IETF Logo Mail Archive

Re: [ippm] Secdir last call review of draft-ietf-ippm-stamp-on-lag-05

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Thu, 21 December 2023 00:03 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72261C18FCD5; Wed, 20 Dec 2023 16:03:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.905
X-Spam-Level:
X-Spam-Status: No, score=-11.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tfqe_kKnuvo0; Wed, 20 Dec 2023 16:03:37 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7ADDC18412B; Wed, 20 Dec 2023 16:03:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=13964; q=dns/txt; s=iport; t=1703117016; x=1704326616; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=S+bVkzIsv2nf/+tM2Il5IRLe95vSBIyg/rSWUMkOMis=; b=XXMrLGJ4gKAJLDxyNUw/Rqn/Pz1QYFuV7bYzVINCCECOj7CKVymTTn/D w1Yv4YLa7Ym1aXw3fh821/s2KbuG10Ta4ClJRODzzjx5YTRvhCwZ2k2+e 2R8bGgszpLuSWbmXPCtkSWnC2E0c3MJmoAveTpXEvYxGF86BkaEYH/g1l M=;
X-CSE-ConnectionGUID: KPs+xRYuSjm+Y2vgjvQ39Q==
X-CSE-MsgGUID: zd4xgoBnTwSbSKNlrB22Xw==
X-IPAS-Result: A0AUAADMf4NlmJFdJa1aHQEBAQEJARIBBQUBZYEWCAELAYE1MVJ6AoEVSIRSg0wDhE5fiGcDlzE5gTiEXxSBEQNWDwEBAQ0BAUQEAQGFBgIWhx0CJjQJDgECBAEBAQEDAgMBAQEBAQEBAQYBAQUBAQECAQcFFAEBAQEBAQEBHhkFDhAnhXmGRQEBAQEDEhFIDgwEAgEIEQMBAQEoAwICAjAUCQgCBAENBQgagl4BghdIAwFVoD4BgUACiih6gTKBAYIVBbJ7gUgBiBoBgU4BAYYfgjMnG4INgRVCgmg+hAVAHhaDJTmCLwSGUYIDFS4HMoEJEIEEg1CDdIFjjCFbIkZwGwMHA38PKwcEMBsHBgkUGBUjBlAEKCEJExJAgV2BUgp+Pw8OEYI+IgIHNjYZSIJaFQY7BEZ1ECoEFBeBBwgEahsSHjcREAUSDQMIdB0CMjwDBQMEMwoSDQshBRRCA0IGSQsDAhoFAwMEgTAFDRwCEBoGDCcDAxJJAhAUAzsDAwYDCjEDMFVEDE8DaR8yCTwPDBoCGx4NJyMCLEIDEQUQAhYDJBYENBEJCygDLAY4AhIMBgYJXiYWCQQnAwgEA1QDI3YRAwQKAxQHCwdeAwkDHAsDRB1AAwttPRQhBg4bBQRkWQWhdYMLawZZBAcBA3MCLi8ZGGMBFAQOLpZEixOjOgqEEZsjhiUXqSdkmEwgqBYCBAIEBQIOAQEGgTIxOoFbcBWDIlIZD445k1h2OwIHAQoBAQMJimIBAQ
IronPort-PHdr: A9a23:mYTfrhe1L84RUy4STo9ztBcvlGM/fYqcDmcuAtIPgrZKdOGk55v9e RWZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NBsdA97wMmXbuWb69jsOAlP6PAtxKP7yH9vUhM2yyOG09LXYYh5Dg3y2ZrYhZ BmzpB/a49EfmpAqar5k0wbAuHJOZ+VQyCtkJEnGmRH664b48Mto8j9bvLQq8MsobA==
IronPort-Data: A9a23:0BlUdqAk9aeLtBVW/+Djw5YqxClBgxIJ4kV8jS/XYbTApGxzhmcPz 2RNCzyOOviJNmf8cox1bYrloBwAvcLSzIBkOVdlrnsFo1CmBibm6XV1Cm+qYkt+++WaFBoPA /02M4SGdIZsCCaE+n9BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7ZRbrVA357hX2thh fuo+5eEYQX/g2YvWo4pw/vrRC1H7ayaVAww5jTSVdgT1HfCmn8cCo4oJK3ZBxMUlaENQ4ZW7 86apF2I1juxEyUFU7tJoZ6nGqE+eYM+CCDV4pZgtwdOtTAZzsA6+v5T2PPx8i67gR3R9zx64 I0lWZBd1W7FM4WU8NnxXSW0HAldBbYF6IX2PEO9tI+ilVPJcWXVmKRXWRRe0Y0woo6bAElU/ vAebTsKdB3G1qS9wamwTa9ngcFLwMvDZdxE/Co/i2CCS696HPgvQI2SjTNc9DE7j8VRHPDRT 8EYcjFoKh/HZnWjP39OVshjwLv42CiXnztwul7JtaUwyW7v0zd765vLNMD/IIa6WpAA9qqfj jmbpzuiWE5y2Mak4T6M6W7pjebLmQv6VZ4cUrqi+ZZCgUWLw0QSBQEYE1yhrpGRhlS3Vc4aK