Re: [ippm] Kathleen Moriarty's No Objection on draft-ietf-ippm-6man-pdm-option-09: (with COMMENT)
Nalini J Elkins <nalini.elkins@insidethestack.com> Mon, 22 May 2017 15:53 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C2012EB00 for <ippm@ietfa.amsl.com>; Mon, 22 May 2017 08:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.111
X-Spam-Level: ***
X-Spam-Status: No, score=3.111 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FORGED_MUA_MOZILLA=2.309, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42Xgt1ipjbxZ for <ippm@ietfa.amsl.com>; Mon, 22 May 2017 08:53:53 -0700 (PDT)
Received: from sonic304-31.consmr.mail.gq1.yahoo.com (sonic304-31.consmr.mail.gq1.yahoo.com [98.137.68.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36BED12EAFF for <ippm@ietf.org>; Mon, 22 May 2017 08:53:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1495468431; bh=e2Jjr1YExLLqXhxacDoPr6xxxu/EJs5iqMxCnEtAv5I=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=GF9svqUvAe6593nm6xxUXf497gHpcvdkOuedmAH3X/l98ExD6XQnj+aeJV0VfBWtcIN/QSJuTAF3c9SicE6Irx/OQ8hJ4kzHJWsh1hz1rAwnM95JD74rLoEqSTWdC4DHq7p7kv5jIylvybhOx8fYwdUP6wsv3OvqUi6/F6ppwU2Az+vXDsxkPI5kiFuRRou7WZjpgQHV/8SXs/CyKMB/Ri5sMyz+yqAsoymCleoyvr8w5BUowE0bPJTpGwvxXDDbLgZwk+u+/ylRJCw8iMWw/QAz9ss1prvn76GVmVpGg2thJttNSIsihwhOXvlDYYGBIXj1TvUk9h7jO8nPMERZ1w==
X-YMail-OSG: 8PaifAsVM1lR_ckQte8R3aV9ZJxvxW_eUR4oa2Hw3ohHb41XLm8puQNZovyRmPb BARLI2.QgnnYEyqeTZZOWJFkxkj9Ow4nN6mv2oext6xGavqgTxIjMLevxxCwTsiiyATVWFjilJnF y5AHvLBBGHTmJDtnmMzdC8fLVwY0_GG3H217hGKz_Bvc29I6oWN9nvIi39W8IOgKaGiz7aP_c6Km cZBVI24OkKBh2XpiEgbAn9Hee_SYseMcSj0aMInydd0N6_nNKa9IHF0cFunnS2j3FNEY3exQtc3M eiRL51kQY8Zjfs7S70owG0mbdKPRHU4mq1Ju..hNmLswxM.nphixaXjne7d1L_bKSGLnkeeNEgGY A7tBSkR6utf_rSeBXBuPHxjHUI8KVnUELzCz_FaVLKjsLt5w3SPAKf7lDsFmhYKIS0LXUwaiAHtm RYlYx85cVB5QAPVcp1__avqjq6KhxdDjDWGzo4CH.GI2JlN8Wrgo850tg4JeN56moycEpuHqwTlV ReH512ZGuo.kw4Ig_dGn5XO.Rv.gL7YWxf39lQTlBZh9Xt.XpKPOeThZeU8V5toqaRCuxE3HIoEK j4181_GV8fJpkGCKRErOQ_iJb
Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.gq1.yahoo.com with HTTP; Mon, 22 May 2017 15:53:51 +0000
Date: Mon, 22 May 2017 15:53:50 +0000
From: Nalini J Elkins <nalini.elkins@insidethestack.com>
Reply-To: Nalini J Elkins <nalini.elkins@insidethestack.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: "draft-ietf-ippm-6man-pdm-option@ietf.org" <draft-ietf-ippm-6man-pdm-option@ietf.org>, Al Morton <acmorton@att.com>, Bill Cerveny <ietf@wjcerveny.com>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
Message-ID: <1204178987.1519503.1495468430679@mail.yahoo.com>
In-Reply-To: <149192747464.15682.3691319250872731449.idtracker@ietfa.amsl.com>
References: <149192747464.15682.3691319250872731449.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1519502_1559434566.1495468430675"
X-Mailer: WebService/1.1.9679 YahooMailNeo Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/uT4t3uKl_m0P-eZmzXvFYQzyFU4>
Subject: Re: [ippm] Kathleen Moriarty's No Objection on draft-ietf-ippm-6man-pdm-option-09: (with COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 15:53:55 -0000
> Kathleen Moriarty has entered the following ballot position for draft-ietf-ippm-6man-pdm-option-09: No Objection > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. > The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ippm-6man-pdm-option/ >---------------------------------------------------------------------- >COMMENT: > ---------------------------------------------------------------------- > I support Warren's discuss and comments and have a few additional comments to add. >Kind of related to Warren's discuss, I kept looking for a limitation to >the scope for this work in the draft and didn't get to one until the end >of the security considerations section. The text there wasn't quite >clear enough for me. It seems that this might only be used for small >periods of time while troubleshooting, is that correct? It also seems >like this has to be end-to-end, is that right? And if it does need to be >end-to-end, is the user aware of this troubleshooting so that they are >not sending traffic that contains sensitive data that should remain >confidential (security or privacy implications may also exist if this is >not the case). >If the scope were limited, I would not have as many security concerns. >Network reconnaissance may or may not be an issue. I don't think it is, >but I need to better understand the scope of use for this option. We have added wording on the "Consent to be Measured" as a responseto Warren's comments. Please let me know if that addresses yourconcerns. In Section 4.4 An implementation may want to be sure that PDM is enabled only for certain ip addresses, or only for some ports. Additionally, the implementation SHOULD require an explicit restart of monitoring after a certain time period (for example for 1 hour), to make sure that PDM is not accidentally left on after debugging has been done etc. Even so, if using PDM, a user "Consent to be Measured" SHOULD be a pre-requisite for using PDM. Consent is common in enterprises and with some subscription services. The actual content of "Consent to be Measured" will differ by site but it SHOULD make clear that the traffic is being measured for quality of service and to assist in diagnostics as well as to make clear that there may be potential risks of certain vulnerabilities if the traffic is captured during a diagnostic session Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. www.insidethestack.com (831) 659-8360
- [ippm] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [ippm] Kathleen Moriarty's No Objection on dr… Spencer Dawkins at IETF
- Re: [ippm] Kathleen Moriarty's No Objection on dr… Nalini J Elkins