Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

"nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com> Fri, 02 July 2021 14:13 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 422CE3A1FFD for <ippm@ietfa.amsl.com>; Fri, 2 Jul 2021 07:13:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2tX9CAhzCMXz for <ippm@ietfa.amsl.com>; Fri, 2 Jul 2021 07:13:51 -0700 (PDT)
Received: from sonic316-26.consmr.mail.ne1.yahoo.com (sonic316-26.consmr.mail.ne1.yahoo.com [66.163.187.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50FF03A1FFB for <ippm@ietf.org>; Fri, 2 Jul 2021 07:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1625235229; bh=r589wtsc/roELJ9TJfSZrV5u+lZzCjXh5avTojY6Kx4=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject:Reply-To; b=VnF7qV1WkuTGcBusN24FvIqnMKIDEBTckcW7/HlM/lQriOHqnEyqZ34nzR+GhDtQVLB1NrNFKXpC0Y6qVgDKUtM+icamwTxpvBrSW18/pjHMN4HT1RNmYo+woUJx3v+RPEpKrxHtc7tkrwO3knVyONDDx4IylzgwcI38q2zC/kLB82bARxCr2lPaQRrc6zIWaiGbvfCIK4M1A4wd9732YoihOzmiVx2BcaqnDr/YyBd8THSK4OyYEt2+SuE7Hv6F6kb6NfHilNhckkjVobQyI5lETmdPUfV2dFKQ0MIXjNN2spq2qQA0YtvKWyrCgRDBIv+6kF1Kyrg9+TdvkH/Q/g==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1625235229; bh=DZW7lVsgWPJ3JlZTwR7kiBwJqoVFnj2viIxa9/QRizl=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=uK68v5mnVmqcKcUQ6BwzP2n8/0fBZ67n8gO+CEISN8JBBXKT/3Jv3ZCgiuYU2FjRVCYiirnB4vAupZ8qIMgDpmS+cMP2vH8hqrlZ71w8Tx/x2LU+e4twqqyPZ6VTaab0iZQa00n3hl7g4Jed9vtPWO+7TwJpzyQt3Sd1xtZy5g/FQGDyhsJ807L1WEWIEZ5jfSRbfwnH6r1yyz+wb1AteECIFdZWMb/rm6nj3DrUQLErYvefQ9RTp3iwO1mq1wni27KQ5Quk7/8foyh/LqpLtmCfNF7F3Hs48Six/xqUlmas0eFAe+ygLUcnDndlgEYG7dTP6DptsCFIO7Iycy3jYg==
X-YMail-OSG: pKdti80VM1kno6Eu9pjq_6PwNyqEAefaNbMWVzxEGn0qQVPOPWhN1Cznsrkldnn e.XW7ifmNbqWU5.r0OAWyC9TE9811f6.MaXji6sAcl_JJ7N32BNvYgEPEuqbtfLsRRDDpzP26EpN tDmIF.gcHVwgz17J4KeLyxZ_7JdPxJhmo_IIVUfGdu5v.HbW7ClblVwiVxR1LIuu6h_q8eEYwEsj EKxQ7Q.7wuFHYOc3M_R.VmnNPg4f1gVar7ibRIVBLYQy3RJDdIdfIg2aWdpeqlxBaefI23sWNb_I 39urtpduCjOGGabOQQD8BpTm_bGqQpWz0os5fbldVdEY3Hcec3orKMG7PIt4XLWCvP_OuPGMeXN6 JwgNtWaRjQDcQ.qeUft_0SqDoDzGTGiOLY1yOyuJOcai4Mt5xzgR4mIMHsahRWO8kjy2SiHX9Yy6 wKFikt4fJKX5UKDw3AVadDR9MEOtuKvLwSQNG1S5VzPH9sGuhE99ZJBTwt7BShY8f4oUpmnAczz4 Cc4K5qQXDK1W6uCosrjP7T9In3pb2HYcTp5RZBAeFhx5NZa4w2U_mIhSEnYhv4mpTW_6KsiLuy8Y eaZ86eapV03UZIHaTfJRgP.3wFL7jta8UACSL5A.IGHicjS6j8rW6bdmQm_jfnX2PshGwui25Kv2 JpwieQA4raWXwjDXf61StxGg0kB_IFJ.92wPcBS5A1QkUUR8heN_PbXk1ENDL9nn2eUfaYyELFsf 93S5cCey7vWZKj70rAckNJ1aj4I0cM93jAgxwVBh6zKTGna.ofQMcEcS6IZYVt.6akyxBrX8QCgB xlR3.23yWjZi7TtWiWDf.xNdJ4sJP1quQ8zoP5I2w1Z386coMmPBJyJx.LTEeSmA__IMQBbiXyQC GJBxX.hYFfb02Z1hMgdqKS9tx_U_3QMtM4zYMhsXFrAAsOb.lx9inWkSBrzN67x1mfWm2W.rxR_U 6_26203M7r9xG4478lcTLw63flh.s.mX148ZAQkJEHD3UgNLHSRgYv1GOFohP.omTErx.nfoSsYG 1oNy6l49chhmS_P9yG2oQVVNU.cJZvzVyXbCUOV20PzBr.Z.._IAq5ZTGmlcY45YeuyZGnKcj.h4 LTra2oLYMsxSUnfH.2XpBzIFbPOaAP2KHle7uYcEtHPWdrlVPHZqYDGaFT_0b2ZC.Tm3AmVa7P6u jsg.rq55uCpOWymts.WlTshvPF25hQLB37BfMeGD7L.NWiC6ZYAJ79mB5cJdb.rZxQfeTXlKH4_I q6rOvILb8xLM_7K.jYC6tTH7txuy2x.K0OmKGRglmDl1_f8NqxnhqK96La68REQ9AT0GI2ajlf3O nhx6HbWCHlY1V64gCTCx2eooe4rwuRRLZJ1M9ufhdDCL.Z2unu9L5POjikCO_r4F4E5XoaU1Pa6U Pw8IlGn8T7or1MnovlXlQlupuUr4Yfatbrw45pl_E4ADFy2U2aHWW0.slgh5d4x98vSVQemHN69d 2XbZNTQTz1Beh1ahs2gGZXZsfHXt8oDofh0TdgPjqbWur_MRm6HYjjrq6ZpX6SSP.uOH0KNzmMae 5KB6DkT4f0dW1voVqq.xmmOSU2Rrt0njcMuMvDhztZp.WsK5JYcTo8.YooD7Ne9lnsdTuMwveG9x S.tO0XFJh58BzmGavBJKuqgsTZ2hJmicFZpeEg62vkGBbTPf45JHydVK6CGse7GeyKk11vVtN41k SMdBBE.A0k2d4g0tgDKbLv19AZw3iEKXhWtOBMcPs.pttEy3.4y21_uSdtQZUuGLpfSkBkCiBZ6H VnSn7ZSZGY0UfLZb.uOKu7SkVgFEXCWTMztOPWv5RbPkATRkKms3J7m1tIT6ways0hUfX_Av7zFF wIiMGRblO8lK71Ud7BBu_exsdsA7jH.dwLihiVKRAOMW27GyXDnII0R98NspqW0u_Mj8Hu8UAopP p63tqExRPpwByJm8M38s.ZDIqqPDM_9_dq7f5GRnAtnyCtGUd3VOPJp5HRQVRsY76mxXMI092mV6 3I8ourvKRw72qxIqBxHsKbyzm.vf76WIl0hDiaFDKKdjdY1pN0dWEjQ2GhxQ6LdUYan0gP2NZMKu HanjmtiX8zHJrariC0j989Lpk6bFpHeaArFkD1GiA88AjKTaNUjLLS3YsTA38CrDHKS3hpmLp9XP oaTeUo9RS0Qkijm3OkS7vyYEkVb4KNAFoebDgIcDupdPdVx1bTyvHe4ZuwGUtfV8U3XIS4pGENxg hD1S4AUVn.JGJ8E3t4GhHlfle85D2yHCDOEBdZzX2EHYz63rxdzAN5aOnAcOwY8asEudQh6dNZGH R2NFMUKPYnaactjpkpXmDfTDJjxDPj4KYcYJJP9zklSO1m2O4PuxOCruV6KzsUXsYiEbO7AVTt2a WyBzDTL9tGu1YLIbUWIggB3vTb.sBsI7Jo2FAPHhdZSqyKwphFQHY.OI6Z7z9_b40oDxx.PstI1b XKgftAetJZOFt2E6iL2RlVT7eETq2iJtpCoFvq3z9v3dJSNJt.tDr8qvR7dJMc1R45cc_VevYpvD eWKUgGkJkDeq30MoRSV2L_bYqJDA.cL6L7nEK6LCf3EfFZ21ddcwatqiQ.7QATS9Qzbimb3qN53Z YNMrRbEQ4q_GkHA--
X-Sonic-MF: <nalini.elkins@insidethestack.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Fri, 2 Jul 2021 14:13:49 +0000
Date: Fri, 2 Jul 2021 14:13:43 +0000 (UTC)
From: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
To: "ippm@ietf.org" <ippm@ietf.org>, "Hamilton, Robert" <RHamilton=40cas.org@dmarc.ietf.org>
Message-ID: <957929206.970072.1625235223518@mail.yahoo.com>
In-Reply-To: <c0651506a3fb437c9300b1fc14206560@cas.org>
References: <162256330634.19677.3885804345914692467@ietfa.amsl.com> <28584824.2341925.1622563579715@mail.yahoo.com> <721002155.671981.1625161479360@mail.yahoo.com> <c0651506a3fb437c9300b1fc14206560@cas.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_970071_1430228484.1625235223512"
X-Mailer: WebService/1.1.18469 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/tkRXljIKFSs8fDmv5QB_YCdyH7w>
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 14:13:56 -0000

