Re: [OPSEC] draft-ietf-opsec-probe-attribution: WGLC
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 28 March 2023 04:42 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C821AC14F73F; Mon, 27 Mar 2023 21:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.895
X-Spam-Level:
X-Spam-Status: No, score=-11.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="CkrXS6Rc"; dkim=pass (1024-bit key) header.d=cisco.com header.b="J2/kt5GZ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcawFBUsr2N1; Mon, 27 Mar 2023 21:42:02 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46AC2C151B02; Mon, 27 Mar 2023 21:41:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8864; q=dns/txt; s=iport; t=1679978510; x=1681188110; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=KEG4rbafe5BksKXvpA2UTBWJuEh61GlM5leQ1ux0Fec=; b=CkrXS6RcCch+x8mQXwhUldFs0evZ7vPqW1D8S4yxzZI5ucq2wHmcBMY4 jJ6uGfVEHhekXTnERo/ZubcblE4M7Wa0w2UZgCmMQCuGhKpaHjFOSWg+i RJg3/aExa4h6AXupo5Wn3nktuOUhiy2HHD6DrPGgiPW9ppmdBNp2Wb851 M=;
X-IPAS-Result: A0ADAADobiJkmIQNJK1QChoBAQEBAQEBAQEBAwEBAQESAQEBAQICAQEBAUCBOwUBAQEBCwGBW1JzAlk7RoRSg0wDhFBfiDEDgROQBYsQgSwUgREDQhQPAQEBDQEBLgsLBAEBhQUCFoUiAiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUOECeFaA2GVQEBAQECAQEBEBERDAEBLAsBBAsCAQgOCgICGQoDAgICJQsUARACBAENBR8DglwBgjkjAwEPolYBgT8Cih96gTKBAYIIAQEGBASBTkGdEQMGgRQtAYdHHlhfg1EXhDAnG4FJRIEVJxyCMDc+gmIBAQOBKAEHCwEJGBeDQTmCLo4XiyoKgTR2gSAOgT2BBAIJAhFDKIESCGeBfEACDWMLDm+BSgJkTIEUNwMZKx1AAws7Oj81Bg4gBlhrAgkjERMFAwsVKkcECDkGGjQRAggPEg8GJkQOQjc0EwZcASkLDhEDT4FHBC+BXAYBJiSacYFUCWwGZAQULxAiNgMYLDsOAxcDDh+WWqtiCYEtCoN6i3GVFQQug32MZpFJg2eCSmKXaiCCLosElF0pLoRrAgQCBAUCDgEBBoFjOmtwcBU7KgGCPFIZD1eNSQkQCYNQhRSKZXU7AgEGAQoBAQMJiGoFglQBAQ
IronPort-PHdr: A9a23:KneMhRPpGO9VxJtX6Jkl6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C
IronPort-Data: A9a23:Opuz8agM+CQ0QkYpyp6ca3dlX161gxAKZh0ujC45NGQN5FlHY01je htvDzqPOvbeajPyKtsjat7g80IH6JDSx4NnTwprriBkQnhjpJueD7x1DKtf0wB+jyHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKkYAL/En03FF8MpBsJ00o5wLZi2N4w2LBVPivU0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pDTU2FFEYUd6EPdgKMq 0kv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOjzAazhHe3JrXO9JARktmmSiqmeos9 4gKpYeCTj84F6rTzbF1vxlwS0mSPIVP/LvBZHO4q8HWlhWAeHr3yPIoB0YzVWEa0r8oWicVq 7pBc3ZUNUrra+GemNpXTsFhmNUlJ8rmFIgeoXpnizreCJ7KRLiYHfuTuYcIhF/cgOgNEeyCX