[ippm] Warren Kumari's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS)
Warren Kumari via Datatracker <noreply@ietf.org> Wed, 26 October 2022 20:15 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ippm@ietf.org
Delivered-To: ippm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BA064C14CF06; Wed, 26 Oct 2022 13:15:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Warren Kumari via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ippm-ioam-conf-state@ietf.org, ippm-chairs@ietf.org, ippm@ietf.org, marcus.ihlar@ericsson.com, marcus.ihlar@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 8.19.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Warren Kumari <warren@kumari.net>
Message-ID: <166681530275.46711.14052349083997392055@ietfa.amsl.com>
Date: Wed, 26 Oct 2022 13:15:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/nmVSzdyLmpMgaEGTaFt_adoHaBk>
Subject: [ippm] Warren Kumari's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 20:15:02 -0000
Warren Kumari has entered the following ballot position for draft-ietf-ippm-ioam-conf-state-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-conf-state/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you very much for writing this document. Please see: https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ My concerns are closely related to Roman's DISCUSS point: The document says: "A deployment can increase security by using border filtering of incoming and outgoing echo requests/replies." I'm unclear why this is just a "can increase security", and not something much much stronger -- but, also, I'm unclear how exactly an operator would be expected to filter these. The Abstract says: "This document describes an extension to the echo request/reply mechanisms used in [...]", but from what I can tell, it is more "here are some containers that you could use in some other protocols". It seems like, instead of only relying on the network for filtering (which doesn't yet seem to be implemented), the: "To protect against unauthorized sources using echo request messages to obtain IOAM Capabilities information, it is RECOMMENDED that implementations provide a means of checking the source addresses of echo request messages against an access list before accepting the message." should be made stronger. Implementations need to be created to understand IOAM, and so requiring that they have the capability to only accept configured source addresses seems simple.
- [ippm] Warren Kumari's Discuss on draft-ietf-ippm… Warren Kumari via Datatracker
- Re: [ippm] Warren Kumari's Discuss on draft-ietf-… xiao.min2
- Re: [ippm] Warren Kumari's Discuss on draft-ietf-… Warren Kumari
- Re: [ippm] Warren Kumari's Discuss on draft-ietf-… xiao.min2