Re: [ippm] WGLC for draft-ietf-ippm-twamp-06.txt

Replies at [MSC2] 

> -----Original Message-----
> From: Al Morton [mailto:acmorton@att.com] 
> Sent: Monday, April 21, 2008 6:43 PM
> To: Murtaza Chiba (mchiba); Henk Uijterwaal
> Cc: IETF IPPM WG
> Subject: RE: [ippm] WGLC for draft-ietf-ippm-twamp-06.txt
> 
> Replies in-line,
> Al
> At 06:02 PM 4/21/2008, Murtaza Chiba (mchiba) wrote:
> >...
> >
> >[MSC] So it seems the purpose of the Authenticate mode is to 
> verify the
> >sender only.   Then the authenticate mode seems a bit strange and
> >unnecessary!   With TWAMP/OWAMP one would expect the primary field is
> >Timestamp from which most statistics are derived and to 
> leave it open to
> >manipulation, IMO, defeats the purpose of securing the protocol.   So
> >maybe the mode should be removed from both TWAMP and OWAMP?  
>  As it is
> >the usage of the term authenticated is misleading.
> 
> The draft explains the main reason for Authenticated mode, to 
> keep the HMAC and encryption process from affecting the 
> timestamp accuracy.
> 

[MSC2] The security only serves the purpose of verifying where the
packet originated from as it is wide open for manipulation of the most
critical piece of data for the protocol.   Therefore its as good as no
security and hence I would vote +1 to remove it!

> > > >For the encrypted mode, one paragraph mentions first 96 
> Octets are 
> > > >encrypted, however, another paragraph mentions that the 
> HMAC only 
> > > >covers the portion encrypted which is 32 bytes.
> > >
> > > The portion of test packet covered by HMAC is 32 octets 
> in Encrypted 
> > > *mode*. AES-CBC covers 96 octets (encryption).
> > >
> >
> >[MSC] That seems contradictory to the statement "HMAC in TWAMP-Test 
> >only covers the part of the packet that is also encrypted."  
> So, if 96 
> >bytes are encrypted then 96 bytes need to be covered by HMAC.
> 
> The numbers override the grammar.
>

[MSC2] Can we add an action item to correct the grammar?

> 
> >...
> > > It would be a new feature.
> > > Possible to add to draft-morton-ippm-more-twamp-...
> > >
> >
> >[MSC] Since TWAMP is still a draft may be we have room to add the
> >functionality.   Not sure why its being addressed by a 
> separate draft.
> 
> Here's why:  Feature creep.  We stopped adding features, and 
> have really just been clarifying the text since last September...
> 

[MSC2] okay, will respond to this in the next mail from Henk.

Thanks,
-Murtaza

> >...
> >[MSC] The clarification was not very clear however, which of the 
> >following two packet formats are you suggesting is the correct one?
> 
> Don't worry, the revised sentence in the draft will be clear.
> It's this one, with no SID or other session description info.
> >2.)
> >       0                   1                   2                   3
> >       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 
> 7 8 9 0 1
> >      
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> >      |      3        |    Accept     |              MBZ     
>          |
> >      
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> >      |                      Number of Sessions              
>          |
> >      
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> >      |                        MBZ (8 octets)                
>          |
> >      |                                                      
>          |
> >      
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> >      |                                                      
>          |
> >      |                       HMAC (16 octets)               
>          |
> >      |                                                      
>          |
> >      |                                                      
>          |
> >      
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> >
> 
> 
_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm