Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

"Hamilton, Robert" <RHamilton@cas.org> Fri, 02 July 2021 19:12 UTC

Return-Path: <RHamilton@cas.org>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B326D3A296B; Fri, 2 Jul 2021 12:12:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cas.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8FCBrabmTDn; Fri, 2 Jul 2021 12:12:43 -0700 (PDT)
Received: from esa3.hc2953-94.iphmx.com (esa3.hc2953-94.iphmx.com [216.71.152.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7226B3A2969; Fri, 2 Jul 2021 12:12:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cas.org; i=@cas.org; q=dns/txt; s=CASCMH20200214; t=1625253163; x=1656789163; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version:content-transfer-encoding; bh=RETK0qR0rHbqChRvo1DWJIZafc2qYQg11emimb3EthU=; b=co0mH8sfQtVpMsrHmdSUxec3G5AGvp6T6TyJdVIr4pdL+adyugw2+wxw 6QxSxShPtzj0PTu6GVdDqwUGtF2nhGtgjq+Vp1CxxrCaBNKVIewyy/lQI yvVqSsAR0wQ25iC+4eVnw7ZTftEAQxNWk2+ImP6p3UykNjGZxG/tPpxmJ Dsw9MMIbhEDim2AvzSJPlEKT1O6WFXsjUFeLklPH9xRBo5uoCwJJXHEL4 KKEU1ftsmjoO4tWbWPFYL7r12qA/ylJHMUaMlVCaFxfp36u9Q3dg6kIP1 XDSB68vmfgHurPMZ2QXEx43ITt4hURlcR3hrSzMfgoOn9b81cY33ftsN8 g==;
IronPort-SDR: UjJHlzCbtcE6wMeJGrNUpGwC+carKrWY78js9KyCc8ARiGdT31crSUD36OTIwjA0ay+za/5ct9 p9HC2weOicQuxDN+4axnT/C913laFzW3jU5RbtTt2Lok9kLQaRgANrHzpDZWqXteM41pjobaYa pRF6ADlpeEj2nwfkjMgTPv1IWdTgfsRbIGtwWVnVjso0RKlqQ/+8Psfad0UwN4uR+iJr7Vnppp p/qpJJOAcp8lKqS2OOG315MirW8ij9AW9WgpNY+oMbtRXW5YFzcTfDP80HSpgfpF7hbe6e+0zh HAA=
X-IronPort-AV: E=Sophos;i="5.83,319,1616439600"; d="scan'208";a="11747342"
Received: from unknown (HELO prod-ws-183.acs.org) ([134.243.49.22]) by esa3.hc2953-94.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 03 Jul 2021 00:12:42 +0500
Received: from prod-ws-183.acs.org (134.243.49.22) by prod-ws-183.acs.org (134.243.49.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 2 Jul 2021 15:12:40 -0400
Received: from prod-ws-183.acs.org ([134.243.49.22]) by prod-ws-183.acs.org ([134.243.49.22]) with mapi id 15.01.2176.012; Fri, 2 Jul 2021 15:12:40 -0400
From: "Hamilton, Robert" <RHamilton@cas.org>
To: IETF IPPM WG <ippm@ietf.org>
CC: "draft-elkins-ippm-encrypted-pdmv2@ietf.org" <draft-elkins-ippm-encrypted-pdmv2@ietf.org>, "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
Thread-Topic: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
Thread-Index: AQHXb040QA3F7ZNUlE6WR9CLg0wfr6sv0gYQ
Date: Fri, 2 Jul 2021 19:12:40 +0000
Message-ID: <b91ddfb8d6014d7abf41e0d34971fe5e@cas.org>
References: <162256330634.19677.3885804345914692467@ietfa.amsl.com> <28584824.2341925.1622563579715@mail.yahoo.com> <721002155.671981.1625161479360@mail.yahoo.com> <eeaf7db6b5af4ef79bb51a543ab728df@huawei.com>
In-Reply-To: <eeaf7db6b5af4ef79bb51a543ab728df@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.16.197.52]
x-tm-as-product-ver: SMEX-12.5.0.1300-8.6.1018-26254.005
x-tm-as-result: No-5.812200-8.000000-10
x-tmase-matchedrid: yebcs53SkkBor4mPA3EMthvgzEPRJaDEKQNhMboqZloTiSW9r3PknItp XG+2w3nsB8yoLeoM1C/vCTxze8vC3qXjenXBLrvQPQ3inbIpFqwbTwzYj2zQup0C6WJNXTpiTxS ugU04ans8pGz+gshLUbE/5ZNwVcb1ksU6ZmyQL2cXK/dRaOWlvSV+qZSXcpzVGUs9b7xvtJpZ2f A830NFPzQykqUyKobM4jOZR61LNhm4BZkcvnCRaiA64TWjSz46G0Oe0T+pTlFE6qvV2uOcuZD2y 7vOr03QmqLDlr+ysJVmXpgxkUUYr6gvFkdUGY78HWRJEfGP5nkyMSm+IFrbLoPknwqNs7RrwvSz AKF8EHz1AidiXMKipM+g2lIyJEw0X9qDeSBmwI7M1jffIgQXhr+bXcGnGRJ6hgn72LMkncruE29 tULrApkUWuNOlf2MMMzuS/5N1FAvqlw28+hncZ/X3U1DOEZGvi+TAnPnbtthfA5bZHmtHYuPhs1 7991vReR3niegaOQ+aJifgZi7hpTWF47wXLh57mvnKSb020hxceVBIhfwO9Qdg22sPhpJkI8OJr PfGRF3+SI+KiYdOfdHklQugsTFLFlYt1Z1mYPnlCjTeYR3AAUxBQtM1e2ykRqYP52QLif0+mQtb FHEhD2HSDgtTYCJRONaoQjl1t3StJcEwnMPXD0eDFB84OAUAIvxYPZVM6SVjjMm9SMavFdGVQrn ZJqIeCF6HAUD7XOJ0oqI7l3chk0CEmbq715edrKAvSPiudyEO8pJojG7qSnjwkzrYHfhDy/Y4v+ Jp8Xdr74GGfS5LnC8cRwTHQ3O6JtkF7aIhkRyeAiCmPx4NwFkMvWAuahr83jNPYpPa42wqtq5d3 cxkNVP24dQnyfKKXIvgEPdyelw2/9zoJfgnz71HI261uca+t9bXNC1m/aLAvpLE+mvX8g==
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--5.812200-8.000000
x-tmase-version: SMEX-12.5.0.1300-8.6.1018-26254.005
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/xJ_PubIUYFmQSRbBz0yIzkMYaCY>
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 19:12:49 -0000