kEI9G8vtbA3sVe3R9zlGhq+5XqNsVgVX954EuAm5keK0KW8yx2UDWQFVBZAZcAo8sgsSlQXO kShhdjlA3lkt6eYDCPb/baPpjT0Mi8QRYMfWcMaZSg9+JrzmrAutRDKDec5DqG3kOSuSAill lhmsxMCr7kUiMcK0YCy8lbGny+gq/D1ougduF2/soWNsFsRWWK1W7FE/2Q3+hqpEWp0ZkOKs H5BkM+E4aVfS5qMjyeKBu4KGdlFBspp0hWC3DaD/LF4q1xBHkJPm6gMuFmSw281a645lcfBO hO7hO+ozMY70IGWRaF2eZmtLM8h0LLtE9/oPtiNMYIVOskuLF/ZrXwzDaJ144wLuBZ1+U3YE cnCGftA8V5DUcyLMRLvHrhCj+dzrszA7TmDFciTI+ubPUq2PyPNFuxfbzNin8gy7biPp03O4 s1DOs6RgxRZW6uWX8Uk2dB7ELz+FlBiXcqeg5UOLoare1M6cEl/UKW56e16JORYc1F9y72gE oeVABEIkTISRBTvdG23V5yUQOmxDckn9yphYXZE0JTB8yFLXLtDJZw3LvMfVbIm7+dki/VzS pE4lw+oUqQSItgb01zxtaXAkbE=
IronPort-HdrOrdr: A9a23:yUkfEKvqBG85MjLKYgJ/q4+C7skCP4Aji2hC6mlwRA09TyXGrb HMoB1L73/JYWgqOU3IwerwRpVoIUmxyXZ0ibNhW4tKLzOWyVdATbsSobcKrAeQYREWmtQtsZ uINpIOd+EYbmIKwvoSgjPIburIqePvmMvH9IWuqkuFDzsaF52IhD0JczpzZ3cGPzWucqBJbK Z0iPA3wAaISDA8VOj+LH8DWOTIut3Mk7zbQTNuPXQawTjLpwmFrJrhHTal/jp2aV5yKLEZnl Ttokjc3OGOovu7whjT2yv49JJNgubszdNFGYilltUVAi+EsHfoWK1RH5m5+BwlquCm71gn1P PWpQ07Ash143TNOkmovBrW3RX62jpG0Q6j9bbYuwqhnSXKfkN+NyNzv/McTvIf0TtmgDhI6t MI44tejesQMfqPplWl2zGCbWAbqqP9mwtQrQdUtQ0QbWPbA4Uh9rD2OyhuYc89NTO/54Y9HO Z0CsbAoP5QbFOBdnjc+nJi2dq2Qx0Ib1y7q2U5y4WoOgJt7ThE5lpdwNZakmYL9Zo7RZUB7+ PYMr5wnLULSsMNd6pyCOoIXMPyUwX2MF/xGXPXJU6iGLAMOnrLpZKy6LIp5PuycJhNyJcpgp zOXF5RqGZ3cUPzDs+F2oFN73n2MS+AdCWoztsb64lyu7X6SrauOSqfSEo2m8/luPkbCt2zYY fEBHuXOY6VEYLDI/c84+SlYeghFZA3arxhhuoG
X-Talos-CUID: 9a23:KAcTqmAKgXUJfg/6Ewpf7w0EIPE4SX/Yj0aKPUC6F18yGYTAHA==
X-Talos-MUID: 9a23:qGp1QgXRZAY8Cw3q/C3g2CFtM+1u37uVAnsut5EckZPeBTMlbg==
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-6.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 00:02:39 +0000
Received: from alln-opgw-1.cisco.com (alln-opgw-1.cisco.com [173.37.147.229]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 3BL02dKL030239 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 21 Dec 2023 00:02:39 GMT
X-CSE-ConnectionGUID: Ie4PN6FzSVac6peC8aXRDw==
X-CSE-MsgGUID: mexllXAIQ0SSqgSyj5/iiw==
Authentication-Results: alln-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=ncamwing@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.04,292,1695686400"; d="scan'208,217";a="16502667"
Received: from mail-dm6nam04lp2041.outbound.protection.outlook.com (HELO NAM04-DM6-obe.outbound.protection.outlook.com) ([104.47.73.41]) by alln-opgw-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 