IETF Logo Mail Archive

Re: [ippm] Benjamin Kaduk's Discuss on draft-ietf-ippm-stamp-option-tlv-07: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Wed, 02 September 2020 03:53 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69EA93A0AEF; Tue, 1 Sep 2020 20:53:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rILYwPhVLJtX; Tue, 1 Sep 2020 20:53:20 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4AA03A0AE8; Tue, 1 Sep 2020 20:53:19 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0823r6SI016746 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 1 Sep 2020 23:53:08 -0400
Date: Tue, 01 Sep 2020 20:53:05 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ippm-stamp-option-tlv@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, IETF IPPM WG <ippm@ietf.org>, Yali Wang <wangyali11@huawei.com>
Message-ID: <20200902035305.GD16914@kduck.mit.edu>
References: <159478020257.22868.5345083656365195833@ietfa.amsl.com> <CA+RyBmU36ktt4OV12J5Y6JKkEhsJ_HMvnvRKe=cLSemBpY+1Qw@mail.gmail.com> <20200717024804.GI41010@kduck.mit.edu> <CA+RyBmVRPR9sp1isS7aAGOpBj_PD6bTSMUZy2CauwX1jBmdv2Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+RyBmVRPR9sp1isS7aAGOpBj_PD6bTSMUZy2CauwX1jBmdv2Q@mail.gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/jOvmUVRFTqBTxO1wFIfhbzG4Ah8>
Subject: Re: [ippm] Benjamin Kaduk's Discuss on draft-ietf-ippm-stamp-option-tlv-07: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 03:53:21 -0000

Hi Greg,

Thanks for the updates;

On Wed, Jul 22, 2020 at 03:24:54PM -0700, Greg Mirsky wrote:
> 
> PS. I've clipped the COMMENTS as these now have the discussion thread
> of their own.
> 
> On Thu, Jul 16, 2020 at 7:48 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
> >
> > On Thu, Jul 16, 2020 at 05:38:08PM -0700, Greg Mirsky wrote:
[...]
> GIM2>> I have some reservations to say that a particular TLV MUST be
> accompanied by the HMAC TLV. If a domain secured, an operator may use
> a TLV, e.g., CoS TLV, without authentication. I think that the current
> text:
>    The HMAC TLV MAY be used to protect the integrity of STAMP extensions
>    in STAMP unauthenticated mode.
> can be expanded to require that an implementation can enable
> authentication of extensions via the management plane. It might be as:
> NEW TEXT:
>    The HMAC TLV MAY be used to protect the integrity of STAMP extensions
>    in STAMP unauthenticated mode.  An implementation of STAMP extensions
>    MUST provide controls to enable the integrity protection of STAMP
>    extensions in STAMP unauthenticated mode.
> Would the updated text be acceptable?

In light of the long delay (entirely my fault) in responding, I've prepared
a new ballot position to cover this topic and the other notes I made from
my re-review.  But in short: I can accept the weaker form of mandatory
behavior that you propose here, but we should still clearly document the
considerations that come into play for unauthenticated operation.

Thanks, and sorry again for the slow response,

Ben

> 
> >
> > I think the idea was to require the HMAC TLV to accompany those TLVs that
> > represent "control information", yes.  My initial read of the document
> > (reflected in my longer comments) says that the Location and Timestamp
> > Information TLVs would be considered to contain such "control information",
> > though on reread perhaps the Timestamp Information is not always considered
> > sensitive.  I'm on the fence about Location, and I think that Class of
> > Service is pretty clearly on the "control information" side of things
> > (since it affects the headers of the containing IP packet and consequently
> > the behavior of the network).
> 
> GIM2>> I agree that CoS is very close to what we consider "control
> information" as it includes information that affects how the reflected
> test packet is transmitted. But as in RFC 8762 itself, HMAC TLV is
> defined as optional in STAMP unauthenticated mode and, as I think of
> it, that leaves the choice to an operator whether to protect the
> integrity of the CoS TLV or not. Do you think that such arrangement is
> acceptable?

v2.23.0 | Report a Bug | By Email