Paolo:

I'm particularly interested in PDM for helping with Enterprise Extender connections. Since we  are using the internet for these connections we are subject to the vagaries of ISP traffic management and outages on multiple continents. It's not just multinational companies that could make good use of this protocol, but any companies with business partners with whom they require reliable internet connectivity. In those cases I expect the end-node encryption is a relatively smaller portion of the total packet transmission time.

I don't want to slow down the PDM implementation, and in general I think the encryption is a good idea. Encryption is fast on this platform, but to my knowledge it doesn't do HPKE. I've just looked through the RFE site and haven't seen any asking for HPKE support.

Getting good value from PDM requires that destination headers be passed reliably from end to end. We probably have to lobby for that first, good extension header handling network-wide. I'll be happy when I see PDM headers show up in my Policy Agent logs.

R;


Rob Hamilton
Infrastructure Engineer
Chemical Abstracts Service

-----Original Message-----
From: ippm <ippm-bounces@ietf.org> On Behalf Of Paolo Volpato
Sent: Friday, July 2, 2021 10:26 AM
To: nalini.elkins@insidethestack.com
Cc: draft-elkins-ippm-encrypted-pdmv2@ietf.org; IETF IPPM WG <ippm@ietf.org>
Subject: [EXT] Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

[Actual Sender is ippm-bounces@ietf.org]

Hi Nalini,

Thanks for advising.

I have a couple of general questions.

At a first glance, it seems to me that PDMv2 is expected to be used mainly in the enterprise domain. Is it so? 
Do you have any thoughts on what may happen if e.g. a multinational company runs the protocol over multiple external backbones where the IPv6 extension headers (in general, not necessarily just the destination options header) may not be handled? Does this represent a serious issue?

