[MBONED] TSV Area Review of draft-ietf-mboned-mtrace-v2
"Brian Trammell (IETF)" <ietf@trammell.ch> Wed, 24 January 2018 09:48 UTC
Return-Path: <ietf@trammell.ch>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E695F12DA07; Wed, 24 Jan 2018 01:48:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ConJquMEts4S; Wed, 24 Jan 2018 01:47:58 -0800 (PST)
Received: from gozo.iway.ch (gozo.iway.ch [212.25.24.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11F9412D94E; Wed, 24 Jan 2018 01:47:57 -0800 (PST)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 05EB5340A60; Wed, 24 Jan 2018 10:47:53 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/6597.23322); Wed, 24 Jan 2018 10:47:52 +0100 (CET)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS; Wed, 24 Jan 2018 10:47:52 +0100 (CET)
Received: from nb-10604.ethz.ch (account ietf@trammell.ch [82.130.102.91] verified) by switchplus-mail.ch (CommuniGate Pro SMTP 6.1.18) with ESMTPSA id 43136027; Wed, 24 Jan 2018 10:47:52 +0100
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Content-Type: multipart/signed; boundary="Apple-Mail=_0A9D1AF7-CE77-4616-A8CF-57028926E9CD"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <91243C66-4C6B-4A53-BB61-B6CE153FC31F@trammell.ch>
Date: Wed, 24 Jan 2018 10:47:51 +0100
Cc: tsv-art@ietf.org
To: mboned@ietf.org, draft-ietf-mboned-mtrace-v2@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/NsJB05VbBdH9CzFKhnAVmSvJolM>
Subject: [MBONED] TSV Area Review of draft-ietf-mboned-mtrace-v2
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 09:48:01 -0000
Greetings, I've reviewed this document as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors for their information and to allow them to address any issues raised. When done at the time of IETF Last Call, the authors should consider this review together with any other last-call comments they receive. Please always CC tsv-art@… if you reply to or forward this review. Summary: The document is not ready for publication as a Standards Track RFC in its current state. The protocol appears to make appropriate use of UDP; i.e., it poses no concerns about congestion safety when implemented and used as designed with non-malicious clients. However, I'm concerned about the potential for abuse of mtrace2. Specifically, replies are larger than queries, so the protocol can be used for amplification, and the protocol will send replies to a client address which is sent in cleartext without integrity protection, so the potential for redirection via spoofing exists. The first, I think, could be addressed by requiring the initial query to be a near-maximum-size UDP packet, or at least larger than the reply packets. The security concept in sections 9.1 and 9.2 seems to assume that client filtering at a network border is sufficient; however, this does not appear to address the case of inside an administrative domain spoofing its address. Section 9.5 acknowledges the potential of the protocol for amplification, but should provide concrete advice for rate limiting. One question: this may be a moot question (I did not review mtrace v1), but it appears that mtrace2 is designed to share a port with mtrace1, and I don't see any version field in the messages. How is version transition handled by this protocol? Is it possible to run a mixed network with both mtrace versions and have the right thing (probably downgrade) happen, or is the assumption that mtrace version migration is a flag day? A related editorial suggestion: a list of changes from mtrace v1 to mtrace v2 in an appendix would be useful. Cheers, Brian
- [MBONED] TSV Area Review of draft-ietf-mboned-mtr… Brian Trammell (IETF)
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Hitoshi Asaeda
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Brian Trammell (IETF)
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Toerless Eckert
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Toerless Eckert