IETF Logo Mail Archive

Re: Roman Danyliw's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)

"Zafar Ali (zali)" <zali@cisco.com> Thu, 03 June 2021 13:29 UTC

Return-Path: <zali@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD0FD3A1158; Thu, 3 Jun 2021 06:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.594
X-Spam-Level:
X-Spam-Status: No, score=-9.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=TOu099ec; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=eKondXqF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfEcqjgN8dWA; Thu, 3 Jun 2021 06:29:32 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 720C53A1157; Thu, 3 Jun 2021 06:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19801; q=dns/txt; s=iport; t=1622726972; x=1623936572; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=n0oMiaj2vwkiBWkXt1clG7OuxlMX+lIYFW1eghKiWXE=; b=TOu099ecJ8dIOUQYNbYydTMb1mqVKb9FZHQ50o4VSRSZ3xxQHoOeKS9Q 7HhigVFONWvYrgl7yetHtUrerRHFVwcGmUx3n+BcwG8+K4uZ3kbyAebv6 sOgeMePIeKsKgbxywAcATEHvblky6WFjOowZl7vQ/uTnt78RjAgYkz1hM Y=;
X-IPAS-Result: A0AHAADM2Lhgl4MNJK1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBggUDAQEBAQsBgSIwUX5aNzELhD2DSAOFOYhLJQOVD4UAgS4UgREDVAsBAQENAQE3CAIEAQGEUAIXgWgCJTYHDgIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFaA2GRAEBAQQSER0BATcBDwIBCA4DAwECKwICAjAUCQgCBAENBSKCTwGBflcDLwECDJ4HAYE6AoofeoEygQGCBwEBBgQEgTQBE0GDMRiCMQMGgToBgnqEDAEBgmeDeiccgUlEgRUnDBCCXz6CYgIBAoEoARIBQQ2CajaCLoMuBCINDBYCf00IAgMoERkGFpEvgnhCiA2fFQqDG4EniGiODoVQBSaDXosblmGVS4wWkyCEcAIEAgQFAg4BAQaBWwUta1gRB3AVZQGCCgEBMlAXAg6OHxkegzmFFIVKcwI2AgYBCQEBAwl8iSgBgRABAQ
IronPort-PHdr: A9a23:2XjR2hQZD2hy9TkLFDUyviz4t9pso6fLVj580XJvo7lDaLjl+I7tb wTT5vRo2VnOW4iTq/dJkPHfvK2oX2scqY2Av3YPfN0pNVcFhMwakhZmDJuDDkv2f/XndTB8G 95NBxdp+nihOh1TH8DzL1TZvny162sUHRPyfQp4L+j4AMjclcOyguuz4JbUJQ5PgWnVXA==
IronPort-HdrOrdr: A9a23:3nO1Ya6i1Zwc1LpTiQPXwR6BI+orL9Y04lQ7vn2ZFiY1TiXIra 6TdaoguiMc0AxhJ03Jmbi7Sc69qADnhOBICOgqTPaftWzd2FdAQ7sSlrcKrweQfhEWs9QtqZ uIEJIOSOEYb2IK9/oSiTPQe71LrbX3k9HLuQ6d9QYRcegAUdAH0+4NMHfiLqQAfng+OXNWLu v52uN34x6bPVgHZMWyAXcIG8LZocfQqZ7gaRkaQzY69Qinl1qTmf3HOind+i1bfyJEwL8k/2 SAuRf+/L+fv/ayzQKZ/3PP7q5RhMDqxrJ4dY6xY4kuW3DRYzSTFcNcso65zXYISSaUmQ8Xee z30lMd1gJImivsly+O0EDQMkLboUcTAjfZuC+laD3Y0JbErPZQMbscuWqfGSGptnbI9esMop 6ilQiixulqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI0EddZq3MMiFW5uYdo99RjBmcwa+S hVfYnhDf1tAB2nhrDizyNSKfmXLz0O9zu9Mz8/U/2uonNrdSpCvj8lLeQk7wE9HbwGOux529 g=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,246,1616457600"; d="scan'208,217";a="728241382"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jun 2021 13:29:31 +0000
Received: from mail.cisco.com (xbe-rcd-006.cisco.com [173.37.102.21]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 153DTVmW005724 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 3 Jun 2021 13:29:31 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-rcd-006.cisco.com (173.37.102.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 3 Jun 2021 08:29:31 -0500