Rob,
Our cryptographers are working on a full answer to your question.  I will be back to you with that.
But, this is a very complex area and is actually why I will be scheduling a side meeting (once I am able to do it!) so that we can talk over all these issues in detail and with enough time to discuss.
Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360 

    On Thursday, July 1, 2021, 02:05:31 PM PDT, Hamilton, Robert <rhamilton=40cas.org@dmarc.ietf.org> wrote:  
 
 I am interested in the encryption of the PDM header, just because I've done symmetric-key encryption with pseudorandom numbers and pseudorandom obfuscation algorithms for key management. I see that we are interested in using HPKE. I have just a few concerns:

 - The latest HPKE draft expired just last week. That means it's some time before general implementation. I'm a mainframer, mostly, so I suspect that makes it even longer before I'll see implementation for _production_ use. Further, I don't want the implementation of PDM in more secure environments delayed because of encryption-method concerns.

 - When we generate the PDM structure and determine the timing, we want that to be as close to the wire as possible. The PDM timing was very granular, so this will add a variable amount of time to the time the packet is determined to be spending in transmission; the encryption delay is now part of the transmission time.

Still reviewing; I'll be back with more thoughts.

R;


Rob Hamilton
Infrastructure Engineer
Chemical Abstracts Service

-----Original Message-----
From: ippm <ippm-bounces@ietf.org> On Behalf Of nalini.elkins@insidethestack.com
Sent: Thursday, July 1, 2021 1:45 PM
To: IETF IPPM WG <ippm@ietf.org>
Cc: draft-elkins-ippm-encrypted-pdmv2@ietf.org
Subject: [EXT] Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

[Actual Sender is ippm-bounces@ietf.org]

IPPM,

Please do take a look at this draft.

I think that iOAM will need encryption as well.   We have spent quite a bit of time thinking over these issues.  We even have 2 cryptographers from Italy involved as co-authors.   I want to do a side meeting where we can have quite a bit more time to discuss this but would love to have comments from the group on the list.

I am very reluctant to push PDM out to the wider world without encryption.  I feel that we will become the attacker's best friend.
We have modified the Linux kernel to include PDM but as I say, without encryption, we do not wish to release.


Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=61654d20-9615-453c-80b2-c06c82268e9d&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-86a3cb083390e2163fd0daaf45646c2a55adf702
(831) 659-8360






On Tuesday, June 1, 2021, 09:06:39 AM PDT, nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote: 





Hello IPPMers!

We have just posted a new draft to encrypt PDM data.   We feel that this is an important feature to add before promoting widespread adoption of PDM.

We would appreciate any thoughts or comments from the group.

Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=61654d20-9615-453c-80b2-c06c82268e9d&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-86a3cb083390e2163fd0daaf45646c2a55adf702
(831) 659-8360






----- Forwarded Message -----

From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
To: mackermann@bcbsm.com <mackermann@bcbsm.com>om>; Adnan Rashid <adnan.rashid@unifi.it>it>; Ameya Deshpande <ameyanrd@gmail.com>om>; Michael Ackermann <mackermann@bcbsm.com>om>; Nalini Elkins <nalini.elkins@insidethestack.com>om>; Tommaso Pecorella <tommaso.pecorella@unifi.it>
Sent: Tuesday, June 1, 2021, 12:01:47 PM EDT
Subject: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt



A new version of I-D, draft-elkins-ippm-encrypted-pdmv2-00.txt
has been successfully submitted by Nalini Elkins and posted to the
IETF repository.

Name:        draft-elkins-ippm-encrypted-pdmv2
Revision:    00
Title:        Encrypted IPv6 Performance and Diagnostic Metrics Version 2 (EPDMv2) Destination Option
Document date:    2021-06-01
Group:        Individual Submission
Pages:        16
URL:            https://www.ietf.org/archive/id/draft-elkins-ippm-encrypted-pdmv2-00.txt
Status:        https://datatracker.ietf.org/doc/draft-elkins-ippm-encrypted-pdmv2/
Htmlized:      https://datatracker.ietf.org/doc/html/draft-elkins-ippm-encrypted-pdmv2


Abstract:
  RFC8250 describes an optional Destination Option (DO) header embedded
  in each packet to provide sequence numbers and timing information as
  a basis for measurements.  As this data is sent in clear- text, this
  may create an opportunity for malicious actors to get information for
  subsequent attacks.  This document defines PDMv2 which has a
  lightweight handshake (registration procedure) and encryption to
  secure this data.  Additional performance metrics which may be of use
  are also defined.

                                                                                  


The IETF Secretariat




_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm
Confidentiality Notice: This electronic message transmission, including any attachment(s), may contain confidential, proprietary, or privileged information from CAS, a division of the American Chemical Society ("ACS"). If you have received this transmission in error, be advised that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. Please destroy all copies of the message and contact the sender immediately by either replying to this message or calling 614-447-3600.
_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm