tue, Jan 7, 2020 at 8:47 AM Tommy Pauly <tpauly=
>> 40apple.com@dmarc.ietf.org <40apple.com@dmarc..ietf.org>> wrote:
>>
>>> Hello IPPM,
>>>
>>> Happy New Year! This email starts a working group last call for "Data
>>> Fields for In-situ OAM" (
>>> https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-data/).
>>>
>>> The last call will end on *Tuesday, January 21*. Please reply to
>>> ippm@ietf.org with your reviews and comments. Please indicate whether
>>> you think this document is ready for publication.
>>>
>>> Best,
>>> Tommy (as co-chair)
>>> _______________________________________________
>>> ippm mailing list
>>> ippm@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ippm
>>>
>> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm
>