Re: [Last-Call] [ippm] Last Call: <draft-ietf-ippm-ioam-data-11.txt> (Data Fields for In-situ OAM) to Proposed Standard
Greg Mirsky <gregimirsky@gmail.com> Tue, 24 November 2020 21:30 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0A73A0C11; Tue, 24 Nov 2020 13:30:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTzpWt9z2GXd; Tue, 24 Nov 2020 13:30:45 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 387853A0C0E; Tue, 24 Nov 2020 13:30:45 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id j205so141028lfj.6; Tue, 24 Nov 2020 13:30:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fjUNX8qphKiCuEWrPCMFp/845p/wOQ28jgTco3Em8l0=; b=IFo14a24GhhXPiPZLP4W4gU2V4ZXc5DV7YVxJQbcS9aEvSC4LSLULtctJKkcf+VK0p 7bnTbDPpfQclq7mT9nRYWZdMdvuKT6qSCR3wCRSpONOsl/K0YZNzYUEuAQJq30rm/ivv VEkE1odwWuymHfLbVhI4ctZ9BrsSfR4lkoQGokyEtCZF0VlX/bQvBKdrecl1Q9ZXCo4b 0lnFSwl+n7jPZq27AV/6LQ/Ug6jT02/rMa5QFLCjOnvWSYR22fIvIKasL6YCurvC9tN+ hK4/LirIFs6t9UK3eDA2O2afjWv2qKNzPpX6vHZeIXswErXkQKqvFokg3TYy9R4cwq4R iWpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fjUNX8qphKiCuEWrPCMFp/845p/wOQ28jgTco3Em8l0=; b=I20un9aAbojnR+Hje79zyJqE7TrKnUASvwjJPVH/lTFMWh+i75hBEN3/HxwUO+B5hE FX/vleCnuIH+SOvo5GUzTK/41Ux77eyo34FHqMnxB7QY4OtnnDFl0vDTMsOo2V5g/81M mvAIsMOou5kywiRp8m4wG6a56wcLHOsMrELVbKrxqAoRqZnJCbxJsrE/qNleFE1QYmdQ mScEkiPzQJLU40ZowX+WXrRy0AiO6b4XYyYde3UoP9IeVbfaBqAx+pmw1K5bN6uCWucK VtjKkFVXRS7iNqHKL5oXWuLEzsQT+IgRAVV+b/dldIjZbgXatj2QyggYBkkHzGAlDrX4 Tp1g==
X-Gm-Message-State: AOAM532fXT5/RJ6N4nxDm2zmn0QCpz6jNpF0x8qapthtWO3CXL/Co+ZZ /Ael0byQsMjsiFxSv5Ggkv6TtnF9WJEeU70SUAHeO+Sf
X-Google-Smtp-Source: ABdhPJyz872gurwA+V6Ukz6TQk40rWjjLMYIRVla48wr4CnF41LWhagsU9Yct2GbBnRdnewnP+SLfpjoNLHXb5R34II=
X-Received: by 2002:a05:6512:1102:: with SMTP id l2mr40723lfg.500.1606253443033; Tue, 24 Nov 2020 13:30:43 -0800 (PST)
MIME-Version: 1.0
References: <160624221011.1004.4337499034959566457@ietfa.amsl.com>
In-Reply-To: <160624221011.1004.4337499034959566457@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 24 Nov 2020 13:30:31 -0800
Message-ID: <CA+RyBmXp9dzH-G-d78Vho9obk5=xCz4xRxX55A5+OheC+nZyfw@mail.gmail.com>
To: last-call@ietf.org
Cc: "MORTON, ALFRED C (AL)" <acm@research.att.com>, IPPM Chairs <ippm-chairs@ietf.org>, draft-ietf-ippm-ioam-data@ietf.org, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e42ea305b4e105bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/LUIXkRMBH0AFYGAJ6zB7CbvZtqU>
Subject: Re: [Last-Call] [ippm] Last Call: <draft-ietf-ippm-ioam-data-11.txt> (Data Fields for In-situ OAM) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 21:30:52 -0000
Dear All, I have several comments related to the security aspects of this specification: - although this draft does not define network-specific encapsulation of IAOM data, it would the right place to introduce a generic method of IAOM data integrity protection. As noted in the Security Considerations section, IOAM trace options and collected information may become the target of a malicious attack. Protecting the integrity of data with HMAC seems like the right option. It seems reasonable that the text used to calculate HMAC includes in addition to the IOAM trace option header and an IOAM node data field that uniquely identify the source of the packet that includes IOAM trace. For example, in an IP network, the IP source address can be concatenated with the IAOM trace option header. The integrity of each IAOM node data record can also be protected by HMAC. The data record can be concatenated with, for example, the IOAM option header to form the text used in the calculation of the HMAC. While the detailed construction of the text used in HMAC calculation could be provided in network-specific documents, it seems appropriate to require the optional use of HMAC for the integrity protection of the IOAM option header and IOAM data record in this document. - I have some concern over using the Checksum Complement in the IPv6 network. RFC 6936 provided us with the most detailed analysis for using zero UDP checksum in the IPv6 network. As I understand the purpose of the Checksum Complement, its security impact is similar to the one of using zero UDP checksum. I think that the use of Checksum Complement in the IPv6 network should be explicitly discussed in the document. I'd recommend adding the reference to RFC 6936 and provide arguments supporting the use of the Checksum Complement in the IPv6 network. Regards, Greg On Tue, Nov 24, 2020 at 10:25 AM The IESG <iesg-secretary@ietf.org> wrote: > > The IESG has received a request from the IP Performance Measurement WG > (ippm) > to consider the following document: - 'Data Fields for In-situ OAM' > <draft-ietf-ippm-ioam-data-11.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-call@ietf.org mailing lists by 2020-12-08. Exceptionally, comments > may > be sent to iesg@ietf.org instead. In either case, please retain the > beginning > of the Subject line to allow automated sorting. > > Abstract > > > In-situ Operations, Administration, and Maintenance (IOAM) records > operational and telemetry information in the packet while the packet > traverses a path between two points in the network. This document > discusses the data fields and associated data types for in-situ OAM. > In-situ OAM data fields can be encapsulated into a variety of > protocols such as NSH, Segment Routing, Geneve, IPv6 (via extension > header), or IPv4. In-situ OAM can be used to complement OAM > mechanisms based on e.g. ICMP or other types of probe packets. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-data/ > > > The following IPR Declarations may be related to this I-D: > > https://datatracker.ietf.org/ipr/3526/ > > > > > > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm >
- [Last-Call] FW: [ippm] Last Call: <draft-ietf-ipp… Haoyu Song
- Re: [Last-Call] [ippm] Last Call: <draft-ietf-ipp… Greg Mirsky
- Re: [Last-Call] [ippm] Last Call: <draft-ietf-ipp… Tal Mizrahi
- Re: [Last-Call] [ippm] Last Call: <draft-ietf-ipp… Greg Mirsky
- Re: [Last-Call] [ippm] Last Call: <draft-ietf-ipp… Benjamin Kaduk
- Re: [Last-Call] Last Call: <draft-ietf-ippm-ioam-… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-ippm-ioam-… tom petch
- Re: [Last-Call] Last Call: <draft-ietf-ippm-ioam-… Salz, Rich
- Re: [Last-Call] Last Call: <draft-ietf-ippm-ioam-… Benjamin Kaduk
- Re: [Last-Call] [Ext] Re: Last Call: <draft-ietf-… Michelle Cotton
- Re: [Last-Call] [Ext] Re: Last Call: <draft-ietf-… tom petch