Re: [ippm] Secdir last call review of draft-ietf-ippm-stamp-07
Greg Mirsky <gregimirsky@gmail.com> Mon, 26 August 2019 22:10 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 891E812001A; Mon, 26 Aug 2019 15:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyVLUmLNOvua; Mon, 26 Aug 2019 15:10:34 -0700 (PDT)
Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53877120013; Mon, 26 Aug 2019 15:10:30 -0700 (PDT)
Received: by mail-lj1-x243.google.com with SMTP id m24so16521329ljg.8; Mon, 26 Aug 2019 15:10:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JGW00s4H2qgmzOAKgOA/N2wrwAzMgx17Kd7bF3O+7T8=; b=SDvnxa5ix6xKfD7X+ET05BGsJdlt0O3rFaNLAHbTsNZWa+hdggwpAHtbMq9q5xNRT7 MpvrCHiVAzf+Ru33Z94DXXLM4SfQFi2N/gan25C6BXKUkZNydKnRXtk+QeS8su2y/fAm HdutWMgmmWoMimzsdLgHuzVmZzzv8sZQzdekLT/A++pNiOIZsmjICzus7ShtBsQhkT3x rqXokjdI7FbL4XyetOkXTfzwrueTomojpoQwSGw7K+/Xux58JyHYZWvNdLO6HWh+s2bG 8KhWSwh5DQ8O9qdxkc7wCzVGVmVQD3DO8hVOocsWXNb4BaJWwEwKqoMZcFZJ2pMz6tVy xefA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JGW00s4H2qgmzOAKgOA/N2wrwAzMgx17Kd7bF3O+7T8=; b=LSHAexUW+r/IPjJTi3e6ccaZPBxY28sn+nA3rnxPi1bPF3NwttDAV+8VFvXTux28GA UQz67BJ5awSID5KBf/bYgdN7io8pzio3Bw0P5WDHF0zIEH10fWmhL1EWfwgWD/u3Secy 2PJ2glg6v51JcHC1q2P1UNRWSLyR5eNA+MLhwZc0mkhHQGgqhuPTR+DiuGz/lc5mBQ7o ltCCq3Rga+ArAfGyaOjJ3tIxt98gWBSv/E9rsphwgzNcEoXv8bnXeXa0DCIlzQ6usFkU WsjPJX/xkZ5Sm1xyjun3AGmPhEvvvNwq5f7trYVt6zVMVqpBDUERfLa2MgGbK2qh5c3x aEOA==
X-Gm-Message-State: APjAAAVsjuwKrFhC4tmK3ViSIr+49biNDF4qoDrXbvyZrb3kmL2WQOvS 70Wk7LlNQy8CG0BMVPJ4OPMleUiE4v8nCMFDLmQ=
X-Google-Smtp-Source: APXvYqymF6vRKwwYW7N4vkgYx01NY7F+/fRqVTTq3jhUcFDlCtySsAJ39t7epUhz699IB6UdfE8LErveMhuy559n24g=
X-Received: by 2002:a2e:7c12:: with SMTP id x18mr12185437ljc.100.1566857427872; Mon, 26 Aug 2019 15:10:27 -0700 (PDT)
MIME-Version: 1.0
References: <156649425577.14757.13703548347532993926@ietfa.amsl.com>
In-Reply-To: <156649425577.14757.13703548347532993926@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Mon, 26 Aug 2019 15:10:15 -0700
Message-ID: <CA+RyBmUogDWxsAuZoL-beiYQ9+ZyJLheooZRafcp7ZENb+rPXQ@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: secdir@ietf.org, draft-ietf-ippm-stamp.all@ietf.org, IETF list <ietf@ietf.org>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/mixed; boundary="000000000000681d2605910c6cc6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/o9NDQkqZubynwaB57OQedjEE-Y4>
Subject: Re: [ippm] Secdir last call review of draft-ietf-ippm-stamp-07
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 22:10:40 -0000
Hi Russ, thank you for your review, comments, and suggestions. Please find my notes in-lined under GIM>> tag. Also, please find the diff and the working version of the draft attached. Regards, Greg On Thu, Aug 22, 2019 at 10:17 AM Russ Housley via Datatracker < noreply@ietf.org> wrote: > Reviewer: Russ Housley > Review result: Has Issues > > I reviewed this document as part of the Security Directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the Security Area > Directors. Document authors, document editors, and WG chairs should > treat these comments just like any other IETF Last Call comments. > > Document: draft-ietf-ippm-stamp-07 > Reviewer: Russ Housley > Review Date: 2019-08-22 > IETF LC End Date: 2019-09-03 > IESG Telechat date: unknown > > Summary: Has Issues > > > Major Concerns: > > Section 4.1.1: This paragraph is a bit surprising: > > The STAMP Session-Sender and Session-Reflector MAY use, not use, > or set value of the Z field in accordance with the timestamp > format in use. This optional field is to enhance operations, but > local configuration or defaults could be used in its place. > > Why not have this bit set to align with the bits that actually appear > in the packet? GIM>> The use of the Z bit to indicate the format of the timestamp used by TWAMP test nodes has been described in RFC 8186 <https://datatracker.ietf.org/doc/rfc8186/>. The value of the Z flag is set by the Session-Sender and the Session-Reflector independently to reflect the format of timestamp that each of them respectively uses. The Z flag is part of the Error Estimate field and thus is part of the STAMP test packet transmitted by the Session-Sender and the packet reflected by the Session-Reflector. > This is especially worrisome because of the text that > come later (Section 4.2.1), which says: > > o Timestamp and Receiver Timestamp fields are each eight octets > long. The format of these fields, NTP or PTPv2, indicated by the > Z flag of the Error Estimate field as described in Section 4.1. > > If the Z field (or Z flag) is not really meaningful, I do not see how > the peer knows how to interpret a received timestamp. > GIM>> A Session-Reflector would not interpret the value of the Z flag (will convert to "Z flag") but only