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 3 Jun 2021 08:29:30 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 3 Jun 2021 08:29:30 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jNfpatx+pErum+zieYuFphJ6KosKBA2dL7Le40roub3iItgl33QCEkQfZh46lpfokrGcApYQpSr0JYhgogYAcXg7kRQQM3Jz+Ng9mkGdkD7+wvrP05kPhHpivquTAv5UzGmhYi/ctc35/Kti8mq+7PwIe+TgYieXuuDHFEv7w+HqdFBF2/lu/maXbJHM8EgdsLwHkD4qVLGtBRjb29B8cSghHPb8jazFEmDmENBgbO93oryv9U8KusprVRyl1dvUWjkHtmySMZwCt4QRJM9VEiAEWwQlZ/7aDIuNmcn6sZBpLY/MxtNqzAsgyhcQUrc3Zs4cJwZPWiBia3KyuXMbZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n0oMiaj2vwkiBWkXt1clG7OuxlMX+lIYFW1eghKiWXE=; b=eDJ3yTVs033Mj81WkhPGXIypSDXqfcZIYjLzvQhCIZJgijm9T18qKUR2QJ4WyKpYQJTfQ+TezFfjj/K6fAEBVg4CHFPCwQRGiV8iQXFKJzmSQvMn2R1hICaYh4Pp6lAi5EDlnWTWgcq+V/fjjZhfcQSrO6YRc9gGQXFf5D++oSK1oyJXBdMpwt8NJ90+u6XIH4J2vWL9xUctWPRzYdgtwAC82ih3WxFwkEONSR7PYdd/RN48t4S7WSGnEahkKHVHM7gweCeudiGBkIR4zOgvaJNEmvEVX2W6tjrJqp5XyghgSlwZzPrB90+UaVe979dntX3MptUQ4k601QPaLBcWZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n0oMiaj2vwkiBWkXt1clG7OuxlMX+lIYFW1eghKiWXE=; b=eKondXqFq9oIItQSRiq1N8/6ZV3QkNpTlX0TTg2Inv8tuoijSqQLpG5pqQ2BbIgXfG2FdQehTJOBfP4fckHOIfqgfMUGwlQd+Guz3fl0icgzQzBcsl1vyTFK63n5LylwXSEFlFtkjuWPmWvejTDwvcJ2ez5EzKaAaYwqO3jsAdw=
Received: from DM6PR11MB4692.namprd11.prod.outlook.com (2603:10b6:5:2aa::11) by DM5PR11MB1244.namprd11.prod.outlook.com (2603:10b6:3:13::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.21; Thu, 3 Jun 2021 13:29:28 +0000
Received: from DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::7065:61fa:d9c5:d7ba]) by DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::7065:61fa:d9c5:d7ba%9]) with mapi id 15.20.4195.024; Thu, 3 Jun 2021 13:29:28 +0000
From: "Zafar Ali (zali)" <zali@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6man-spring-srv6-oam@ietf.org" <draft-ietf-6man-spring-srv6-oam@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Ole Trøan <ot@cisco.com>, "Zafar Ali (zali)" <zali@cisco.com>
Subject: Re: Roman Danyliw's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Thread-Index: AQHXWBnVAYpyjrs2Dk+Trp9PReG92qsCBbGA
Date: Thu, 03 Jun 2021 13:29:28 +0000
Message-ID: <C13F1532-00A1-4787-8846-32D7EDE6F304@cisco.com>
References: <162268458965.17417.7198325134163157667@ietfa.amsl.com>
In-Reply-To: <162268458965.17417.7198325134163157667@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050901
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [47.185.233.68]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6eccaf74-5d84-4991-16b5-08d926939d39
x-ms-traffictypediagnostic: DM5PR11MB1244:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB12442E7D859F415CCA4A5D92DE3C9@DM5PR11MB1244.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: z4gq3WDJyaYZJp1BxgkZlL0DjkIWtbahSFGTaD2e//tp8cHiYQd6GCl550NEvSetnuRmGnkRTkVldFCoRIm6mr/h0CQFPkojpGJWUnAYPlr4ysViUzXy/prFrY3VvLqIBaf3QFAeJoUbXnfB6XG8fss8ZS/IDh06dmVNCOVpJUs8TlfIomXB/ujTshGh8umQWS7RhU+9enh8ArfpJoT/s+HBoOgtbe7drED22qeAQWNmpqtZOUd7HBmQXnL2uCRzdi1kIChD0kSRwk+DJqNm1Y72bOM2H2R7HjFdTRKl95jkT4MXIlX3EzasG0exK5HwjC1pXnBbYJ6NmxFIyX0oaXQyOQy3wjLUJK2quAfYjh8z53V7ox3d+8DVRluAQwBC56AxoNOqKR8HviGrgOmGXBYxHpU174sGtoqMoK/uXcYpk24XS4N4C5Imy85X3XVfTRMvzTeh5FFW7pYNqSy+IWbnDTG1INd93HO8b7iC5Zduh/0ZkgTZosTeOcoBvSnMq1xL2JLWPL4nN9yooz2PXmLgkTtwmaJBerHVlnAlFHiNEB8Wtpy2Q9vcE49HzTNdagyWC96UXZplQRjigrsl6hQBZPDAaLINjWE6OSSKA1x93R0/bZB0Sv0olKEQrghRPo3FvkDAzX3huYYbFwCIZXxL4nlSAPP5HHv/rrsNHQZZtvh+oslDb13I2pyL8KP1XW3DX5iok6qQAA9YVRRYLkcQWMDYF2ZFGAfzXQZkjTlbWB/0xSOjJ6nFCLb0LGsMVpLDP7tN9dZPdXKqRcGZRcVonhvcMMf7TYFfuO+0mDF7aU2MEOFYKNsBsdRKsFsr