00:02:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=flv2BFxdebUKmGLLaaj7dhA6wYBhKSUGBhG8+acPPhgk3a6kM0Dkeab85MkrqLiZkXVJlUhhGJLV0h/lzcB6EIzv5c+wXJKxx+3t6cLEb5GpRftEMjJRiyuz6WE/s2gv6LNO8wg5WmxPHU4OWCUXoJx1lk5DcrxYEfKWNYVfLAMHbaVmUcOZ/lpgs2FywPAMnJBcxUVJ9wDGnd7qzOSE/ceCqQRCLj93R4VuvbQ+zfi+fuYi3RFi8fStpkKB/L6QjCPonvEaGb27D1n6NTDldw6ecsxQRjugfVHeRwdKhH0XW+tmYI3gpE5CpWjuTbSwgE9bUZx3Bz81EiF9eeCq8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S+bVkzIsv2nf/+tM2Il5IRLe95vSBIyg/rSWUMkOMis=; b=ge83uxk+X7cxPIXvSAnhSb6qVmSJVtByA7heJ7gPysd4zutMPizVloYlO+7GpllbUgDvNYxCzHnUMzHsd9IDqj2RJZY49+7wkyz2reVgx1WF/G8VPT8cXjih0Z9GLP5OHF2lk5Mz2j1I7B8jDUQoI9MXHr5ADd39iUj/rvMWUCf54PuNGnLnx0MAGffdZnE2eTNm86a2V+uUapnVu54gzPIYNUxjmhLN0UbVDzQq9ve3FUSo1JyBYNhEi/LZBfz5mBgOhEf2E6qrbG2nuZFODMQmsNo70Z8vwvZmDXAi/9mPOmBAxg/ftGQl5Knlx9pDtcQgD3SAbBpXl3EJKKcx+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from BYAPR11MB2919.namprd11.prod.outlook.com (2603:10b6:a03:8d::21) by SJ0PR11MB5917.namprd11.prod.outlook.com (2603:10b6:a03:42b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.38; Thu, 21 Dec 2023 00:02:37 +0000
Received: from BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::2d1e:3cd3:5fd6:f521]) by BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::2d1e:3cd3:5fd6:f521%5]) with mapi id 15.20.7113.016; Thu, 21 Dec 2023 00:02:37 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Tianran Zhou <zhoutianran@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-ippm-stamp-on-lag.all@ietf.org" <draft-ietf-ippm-stamp-on-lag.all@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-ippm-stamp-on-lag-05
Thread-Index: AQHaLJEJockz0VkHx0CHrK+ZuXVmALCy5Je6
Date: Thu, 21 Dec 2023 00:02:37 +0000
Message-ID: <BYAPR11MB2919009E36A5EB8C639EB308D696A@BYAPR11MB2919.namprd11.prod.outlook.com>
References: <170233642311.18189.17365955358786524328@ietfa.amsl.com> <d6853f54c6e445cc86854cddc36c1429@huawei.com>
In-Reply-To: <d6853f54c6e445cc86854cddc36c1429@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB2919:EE_|SJ0PR11MB5917:EE_
x-ms-office365-filtering-correlation-id: 6fdefddf-299b-4c97-16ea-08dc01b82444
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eBrzu4fLUtl1H2ZL5cpfgDI5XaxRec+rNsHHWkBI0WWxxcBH3DWV0PQI6JoTa9RccplJUzIL19KjbKPOL0DDKsgD9KOBJJXGRj+Xx1f5NJ1AIrSVRcx+0aT2eIC7eY3hpCTsjpbJvteKfcRXaBTaqX9yub8LCWehfh9E4cY4+JQDJkoOLP0c1PD0t05Ar5f6bKGm7XC3F69ppT6MnkXn15Akm/FMuFgJb9XbqL+eZ07ckucOSNw+CCXdpIyK2dZUhNIFou+qs7tq0QYnxOPCLlUc6yLdVDrXKGGdjyOQBRGQYyWMJfq7fG2lraaSGyEgLU+aNpeYVaZKx1+sNJAMnBWQLc9l12GBgPqw7NTKg5aM7gZeCjiPXrLBTcjqt84VRpavehO+q0pofF/TNjM/gt3OaqW8pgVWAj+ck8MZS0IEcspBEpNI+TE/c0GnF5SShFNxvTHKS24odlOlCLAkJokO98lFqNNlTxBnF52PgfOGi7ADSuLrRB5regzwHZno8yGc6r+l+1D9Y786HvXmy4TRCGy3ZVDINqE1XCNH7mXrZN+V9+/8Eq6ZR1cxVnG6F8CwAQDQTrXqjIlAF7ve5E8LZXss45285CUljnrWt0TlofRMst9LMA2CoWgnOGgRn+sb52W5HxxsYjAqMpzcnhlphrqeanAuZYaFdVfLNiU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2919.