e0+UQNUUx3vRQVFYEgoNIkxybLAan7XKm0E9w39SbAMy2TJxQJtlbngLNSQfcSRSM4Qhlyfr G+D9njlGBAQKcCezjyt83+wiKnIhyyTcIUKD7Czs/VqiVyJ3UQSBQEYE1yhrpGRjValVtl3K kEI9Gwpt6da3EK2VMPsBkaQr3uNvxpaUN1Ve8U05waL1oLP4lifC3QbSSRCc5ots8peeNAx/ laNm9WsDjt1vfjMETSW96yfqnW5Pi19wXI+iTEsESQJ0sv+g4cJ0y2SCcZ4IqmNn/TyBmSlq 9yVlxQWi7IWhM8N8qy0+1Hbnj6hzqQlqCZovW07uUr4smtEiJ6Zi5+AsgOCsKkdRGqNZhzQ4 iRVx5n2APUmV8nV/BFhVtnhC11ACxytCCfdh1ViA54nn9hG0yH+IdgPiN2SybsADyrpUTbtZ EmWsgRL6doKZD2hbLR8ZMS6DMFCIUnc+TbNC6y8gjlmO8cZmOq7EMdGPhT4M4fFyxVErE3HE c3HGftA9F5DYUid8BK4Rv0GzZggzT0kyGXYSPjTlkr4gOvCPS7OEelUbTNii9zVCovZ/m05F P4CaaO3J+l3C4USnwGOq9dIdABWRZTFLcCv+6S7idJv0iI/SD1+VJc9MJsqepdumOxOh/zU8 3SmMnK0O3Kh7UAr3T6iMyg5AJu2BM4XhStiYUQEYw3ys1B9OtnH0UvqX8ZtFVXR3LY9nacco jhsU5joP8mjvRyepWtDNMit99Y8HPlp7CrXVxeYjPEEV8YIb2T0FhXMJ2MDKAFm4vKLiPYD
IronPort-HdrOrdr: A9a23:aukw0qwvG9Ov74OMG6TRKrPxjuskLtp133Aq2lEZdPULSKKlfp GV88jziyWZtN9IYgBdpTiBUJPwJU81bfZOkMYs1MSZLXbbUQyTXc9fBOrZsnHd8kjFl9K1up 0QC5SWZOeAb2SSyPyKnTVQcOxQgeVvkprY/ts2pk0FJWoBBsEQjDuRSDzraHGeLzM2YqbRYa Dsn/av0ADQH0j/AP7LY0UtbqzmnZnmhZjmaRkJC1oM8w+Vlw6l77b8Dlyxwgoeeykn+8ZjzU H11yjCoomzufCyzRHRk0XJ6Y5NpdfnwtxfQOSRl8kuLCn2gArAXvUjZ1TChkF2nAic0idvrD D+mWZmAy210QKWQoiBm2qp5+An6kd215at8y7BvZKpm72GeNtzMbsxuWseSGqD16Ll1+sMjZ 6iGAmixsBq5Fr77VfAD5KjbWAbqmOk5XUliuIdlHpZTM8Xb6JQt5UW+AdPHI4HBz+S0vFtLA BCNrCU2B9tSyLTU1nJ+m10hNC8VHU6GRmLBkAEp8yOyjBT2HR01VERysATlmoJsMtVcegI28 3UdqBz0L1eRM4faqxwQO8HXMusE2TIBRbBKnibL1jrHLwOf3jNt5n06rMo4/zCQu1D8LIi3J DaFF9Iv287fEzjTcWIwZ1Q6xjIBH6wWDz8o/sukaSReoeMM4YDHRfzPGzGyfHQ0cn3KverLs qOBA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.98,296,1673913600"; d="scan'208";a="36614080"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Mar 2023 04:41:49 +0000
Received: from mail.cisco.com (xfe-aln-003.cisco.com [173.37.135.123]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 32S4fnRt016611 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 28 Mar 2023 04:41:49 GMT
Received: from xfe-aln-004.cisco.com (173.37.135.124) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Mon, 27 Mar 2023 23:41:48 -0500
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-004.cisco.com (173.37.135.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25 via Frontend Transport; Mon, 27 Mar 2023 23:41:48 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ur4LO5Ps/nTL2EQJvH0SjYp5hjR323KuemMxt17Dm6ycAkxLRRPd1L9tqy7p3pCvXyESLsg+PLr+BQfFJdmnvyr8pBUBnsDI9jphwzuSdZsI4BZ2+vNM9GSBzqHXAu9pT/8wMWiT8HFzW0rRES7zr4b6tqfu5QLznT8iC1xAVREqolJ4IfGi6vSIOW2SRo0HVmscYOgOy6IZ9pYydO88m91NcN4D7piGodO+dyeelYjpkui0YO+UNDNBmSUx1RU/5UE0J/NpCiXz/J3g42hfuNpiA7BB14Uqi6caqZNbHIhxqIO2eIW6nk6qIfRCwtdMnJIMHei2XUK7Qam7f67ENA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KEG4rbafe5BksKXvpA2UTBWJuEh61GlM5leQ1ux0Fec=; b=NOrFkQL0WTzYKRs9bPKlnCV94aJ1SqnBg8s1bePIAIIwBilZEGdGJ0i5uXgC9jTLFZHyOjpgkiqr0EzPNms72FkofNxPBDUBV3B1gRP9OVBxDsM6nQ51hzA+nmGLcPMK75ogQQQWXcY1JYHa5Up7Bs7KBevKLp0xuDYzXAynwDeFcmWqo5/k2X6BicadB/DJxTG9c3xN3VP9HQg7SfDFQnZ6OXgCuwfslYChUTrC54+JR79Q8XkhpVLGY8hrW8FHkoMCR12Upy8BsAgtOCi4KxwJTdrdWJ0+dwQUTiUdtB0RzDkIUN7e3lbtX2tYvjNSZXmSplitdt6JRwgl9U9CJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KEG4rbafe5BksKXvpA2UTBWJuEh61GlM5leQ1ux0Fec=; b=J2/kt5GZvGsWFEnTZz3MAkGRLsIZFvHa/wi8C1A01AZ8Fdo/V5SND6Faq60IAyGJA7n+lF7TIayhHfDRVojAuJDEKFobHpQqje1YwSvByzpdoTAwM6fon4kybFbTggtkICldv0jQBjDG6K5rnpQrHbcGmp4CE0GxBsajE0f1JHs=
Received: from SA2PR11MB4972.namprd11.prod.outlook.com (2603:10b6:806:fb::21) by BL1PR11MB5464.namprd11.prod.outlook.com (2603:10b6:208:319::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6222.33; Tue, 28 Mar 2023 04:41:46 +0000
Received: from SA2PR11MB4972.namprd11.prod.outlook.com ([fe80::e7c0:dce5:999f:4e6]) by SA2PR11MB4972.namprd11.prod.outlook.com ([fe80::e7c0:dce5:999f:4e6%4]) with mapi id 15.20.6222.028; Tue, 28 Mar 2023 04:41:46 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Fernando Gont <fgont@si6networks.com>, Jen Linkova <furry13@gmail.com>, opsec WG <opsec@ietf.org>
CC: OpSec Chairs <opsec-chairs@ietf.org>, "draft-ietf-opsec-probe-attribution@ietf.org" <draft-ietf-opsec-probe-attribution@ietf.org>
Thread-Topic: [OPSEC] draft-ietf-opsec-probe-attribution: WGLC
Thread-Index: AQHZJVIriFO+xKSgyEelwiTz0Oj2P674p3AAgBeOpYA=
Date: Tue, 28 Mar 2023 04:41:46 +0000
Message-ID: <16F82112-04A3-4A78-B954-093465838D89@cisco.com>
References: <CAFU7BAS3uEYc7JGavH9qQka1EhhYaO0mhnUDV7Q4d=Ru2SCLkQ@mail.gmail.com> <ae548706-db2f-5e81-9620-83e736b62027@si6networks.com>
In-Reply-To: <ae548706-db2f-5e81-9620-83e736b62027@si6networks.com>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.71.23031200
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA2PR11MB4972:EE_|BL1PR11MB5464:EE_
x-ms-office365-filtering-correlation-id: 23cd91d1-0c0f-46d9-1200-08db2f46bcac
