IETF Logo Mail Archive

Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06

Justin Iurman <justin.iurman@uliege.be> Tue, 14 June 2022 08:00 UTC

Return-Path: <justin.iurman@uliege.be>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E606C13C2EA; Tue, 14 Jun 2022 01:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.005
X-Spam-Level:
X-Spam-Status: No, score=-4.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uliege.be
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id buqZDaMKdjlz; Tue, 14 Jun 2022 01:00:28 -0700 (PDT)
Received: from serv108.segi.ulg.ac.be (serv108.segi.ulg.ac.be [139.165.32.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F3B2C13C2E6; Tue, 14 Jun 2022 01:00:23 -0700 (PDT)
Received: from [192.168.1.62] (148.24-240-81.adsl-dyn.isp.belgacom.be [81.240.24.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by serv108.segi.ulg.ac.be (Postfix) with ESMTPSA id 812DE200E1E2; Tue, 14 Jun 2022 10:00:17 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 serv108.segi.ulg.ac.be 812DE200E1E2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uliege.be; s=ulg20190529; t=1655193617; bh=yhMidJPC9miKSMwtuEsIpNUZAgRixR8jmuySFTydH44=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=gtFrhoHeWlIYNUM/uyt16ZMDHYoQYAhavrHlxaxQdwV3QpTM4yiIDKe4ouXguGGRs bnjQ5lMQIBA0xGdEc3TuflViU4TIzsLwjcj8GH33KY/pWZKQdEv2C2wcuIhFjddsyl +RDXXS1x02GXh8dr/7F3CE2TfTY5iuw6MijhWNVorDc1o/e7GlRAWyn+lBJrt9CMBW EUI5boyTyBMuiwsHVfycOnniE7hvEBW2RdIoUx8eJLW5DVc3stZSsTGBb/KkyE8vLq rH1KpgO/143hJH5rKLIyCMHIfbpxVpCMZEeFWrLw+RyH/whokx9E3WOyYj9+QWFCSy cEDShjz6mTmTA==
Message-ID: <bdd2de70-f048-1d88-0ab1-5aa84ec9e8a2@uliege.be>
Date: Tue, 14 Jun 2022 10:00:17 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>, Colin Perkins <csp@csperkins.org>
Cc: tsv-art@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, draft-ietf-ippm-ioam-direct-export.all@ietf.org, IETF IPPM WG <ippm@ietf.org>
References: <163068085282.8497.2281892161766368778@ietfa.amsl.com> <CABUE3XkLEN8k5-t33UAPXiViOBWSs6NEZkPutVkESoWKb8ifXw@mail.gmail.com> <77C2CDAF-5911-4EF8-B841-A7B98653BA77@csperkins.org> <CABUE3Xm45AsskRbg7qG6+=3r_1e5MwkRREuiT5QoHfR1p=-Zkw@mail.gmail.com>
From: Justin Iurman <justin.iurman@uliege.be>
In-Reply-To: <CABUE3Xm45AsskRbg7qG6+=3r_1e5MwkRREuiT5QoHfR1p=-Zkw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/w715SuC8Li5CTMicH29lBgp7CT4>
Subject: Re: [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 08:00:32 -0000

Hi Tal,

I believe the new paragraph should be:

     The integrity of the DEX option can be protected through a mechanism
     of the encapsulating protocol.

Indeed, integrity protection of headers is out of scope regarding 
[I-D.ietf-ippm-ioam-data-integrity]. Only the integrity protection of 
IOAM-Data-Fields is proposed in this draft. And, the DEX Option-Type has 
no IOAM-Data-Fields, per se.

Actually, [I-D.ietf-ippm-ioam-data-integrity] could be applied between 
the IOAM transit nodes and the collector (or entity, whatever it is 
called), once triggered by the DEX Option-Type.

Thanks,
Justin

On 6/14/22 09:17, Tal Mizrahi wrote:
> Dear Colin,
> 
> Thanks again for your review.
> I am revisiting this thread as the draft is in IETF last call.
> 
> I believe most of the comment have already been addressed - see the
> current version of the draft:
> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-flags-08
> 
> There is one comment that is still outstanding, regarding your comment
> about integrity protection. We propose to add the following paragraph
> to the Security Considerations section:
> 
>     The integrity of the DEX option can be protected through
>     a mechanism of the encapsulating protocol, or by incorporating
>     the mechanisms specified in [I-D.ietf-ippm-ioam-data-integrity].
> 
> If there are no further comments, we will include this paragraph in
> the next version of the draft.
> 
> Thanks,
> Tal.
> 
> On Fri, Nov 26, 2021 at 3:40 PM Colin Perkins <csp@csperkins.org> wrote:
>>
>> Hi,
>>
>> Apologies – I realise I’m replying to this very late.
>>
>>> On 4 Oct 2021, at 08:13, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
>>>
>>> Dear Colin,
>>>
>>> Thanks for the feedback.
>>>
>>> Please see below a comment and a question regarding your feedback.
>>>
>>>
>>> On Fri, Sep 3, 2021 at 5:54 PM Colin Perkins via Datatracker
>>> <noreply@ietf.org> wrote:
>>> [snip]
>>>
>>>> It may be worth considering to require the exporting mechanism to perform an
>>>> authenticated handshake with the destination to which it will export data, to
>>>> gain explicit consent to export the data to that destination, before starting
>>>> to send exported data.
>>>
>>> [TM] The point is well-taken. The following text edit is proposed,
>>> borrowing some of the text from your comment:
>>> OLD:
>>>    Although the exporting method is not within the scope of this
>>>    document, any exporting method MUST secure the exported data from the
>>>    IOAM node to the receiving entity.  Specifically, an IOAM node that
>>>    performs DEX exporting MUST send the exported data to a pre-
>>>    configured trusted receiving entity.
>>> NEW:
>>>    Although the exporting method is not within the scope of this
>>>    document, any exporting method MUST secure the exported data from the
>>>    IOAM node to the receiving entity.  Specifically, an IOAM node that
>>>    performs DEX exporting MUST send the exported data to a pre-
>>>    configured trusted receiving entity. Furthermore, an IOAM node
>>>    MUST gain explicit consent to export data to a receiving entity before
>>>    starting to send exported data.
>>
>> Something like that would seem appropriate.
>>
>>>> It may also be worth considering to add authentication
>>>> of IOAM DEX triggers, to ensure they come from a known and trusted source,
>>>> before acting on export requests.
>>>>
>>>
>>> [TM] Can you please clarify what you mean by "add authentication of
>>> IOAM DEX triggers"? What is the threat that you have in mind?
>>
>>
>> As the security considerations section notes, there’s a risk that an attackers could inject a spoof packet containing an export trigger. One way to prevent that would be to use a digital signature to authenticate the trigger messages as being from an authorised source. Maybe the larger IOAM framework already includes this, or a discussion of why it’s not appropriate, in which case it’s sufficient to add a (clearer) reference to that discussion. But if not, then the draft could usefully either add that, or add some discussion about why it’s not needed/appropriate.
>>
>> --
>> Colin Perkins
>> https://csperkins.org/
>>
>>
>>
>>
> 
> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm

v2.20.0 | Report a Bug | By Email