the Session-Sender will use the value in the Error Estimate field on the reflected packet to correctly interpret the values in the Receive Timestamp and Timestamp fields. (The Session-Sender Timestamp is the copy of the timestamp set by the Session-Sender and is expected to be processed correctly.) > > > Section 4.3: Please divide this into two sections. First, you have > picked a single mechanism for authentication (HMAC-SHA-256 truncated > to 128 bits). This choice seems fine to me, even though you are not > saying much about the key management. I would prefer that you have > a mandatory to implement key management technique, but allow others; > however, I am not going to insist on that. Then, a separate section > should talk about confidentiality protection. > > > Section 4.3: This text needs work: > > If confidentiality protection for STAMP is required, encryption at > the higher level MUST be used. For example, STAMP packets could be > transmitted in the dedicated IPsec tunnel or share the IPsec tunnel > with the monitored flow. > > I find "at the higher level" very unclear. I believe that IPsec would > be below this protocol. > > I think that DTLS would also provide the confidentiality protection > that you desire. Since you are not specifying any details of the > encryption, you can say that a "secured transport" (the term that you > use in the Security Considerations) such as IPsec or DTLS can be used. > GIM>> Thank you for the suggestions. Renamed Section 4.3 in Integrity Protection in STAMP, and added the new section: NEW TEXT: 4.4. Confidentiality Protection in STAMP If confidentiality protection for STAMP is required, a STAMP test session MUST use a secured transport. For example, STAMP packets could be transmitted in the dedicated IPsec tunnel or share the IPsec tunnel with the monitored flow. Also, Datagram Transport Layer Security protocol would provide the desired confidentiality protection. > > Minor Concerns: > > Section 1: I do not follow this topic, and this may be clear to your > expected reader, but it is not clear to me. The Introduction does not > tell me the relationship of TWAMP Light and [BBF.TR-390] to this > document. One possible way to resolve this is to divide the section > into four parts: (1) background and history of measurement protocols; > (2) shortcoming of those protocols; (3) what this document does to > resolve those shortcomings; and (4) pointers to other documents that > make up the rest of the shortcoming resolution. > GIM>> Thank you for your suggestions. Split the section into four paragraphs. Hopefully the text is more clear now: 1. Introduction Development and deployment of Two-Way Active Measurement Protocol (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined features such as Reflect Octets and Symmetrical Size for TWAMP provided invaluable experience. Several independent implementations of both TWAMP and TWAMP Light exist, have been deployed, and provide important operational performance measurements. At the same time, there has been noticeable interest in using a more straightforward mechanism for active performance monitoring that can provide deterministic behavior and inherit separation of control (vendor-specific configuration or orchestration) and test functions. Recent work on IP Edge to Customer Equipment using TWAMP Light from Broadband Forum [BBF.TR-390] demonstrated that interoperability among implementations of TWAMP Light is challenged because the composition and operation of TWAMP Light were not sufficiently specified in [RFC5357]. According to [RFC8545], TWAMP Light includes sub-set of Mirsky, et al. Expires February 27, 2020 [Page 2] Internet-Draft STAMP August 2019 TWAMP-Test functions to provide comprehensive solution requires support by other applications that provide, for example, control and security. This document defines an active performance measurement test protocol, Simple Two-way Active Measurement Protocol (STAMP), that enables measurement of both one-way and round-trip performance metrics like delay, delay variation, and packet loss. Some TWAMP extensions, e.g., [RFC7750] are supported by the extensions to STAMP base specification in [I-D.ietf-ippm-stamp-option-tlv]. > > > > Nits: > > The document uses "Z field" and "Z flag". Please pick one and use it > throughout the document. > GIM>> Settled on "Z flag". > > These terms are defined in Section 2.1, but they are not used in the > rest of the document: > > AES Advanced Encryption Standard > > CBC Cipher Block Chaining > > ECB Electronic Cookbook > > KEK Key-encryption Key > GIM>> Cleared them all.
- [ippm] Secdir last call review of draft-ietf-ippm… Russ Housley via Datatracker
- Re: [ippm] Secdir last call review of draft-ietf-… Greg Mirsky