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4692.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(366004)(346002)(39860400002)(136003)(396003)(186003)(26005)(53546011)(6506007)(9326002)(4326008)(86362001)(107886003)(316002)(33656002)(6486002)(36756003)(8676002)(166002)(8936002)(110136005)(54906003)(83380400001)(478600001)(966005)(6512007)(5660300002)(38100700002)(122000001)(66556008)(66446008)(71200400001)(2906002)(91956017)(76116006)(66946007)(66476007)(64756008)(2616005)(21615005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: xdpitaCx71W3SBy1/tOBsTDbV50qIbx91145BMQALJrxX0NODXGe2I7ZSPM5+W3lrOTNIatvFXf0u2RaSQO1+66oGvEj+OIpWgcya1qnWWv+28F1A600b/5fmBkR9tQ54ELhvnr/Wxd+jAL585LfwFYHImy2WVM9KD7XpkxNwKgLxcmxyi7UsDqWuh3CivpMuEmmEIntE0z5lwdUVTaMILMfcXFndwWaovkQJJPLV8cjbw13+2RH8dnJOJUsgSab8K+WO17dp3mMcl4+qwev45andmpHpys61FtLaAmYKW2gAhMUqslBo4JiIxEukHYMlz+e3SDLMMXOtfDqohSrdSdVyu54u/lPMjk8iabmvvqdsFUOUbKpn5RDe+jw2sBbsNM0gs9YEQB+S6FdQGeA7kO8Md1wnlLahcyCmHgtfXSQQ41rTzf0+BDLtK6UHUtT9srxZMGsWR14s9N+g/NbSYiKUyoV8+Ru1oL3cLV9UgXLm11QX2dytRyHbTx/guDI9MIgApNCWmayT2vBMEpKqY5avNkkbdjTpiZD077Y53oqzlo1wr5DNWxQ88C5M9o+hiwaFwfRzqS5ghLOeTmlrPxLcQWzOVdJo6g+h4uyd7qxnUZeinp9dDAfQS+0JgNW0DliUdrDVcNxMszD0Vl0up4PdmhgbfmN4GPrduKRQkXCnlxkYTqbCz8aP96siaurxQEWqHK2FdYSR3rM5oYbr7wc5WzbVpFaonlJRU5VcpakXIbMlhfdLqnFeNWBk7BMYZwhwIuALOAIFJf8ob5WB16l3D23EKzl5SCCCF65qJIIyRUACz1M6xQM4OeMSVm/9Ubd39QIn290F+oj/wukYcAVH6vc/PIBM1DZFjU81GICoUBfGF06+00ayb53v1/grR3y8F08lZbOFEi51B5VcbMjYU+qqMgb6MnH0dHsHYBGV+NB/rRQUac5iHlx42EQDeoqqc0K1WgMwsdoGTdPs+ymzl+wnYKzfJwvFZUpCgaSiYJuJ14RCl1e7nZHyDGUHNyXeuBZ9VJPD0qkzd9/JTww6cEriAK3b5E0eySOKvYlLqn1kM8H6GEFGzpqzjEMgREnQaYpn/bqgygMim0KEExY1AhfzemKavE5EHJ9vQTE/gcMRb5zftkVooxyUFcMf6XXAUutBynpSRCk8Strq9dCc8ZdgCpPhnpXcbPj57YPsfvkIiCg6UclNAnZi9uKCPtTSGNSdYlzp/Xm7YVKwEMJeDKoalK7sD1gSJM1qn7VJBOPEnBH+5mhgiWyI9NggfXviRUKtc8AOOdJ8Nhd/FopANYNGuaLTgVWyRvr4se1GbnuNkURU5+zGY2tw4t26xPYgU7QUI0niHsFHFfDdQ==
Content-Type: multipart/alternative; boundary="_000_C13F153200A14787884632D7EDE6F304ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4692.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6eccaf74-5d84-4991-16b5-08d926939d39
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2021 13:29:28.7148 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UPeUq7MRWgX9x5eRerlheUCyVx1ryF/0Qq7J8eGb9epPCQ6PrmOXWeFFsZq5H9bN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1244
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.21, xbe-rcd-006.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/a0KRnZNHaOcKNlomr36maCxQ7EM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2021 13:29:39 -0000