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(396003)(366004)(136003)(39860400002)(346002)(230922051799003)(230473577357003)(230373577357003)(451199024)(64100799003)(186009)(1800799012)(66899024)(55016003)(7696005)(122000001)(9686003)(53546011)(71200400001)(26005)(6506007)(83380400001)(38070700009)(38100700002)(33656002)(2906002)(86362001)(41300700001)(8936002)(110136005)(8676002)(5660300002)(9326002)(66556008)(4326008)(478600001)(52536014)(66476007)(54906003)(76116006)(66446008)(64756008)(66946007)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8F4VGI6A1W5thHvABj4R1zZyGT4V0VY7fc6mY/yW0mD1a4xCI+s0I8seGndOwf3ayGl8mULc5sJMU4keFG9CZXaEBpnPkBRg1eel6MwOontpFuFvK/TP4Z9DrXTSS3k1PJ9/8w2ipiWHtVYxtURAakvK5g033/Jb71PN6M0MZX0pgTlVYK2JA1I7DbQqYXMIwfgmlZE3E4xvzXi+ThVjYEwA2x0Lo180A0X0KtPZfwAmaVIYn4OgGxkA5zsD74bEunQexoHbsCmyhJmIiaqBWTWkfmko9Fua2Ab9krCQLW99S8jiRfZPWQLlxV3iHGHflKK1ufVnwxuFguj704gN3Et7Qke6c4LSEpspPiittMr4qHPjPR0x+FITc7k3glOaHQVAlm+wX2thfeoN+UchvqrpaRWISkG3rexuM9hUbAAqMqkdV6MA0CQw2lJDaFnruxTP5XxTAXKiylPqjlB1+aNLBQ/XYl78CZq0KmWw+ya6duvJ0ABEak+/9Jwb7j4GL5/7awDJJbmE8KdtX19H1MQ9QxTnDqc19eUvBreghBc8mq6RUEXEhtbQWJcsGsP8mG7TOLusD62/XX6sfJHDCMrjDYeSD0V0juLJ2g7jkyq/mQ/HJZ8x+pEblNpfqKyocqsaIu4xBEBGRNxTyhCrWukIoc7WT0e+Y5yP+fTG9cbcHApzVv6I45YG2CRM/vCa8tyktEEfMmbGZszqEvg11Sq7g/8vlFQU9fw9M/AiWw+sLVoI0vedNnxlTUaFUu3I+M2LbBTUOPJZt9S8PxrB6IopkymNvpJG/z6ssnR/D0uqJHkdL73EGXFkX1lbY6nGZHwbbS0aGnuAsoafOh0XnVkGTRd2xcwi7IpwI1EGFbhNWMpEjFwCBpQsO5/i4XFKQgA6QkZ5XITcU/wnjH3iCuu3ik8mbvc1sQNT0GlSi4KWh8cNzrIaAMIthaBkkuk/DHZVJSs1MrLQXHgRWxPqN5k9PiSqYggwyVg7Q2kXeHSQNLz+z/in0fAjp8bXrif8lIFDqvv9R+A8i2BW5geIMWOliawrdCYVr0dAe9bejqcIY1V3FyMuPf+MbnOztHhubIjaGWmiz2OEc2gT7IZ+1aBWCeu8J36ibaTZp2joIkHAGsbgR0F86m+r0FYW2SZLQY7aoplrwNWUDKilQxS7LxKgDQ9w2+7OOrDU9JBB836jw+jow8mTh2GijV9Aikl8tBiwGsY9AsQXFK0OHmms0xQoCg92pob+MMyG7zgFzb4sbO5cO4k396dpbMl1hvfmaJzQYA17fE4V8J8PbSPdEyVnsolvx4idSHN1KpN7fs1vHdQx7TMyfXNw4zw2uFXnvEXwz5LjYzPdZ9chNDEj3gjhbXGB/ieX9JZUwnEY3NALJC4ht7lFBLBbVp+uddLnIrNENWmWJJf7ILXVHo4XSRtNm/9Biif+Mja2eSEa242i//41183O4RyKpw8tCpjovfY8b2MF2CNCvxsbMqxLgV3hMy5V+EIK0Nw3GiotU5+9nGUSzt+mBwcgV6ov8GZ5amRkp/dNCeDLi5RlKW3Z0/UA+PJzNQgbUAoB2wlAAQNcO41UAahSAbbNEYC5gil8RCaoSPYqLoUCbM7RzhrorA==
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB2919009E36A5EB8C639EB308D696ABYAPR11MB2919namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2919.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6fdefddf-299b-4c97-16ea-08dc01b82444
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2023 00:02:37.3533 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kBF2UALHlEp41WoU82rGvo3zrbifRVg0M0XgxV7ClIrARC6Tos6PK2bhvjNuWijDjpEVQ1REfrenm3DRg6KjEw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5917
X-Outbound-SMTP-Client: 173.37.147.229, alln-opgw-1.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/z65crQkx28QTAhxFeMbb4348lFc>
Subject: Re: [ippm] Secdir last call review of draft-ietf-ippm-stamp-on-lag-05
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2023 00:03:42 -0000

