Roman Danyliw's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 03 June 2021 01:43 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ipv6@ietf.org
Delivered-To: ipv6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 270CD3A23CB; Wed, 2 Jun 2021 18:43:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-6man-spring-srv6-oam@ietf.org, 6man-chairs@ietf.org, ipv6@ietf.org, Ole Trøan <ot@cisco.com>, ot@cisco.com
Subject: Roman Danyliw's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
X-Test-IDTracker: no
X-IETF-IDTracker: 7.30.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <162268458965.17417.7198325134163157667@ietfa.amsl.com>
Date: Wed, 02 Jun 2021 18:43:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/PUdff7Pk-_upM-_Geo9CrNqSriw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2021 01:43:10 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-6man-spring-srv6-oam-11: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-6man-spring-srv6-oam/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The privacy implications of the O-flag needs to be more clearly articulated. It provides a dual use capability -- there is tangible benefit for OAM use cases, but also reduces the friction for surveillance uses cases. The SECDIR review (https://mailarchive.ietf.org/arch/msg/secdir/FeTu7x7-okw7w7-T6dZRFhJHpAo/) pointed this out in -09. The changes made to the Security Considerations in -10 were helpful, but primarily focused on reiterating the security assumptions of the SR domain boundary and the degree of protection of the SRH. My recommendation would be for an explicit Privacy Considerations section with the following (approximate) text: NEW 7. Privacy Considerations The per-packet marking capabilities of the O-flag provides a granular mechanism to collect telemetry. When this collection is deployed by an operator with knowledge and consent of the users, it will enable a variety of diagnostics and monitoring to support the OAM and security operations use cases needed for resilient network operations. However, this collection mechanism will also provide an explicit protocol mechanism to operators for surveillance and pervasive monitoring use cases done contrary to the users’ consent. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Dan Harkins for the SECDIR review. ** Section 5. Even with the trust assumptions of the SR domain, it would be worth mentioning that: The security properties of the channel used to send exported packets marked by the O-flag will depend on the specific OAM processes used. An on-path attacker able to observe this OAM channel could conduct traffic analysis, or potentially eavesdropping (depending on the OAM configuration), of this telemetry for the entire SR domain from such a vantage point. ** Section 5. Per “Additionally, SRH Flags are protected by the HMAC TLV, as described in Section 2.1.2.1 of [RFC8754]”, I didn’t follow to what this was referring to. Also, isn’t this TLV optional?
- Roman Danyliw's Discuss on draft-ietf-6man-spring… Roman Danyliw via Datatracker
- Re: Roman Danyliw's Discuss on draft-ietf-6man-sp… Zafar Ali (zali)
- Re: Roman Danyliw's Discuss on draft-ietf-6man-sp… Zafar Ali (zali)
- RE: Roman Danyliw's Discuss on draft-ietf-6man-sp… Roman Danyliw
- Re: Roman Danyliw's Discuss on draft-ietf-6man-sp… Zafar Ali (zali)