Hi Roman,

Many thanks for your comments and proposed text.

I am sorry the text is not clear. The packet is copied to a *local* OAM process. We expect this OAM process to aggregate the packet and do something similar to IPFIX for the rest of the export or any telemetry export using a YANG data model.

Based on your comment, we will modify the document in the coming days.

Thanks

Regards … Zafar

From: Roman Danyliw via Datatracker <noreply@ietf.org>
Reply-To: Roman Danyliw <rdd@cert.org>
Date: Wednesday, June 2, 2021 at 9:43 PM
To: The IESG <iesg@ietf.org>
Cc: "draft-ietf-6man-spring-srv6-oam@ietf.org" <draft-ietf-6man-spring-srv6-oam@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, "ot@cisco.com" <ot@cisco.com>, "ot@cisco.com" <ot@cisco.com>
Subject: Roman Danyliw's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Resent-From: <alias-bounces@ietf.org>
Resent-To: <satoru.matsushima@g.softbank.co.jp>, <zali@cisco.com>, <cfilsfil@cisco.com>, <daniel.voyer@bell.ca>, <mach.chen@huawei.com>
Resent-Date: Wednesday, June 2, 2021 at 9:43 PM

Roman Danyliw has entered the following ballot position for
draft-ietf-6man-spring-srv6-oam-11: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-6man-spring-srv6-oam/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

The privacy implications of the O-flag needs to be more clearly articulated.
It provides a dual use capability -- there is tangible benefit for OAM use
cases, but also reduces the friction for surveillance uses cases.

The SECDIR review
(https://mailarchive.ietf.org/arch/msg/secdir/FeTu7x7-okw7w7-T6dZRFhJHpAo/)
pointed this out in -09.  The changes made to the Security Considerations in
-10 were helpful, but primarily focused on reiterating the security assumptions
of the SR domain boundary and the degree of protection of the SRH.

My recommendation would be for an explicit Privacy Considerations section with
the following (approximate) text:

NEW
7.  Privacy Considerations

The per-packet marking capabilities of the O-flag provides a granular mechanism
to collect telemetry.  When this collection is deployed by an operator with
knowledge and consent of the users, it will enable a variety of diagnostics and
monitoring to support the OAM and security operations use cases needed for
resilient network operations.  However, this collection mechanism will also
provide an explicit protocol mechanism to operators for surveillance and
pervasive monitoring use cases done contrary to the users’ consent.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Dan Harkins for the SECDIR review.

** Section 5.  Even with the trust assumptions of the SR domain, it would be
worth mentioning that:

The security properties of the channel used to send exported packets marked by
the O-flag will depend on the specific OAM processes used.  An on-path attacker
able to observe this OAM channel could conduct traffic analysis, or potentially
eavesdropping (depending on the OAM configuration), of this telemetry for the
entire SR domain from such a vantage point.

** Section 5.  Per “Additionally, SRH Flags are protected by the HMAC TLV, as
described in Section 2.1.2.1 of [RFC8754]”, I didn’t follow to what this was
referring to.  Also, isn’t this TLV optional?

v2.23.0 | Report a Bug | By Email