Also,  I assume that PDMv2 is mainly used by end stations (e.g. hosts instead of routers). If this is the case, then I don’t expect that the performance degradation due to encryption is a serious issue. Do you see other different cases where instead degradation may be a concern?

Regards
Paolo

-----Original Message-----
From: ippm [mailto:ippm-bounces@ietf.org] On Behalf Of nalini.elkins@insidethestack.com
Sent: Thursday, July 1, 2021 7:45 PM
To: IETF IPPM WG <ippm@ietf.org>
Cc: draft-elkins-ippm-encrypted-pdmv2@ietf.org
Subject: Re: [ippm] Fw: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt

IPPM,

Please do take a look at this draft.

I think that iOAM will need encryption as well.   We have spent quite a bit of time thinking over these issues.  We even have 2 cryptographers from Italy involved as co-authors.   I want to do a side meeting where we can have quite a bit more time to discuss this but would love to have comments from the group on the list.

I am very reluctant to push PDM out to the wider world without encryption.  I feel that we will become the attacker's best friend.
We have modified the Linux kernel to include PDM but as I say, without encryption, we do not wish to release.


Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=ae63ba6f-614c-40c5-9a6d-dbc4bc0fbb82&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-117b9ada8970552b00544efe952da754c5c92078
(831) 659-8360






On Tuesday, June 1, 2021, 09:06:39 AM PDT, nalini.elkins@insidethestack.com <nalini.elkins@insidethestack.com> wrote: 





Hello IPPMers!

We have just posted a new draft to encrypt PDM data.   We feel that this is an important feature to add before promoting widespread adoption of PDM.

We would appreciate any thoughts or comments from the group.

Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.insidethestack.com&umid=ae63ba6f-614c-40c5-9a6d-dbc4bc0fbb82&auth=3c97381e9a30865a1a3f3ad58750d85b2b059558-117b9ada8970552b00544efe952da754c5c92078
(831) 659-8360






----- Forwarded Message -----

From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
To: mackermann@bcbsm.com <mackermann@bcbsm.com>om>; Adnan Rashid <adnan.rashid@unifi.it>it>; Ameya Deshpande <ameyanrd@gmail.com>om>; Michael Ackermann <mackermann@bcbsm.com>om>; Nalini Elkins <nalini.elkins@insidethestack.com>om>; Tommaso Pecorella <tommaso.pecorella@unifi.it>
Sent: Tuesday, June 1, 2021, 12:01:47 PM EDT
Subject: New Version Notification for draft-elkins-ippm-encrypted-pdmv2-00.txt



A new version of I-D, draft-elkins-ippm-encrypted-pdmv2-00.txt
has been successfully submitted by Nalini Elkins and posted to the IETF repository.

Name:        draft-elkins-ippm-encrypted-pdmv2
Revision:    00
Title:        Encrypted IPv6 Performance and Diagnostic Metrics Version 2 (EPDMv2) Destination Option Document date:    2021-06-01
Group:        Individual Submission
Pages:        16
URL:            https://www.ietf.org/archive/id/draft-elkins-ippm-encrypted-pdmv2-00.txt
Status:        https://datatracker.ietf.org/doc/draft-elkins-ippm-encrypted-pdmv2/
Htmlized:      https://datatracker.ietf.org/doc/html/draft-elkins-ippm-encrypted-pdmv2


Abstract:
  RFC8250 describes an optional Destination Option (DO) header embedded
  in each packet to provide sequence numbers and timing information as
  a basis for measurements.  As this data is sent in clear- text, this
  may create an opportunity for malicious actors to get information for
  subsequent attacks.  This document defines PDMv2 which has a
  lightweight handshake (registration procedure) and encryption to
  secure this data.  Additional performance metrics which may be of use
  are also defined.

                                                                                  


The IETF Secretariat




_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm
_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm
Confidentiality Notice: This electronic message transmission, including any attachment(s), may contain confidential, proprietary, or privileged information from CAS, a division of the American Chemical Society ("ACS"). If you have received this transmission in error, be advised that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. Please destroy all copies of the message and contact the sender immediately by either replying to this message or calling 614-447-3600.