Hi Tianran,
Even if they are not issues, it should be stated as such…with some explanation as to why
they are not issues.  Even identifiers that are not direct, e.g. a MAC address, they can be
used to track and establish communication patterns (independent of IP addresses) that
can lead to providing an attack vector.  Is that the potential case here?

My interpretation of this draft: this is more to help with measurements which can lead to a change
In how logical links are created.  If an attacker can learn the grouping thru this instrumentation,
Can they do harm especially by forcing such a grouping change?  If not, then that should be explained.

From a privacy consideration, having a note to state that while these are identifiers, based on
Rfc6973, one could state that these are identifiers that do not disclose personal information
As it is down at the network layer.

Best, Nancy.

From: Tianran Zhou <zhoutianran@huawei.com>
Date: Monday, December 11, 2023 at 4:20 PM
To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>, secdir@ietf.org <secdir@ietf.org>
Cc: draft-ietf-ippm-stamp-on-lag.all@ietf.org <draft-ietf-ippm-stamp-on-lag.all@ietf.org>, ippm@ietf.org <ippm@ietf.org>, last-call@ietf.org <last-call@ietf.org>
Subject: RE: Secdir last call review of draft-ietf-ippm-stamp-on-lag-05
Hi Nancy,

Thanks very much for this expert review from the security point of view.
I am not sure if the confidentiality and privacy are really issues in this proposal.
Because the "Sender Micro-session ID" in the message is not really the sender hardware id. It's assigned by the controller.
There is mapping between "Sender Micro-session ID" and "Sender member link identifiers".
So you can see there is text in Section 3.2:
"The mapping between a micro STAMP session and the Sender/Reflector member
   link identifiers can be configured by augmenting the STAMP YANG
   [I-D.ietf-ippm-stamp-yang]."
And the configuration channel is secured by TLS.

Best,
Tianran

-----Original Message-----
From: Nancy Cam-Winget via Datatracker [mailto:noreply@ietf.org]
Sent: Tuesday, December 12, 2023 7:14 AM
To: secdir@ietf.org
Cc: draft-ietf-ippm-stamp-on-lag.all@ietf.org; ippm@ietf.org; last-call@ietf.org
Subject: Secdir last call review of draft-ietf-ippm-stamp-on-lag-05

Reviewer: Nancy Cam-Winget
Review result: Has Issues

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.


This document defines an extension to the Simple Two-Way Active Measurement Protocol (STAMP) to facilitate performance measurement on every member link of a tag.  As such, the proposed extension is to define a Micro-session identifier and a Session-Reflector member link identifier.

Issue:
As this draft is now exposing identifiers to the actual nodes in the link, there must be inclusions that describe the potential exposure of these nodes given their identifiers are now explicitly communicated.
RFC 8762 only addresses the integrity not the confidentiality of the information disclosed which with the session identifier now needs to be considered.  In addition, privacy considerations describing the potential consequences of this disclosure can lead to.

v2.23.0 | Report a Bug | By Email