Re: [OPSEC] Opsdir last call review of draft-ietf-opsec-probe-attribution-05
Justin Iurman <justin.iurman@uliege.be> Wed, 12 July 2023 13:55 UTC
Return-Path: <justin.iurman@uliege.be>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41FD3C151AE0; Wed, 12 Jul 2023 06:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uliege.be
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bETWprlslDGj; Wed, 12 Jul 2023 06:55:22 -0700 (PDT)
Received: from serv108.segi.ulg.ac.be (serv108.segi.ulg.ac.be [139.165.32.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D50C8C151522; Wed, 12 Jul 2023 06:55:19 -0700 (PDT)
Received: from [192.168.1.62] (125.179-65-87.adsl-dyn.isp.belgacom.be [87.65.179.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by serv108.segi.ulg.ac.be (Postfix) with ESMTPSA id 8D851200E2C0; Wed, 12 Jul 2023 15:55:17 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 serv108.segi.ulg.ac.be 8D851200E2C0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uliege.be; s=ulg20190529; t=1689170117; bh=t+h+un9NhcWg8tngxj7tlKGG69bbBBRUqinh/6nlkKA=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=JRH4IV/Yojuz1BBPp3c+yhkv65+jhvn5iufV7nLvU59qBc0ACcYOvMSLXIcaiCzBu crOtnqF1VS0ZwDMOxFEi2UlO2XfAed43jrW4Bktq3ZmrLreOiadWrY4bokChx6CUV+ sICdf4hpU2ke6e0PGI7kkGZsXbv9VxA4JOfT/R8EiLOULhUDP2lv2i3kVqcBRGmbXN b2tXFf/SuEvAMy/o7HK1WZ0frX0O+j6wVLQF+GdwwBzCZhaxB0IEWqN0uk94hpfney VK9iLnb2aAccfjq2lVQDkqUFUsZacT16Nt8m7cxjzyUuCdt7LGZ62FV8DyXCWeEGeC 9o/tYSa93/EOw==
Message-ID: <13ae4aa5-89a0-7ff9-ccea-60f775a13edc@uliege.be>
Date: Wed, 12 Jul 2023 15:55:17 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0
To: Linda Dunbar <linda.dunbar@futurewei.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>
Cc: "draft-ietf-opsec-probe-attribution.all@ietf.org" <draft-ietf-opsec-probe-attribution.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
References: <168624040559.34152.16732715656841514502@ietfa.amsl.com> <c03e5515-904b-d746-f512-8dd985991b6e@uliege.be> <CO1PR13MB49201DFFA9FC75814996630B8531A@CO1PR13MB4920.namprd13.prod.outlook.com>
Content-Language: en-US
From: Justin Iurman <justin.iurman@uliege.be>
In-Reply-To: <CO1PR13MB49201DFFA9FC75814996630B8531A@CO1PR13MB4920.namprd13.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/3oMIbsBDrkQ7RrbCSe7VWCEn_Es>
Subject: Re: [OPSEC] Opsdir last call review of draft-ietf-opsec-probe-attribution-05
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 13:55:26 -0000
Hi Linda,
Actually, probes could be whatever you want. It is defined in the draft as:
Many measurement researches ([LARGE_SCALE], [RFC7872], and
[I-D.draft-vyncke-v6ops-james]) are about sending IP packets
(sometimes with extension headers or layer-4 headers) over the public
Internet and those packets can be destined to either collaborating
parties or non-collaborating ones. Such packets are called probes in
this document.
So, basically, a probe is a packet. Let's say, for example, that I'm a
researcher and I want to measure if an IPv6 Hop-by-Hop Extension Header
goes through from my home router towards a random target, with TCP as
layer 4. I'd send some crafted packets (i.e., IPv6/Hbh/TCP), also called
probes in this document. So far so good. Let's now assume that you are
an operator where these probes transit or arrive. As is, you don't
really know why you're receiving them and it could be perceived as
harmful or aggressive. This document proposes simple techniques for a
source (me, in this case) to identify the probes for any third parties
on the path that would want to know (one of them is you, in this case).
In fact, it allows me to say "I'm the origin of these probes and I do
that because ...", so that you are able to understand why you receive
such probes.
Thanks,
Justin
On 7/11/23 22:35, Linda Dunbar wrote:
> Justin,
>
> Thank you very much for the explanation.
> Is the "Probe" another ICMP message? Does the "probe" have an ICMP Header?
>
>
> Does it mean that Source can include an "URL" to the ICMP message content?
>
>
> I reviewed the -08 version, I still can't find answers to my puzzle.
>
> Thank you
> Linda
>
> -----Original Message-----
> From: Justin Iurman <justin.iurman@uliege.be>
> Sent: Thursday, June 8, 2023 3:28 PM
> To: Linda Dunbar <linda.dunbar@futurewei.com>; ops-dir@ietf.org
> Cc: draft-ietf-opsec-probe-attribution.all@ietf.org; last-call@ietf.org; opsec@ietf.org
> Subject: Re: Opsdir last call review of draft-ietf-opsec-probe-attribution-05
>
> Hi Linda,
>
> Please see inline ([JI]).
>
> On 6/8/23 18:06, Linda Dunbar via Datatracker wrote:
>> Reviewer: Linda Dunbar
>> Review result: Not Ready
>>
>> I have reviewed this document as part of the Ops area directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG. These comments were written primarily for the benefit of the Ops area directors.
>> Document editors and WG chairs should treat these comments just like
>> any other last-call comments.
>>
>> Summary:
>> This document describes the method for any organizations to send
>> queries to understand the received unsolicited probing packets.
>
> [JI] I think there might be a misunderstanding here. What we define for the in-band technique is just a simple way to include a probe description URI (a link, an email address, a phone number, etc) in probes/packets so that third parties on the path would be able to identify them (what's the reason for such probes? who's responsible for that? what's the purpose? etc). We do *not* define how third parties would verify the probe attribution (at least, we explain how, but we do not define a query to do that automatically).
>
>> Issues:
>> - Are those queries generated automatically?
>
> [JI] Not really sure about what you mean with "queries". See the above explanation. If I missed your point, please shout.
>
>> - If the queries are generated automatically, does it require routers
>> upgrade to support the auto-generating of those queries? - If the
>> queries are generated manually, the draft should give some detailed
>> examples since those queries will be generated by people not coming to
>> IETF. - Today, most routers ignore the Internet probes they don't support. What are the problems of ignoring them?
>
> [JI] No, routers do not need any upgrade. If the out-of-band technique, nothing is included in probes. If the in-band technique, the probe attribution is included in probes, but these bytes are just like data payload.
>
> Thanks,
> Justin
>
>> Best Regards,
>> Linda Dunbar
>>
>>
>>
- [OPSEC] Opsdir last call review of draft-ietf-ops… Linda Dunbar via Datatracker
- Re: [OPSEC] Opsdir last call review of draft-ietf… Justin Iurman
- Re: [OPSEC] Opsdir last call review of draft-ietf… Justin Iurman
- Re: [OPSEC] Opsdir last call review of draft-ietf… Eric Vyncke (evyncke)
- Re: [OPSEC] Opsdir last call review of draft-ietf… Linda Dunbar
- Re: [OPSEC] Opsdir last call review of draft-ietf… Justin Iurman