Re: [ippm] Secdir early review of draft-ietf-ippm-ioam-direct-export-07

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Tue, 14 June 2022 07:02 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54239C13C2CB; Tue, 14 Jun 2022 00:02:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVQB95_e9emg; Tue, 14 Jun 2022 00:02:47 -0700 (PDT)
Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E1AC13C2CA; Tue, 14 Jun 2022 00:02:47 -0700 (PDT)
Received: by mail-pf1-x431.google.com with SMTP id w21so7859572pfc.0; Tue, 14 Jun 2022 00:02:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NeTtmFvNQcw1EkDc7ci/QfPhdeMsUl8OWs0gULD28R0=; b=a67lo7mf3O3yP04C7NxRYRE5AuWlASIcmqz5XyKEK7P74aXhI29yoNB1MxsRXzK0AF yRFg2aHrdkcV2MJpc5o4gdYU4NONwUD/oSvl6ExMqiHAdKpj4jhW7wbdgsCHPBF01arE rT7b9soqKI9jiBIxlKOC0d3zAtUUpmFRwgGbGtCUhFFlb2IapVkxuTsHbj4Got3JrFs9 ut/NqUtT3pwgVGif/+R6ARrpo4wzLsXD61GLK8UPu8ofjHXvPToqFSVFIofSUL5TcTGl +iepeRckfA8qdk0I1s904XEXCCGEPd4JPsJr51OxHHxgp6PVRr87SbeXHm02IMAWeHxO zHkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NeTtmFvNQcw1EkDc7ci/QfPhdeMsUl8OWs0gULD28R0=; b=xX2FT0Z7ycq9GrFPYZV2AZvaie1JTxhA5tLYOCNn6dckUBw3U8PS2UXCclzuSjAIv9 Xzk9enF/wDZG3ykZVWDwk+2HpkPI6xSv5xnstiGiwMAlSpGi0QkHG5yZr9qaxHN/lvsa jQ3QmLN88iduYzmScwwr9Nzfjj4qXSDMfjaymR2UavKjI0cK2nd7kvKyj9VLOF9M9sJL pwLM80dhBRJnghIQ/MzLVe2WBwDQ/wmqi3l/UihCRqpQZoN8y+A1+vsxoRolfRiO/5Do iZ8TwYCaD5C0yXX1YxUKIBb9zBPVim/RAl3vA9c6BdABkIMYt/u8GeFJg6bBDBkOcEcf SqSg==
X-Gm-Message-State: AJIora/FEZm5NwIlpXWQXVbVlsLpw7rMwCrPxNIuzoiBjTzVq6xNxMNZ Kve7OyslxE0f9ejggtAr9pwR+k9idh91AroYiRY=
X-Google-Smtp-Source: AGRyM1v2rZ0dRR0z8QjRqf7Ikbl0L3oNuQIwMBQAwi8yaDn7J+Xm+aUIcVcG5CQ4p/2vkVCcKb4ap3JNPYOPhScNJCY=
X-Received: by 2002:a05:6a00:1c5c:b0:505:7469:134a with SMTP id s28-20020a056a001c5c00b005057469134amr2984598pfw.16.1655190166856; Tue, 14 Jun 2022 00:02:46 -0700 (PDT)
MIME-Version: 1.0
References: <165297463378.5296.5590170778832486427@ietfa.amsl.com> <BY3PR13MB4787765F9D1BDE157268DE109AD09@BY3PR13MB4787.namprd13.prod.outlook.com> <c388a6a9-b3dc-b92d-d3eb-f2f9b7077a05@cs.tcd.ie>
In-Reply-To: <c388a6a9-b3dc-b92d-d3eb-f2f9b7077a05@cs.tcd.ie>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Tue, 14 Jun 2022 10:02:35 +0300
Message-ID: <CABUE3X=9q4gm7XbOTDrM1zGfZ33Docq8mGm11sR+evN7ZjCf4g@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Haoyu Song <haoyu.song@futurewei.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ippm-ioam-direct-export.all@ietf.org" <draft-ietf-ippm-ioam-direct-export.all@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, Martin Duke <martin.h.duke@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/sF5xGbpGv76tRXLFSqQUbZb0OdE>
Subject: Re: [ippm] Secdir early review of draft-ietf-ippm-ioam-direct-export-07
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 07:02:48 -0000

Dear Stephen,

Many thanks for the comments.

Regarding issue (1), the following text update is proposed:

OLD:
   Forcing DEX, either in synthetic packets or in transit packets may
   overload the receiving entity (or entities).  Since this mechanism
   affects multiple devices along the network path, it potentially
   amplifies the effect on the network bandwidth and on the receiving
   entity's load.
NEW:
   Forcing DEX, either in synthetic packets or in transit packets may
   overload the IOAM nodes and/or the receiving entity (or entities).
   Since this mechanism affects multiple devices along the network
   path, it potentially amplifies the effect on the network bandwidth,
   on the storage of the devices that collect the data, and on the
   receiving entity's load.


Regarding issue (2), we have added a new paragraph to version 08 of
the draft that addresses this issue.

   An attacker may keep track of the information sent in DEX headers as
   a means of reconnaissance.  This form of recon can be mitigated to
   some extent by careful allocation of the Flow ID and Sequence Number
   space, in a way that does not compromise privacy aspects such as
   customer identities.


Please let us know if you have further comments.

Thanks,
Tal.


On Thu, May 19, 2022 at 7:51 PM Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
>
> Hiya,
>
> On 19/05/2022 17:45, Haoyu Song wrote:
> > Hi Stephen,
> >
> > Thanks for the review. Both concerns are valid and the potential DOS
> > attack threat and mitigation are briefly discussed in the security
> > considerations section. The privacy consideration is the same as in
> > draft-ietf-ippm-ioam-data, also similar to that for IPFIX and
> > Netflow. I think here we need to emphasize that all the data
> > collected are network operation related without user private
> > information. The technology is also supposed to be applied in a
> > single managed domain. We can add some discussion on the privacy
> > issue in the next revision.
>
> Good stuff. Just to note though that "without user
> private information" can be very hard to ensure, e.g.
> any combination of IP address and time can be enough
> to cause problems sometimes, e.g. if a collection of
> such records leaks later.
>
> Cheers,
> S.
>
> >
> > Best regards, Haoyu
> >
> > -----Original Message----- From: Stephen Farrell via Datatracker
> > <noreply@ietf.org> Sent: Thursday, May 19, 2022 8:37 AM To:
> > secdir@ietf.org Cc: draft-ietf-ippm-ioam-direct-export.all@ietf.org;
> > ippm@ietf.org Subject: Secdir early review of
> > draft-ietf-ippm-ioam-direct-export-07
> >
> > Reviewer: Stephen Farrell Review result: Has Issues
> >
> > First, apologies for the dramatically late review. I hope this is
> > still useful.
> >
> > I think there are two issues worth considering:
> >
> > 1. The DEX scheme seems to create a potential for DoS based on
> > storage whereas I think prevously only DoS vectors related to traffic
> > were documented in the IAOM drafts. That's based on a quick scan
> > though so I may have missed it being considered.
> >
> > 2. I see no mention at all of privacy in this draft nor in
> > draft-ietf-ippm-ioam-data - I don't understand why that's ok given
> > that privacy leaks from the kind of metadata collected here can be
> > subtle? Or maybe that's in some other draft?
> >
> >
> >