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Vw/tKcrl7kTJ4HbidtbARjN0Ei5TIX0ENAdMy6HKAGQGzrOrx9OHJXGj9aXEWr0Uitdbr8Ri3P6+7fekAuqhzkKxpil2qY+5Cr08Kl3k0dGana0z6Ki/6HqhwNesD+/l5KRRHmDzeyX3sL6654mEljOEJeYgTU4yUhgTVfWxNtNxzfc6bCzHHtLtYBG1H1bUUmsawsO03rsltzqiGkWocRnUGdmsCn3AP+tyz4mqDOFGxCc2iHmZPvx11x3EywQnJfOSCtjlrU9IMGf8jUowTGipptQk1w3rW184lyXfU7/9khWJ4q5shWbEl5Tw8M6rGA0UMZKWi+RwtV32k0S9wOkxypFjKKrKC07dknsY1SOEjRaE68DGJWQgC5QvdOeNwOlzRA2JUe+mrSIk3IpJFcEueGFEdoj7Bgi0H5UgtCUENvdFVCljM6Bw9plxf8GXE4OxD8t6coNwUZdYQjWsxRTmuFAa0bRfNrgIc0wPTqsIPExI96DEtMTvtpGmrO+3PGMS5Y8s5cdPj71eZWFDl2UDou9mp+ZzO7RWdPAqqX2fynnKA0gLtHCV9Ar2Q1qGbVPLS9VwWb42WO4XYw/2iZDsMYfhXy3TifrX2hpv3K+vZRLWimliR8Y54+0ur3NG81GVewM2MhN4A4iX1FA/X6YstwgXBsZdxQz+iarmWuo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA2PR11MB4972.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(136003)(376002)(39860400002)(346002)(396003)(451199021)(36756003)(186003)(53546011)(6506007)(33656002)(6512007)(83380400001)(2616005)(8936002)(66446008)(64756008)(8676002)(66556008)(5660300002)(122000001)(41300700001)(66946007)(76116006)(4326008)(66476007)(91956017)(316002)(478600001)(54906003)(110136005)(38100700002)(2906002)(71200400001)(6486002)(966005)(86362001)(38070700005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VXC8fGtZ3CtI4Adcy1DkD70pYFw5TqNSKgfdm0Hrvn4+aA00tuGRbChZyzZPIOoAd7sHsKc5MzRhCXiNOK3tr5ZzvEtNfH0FDA5G4GlBrJQqHGaD3Ag4fKkwwQ9nd2qqy/abov6zMhT4VDy9tHSIMIjYI/do/NYJWQBGJajPss6UJ3JihjaFsftxRJzqCHVppGD4Q62KB2vtDKHm/fhD+T40LtwqFYO65dyL9lMYJYqfZeuO5Dj53z10puBL1r5Kdaonxy/oxIE4JeJe2Y1CfpVMSboVQTjtEQUF/koCCVvKTbch44DEJzmOKxIeIjhFmI2V1ptS+BRprTQjRdyvfVcXIDq0J6MHGchGRgYGcz63O9IF2k8+ImYgT5pe6QT+otgdOSVS4vD+q7g0aUs5H//+2lWwOKr4ZFKxl2pmi7+QXImk0ivNKhDneDsfvgBESqlo7EFdo+j9oWdBQnrUmCeJkGrkJ9Vk1VBkSst6N3DXGIEbUMwFZJRBDzcQHEFHu/z5VuBjj0fxjwUHdtBKr6/0dlhJ6Abkm1xlvth0nQyv2aqu1nMIbRoG6+7SWeN47tIvImUdEm6cFwvBodhP90PgEWF6bDYTW2Wp+dIWtbLzWqOL402/QJMHWnRhMORcPm57zvx5ouIsCtX/yyDkpNtpUC3Xr26uJ0yUcVFuUFfDcClj9DM+0yiAnDcFyJ6VMqw6VH7Q10Cq+3zEsbmQ7Y5AkheMeDGDBTTINADaV9kiLq+rvMMDd89zESDAGkg6yXLUIiw0i7DqENX40w5sHDXtUL4poUPrrReAcw+Tbgizu0yt24OLPQQ4PoDHdfXr6WYoIPHHyon2eMz9fwh6z8wYcnW4JGDayMAO4bk/wkhPynEX5qH3/IZ/a1SnBvU5WgLsc2cryFr6L1HwuEfUWfTUhTzIhRGgX6+9aILJN/pToKwH1k7KzuXFYUoP4G/ly4dCMMFXKvryInebIMm1AKFRUm2LkI4ND5HW9fEDkLVHx8Smrf5M6wsBuX0kHygqdCNUooAHMNFLXaCjTFJoTiLMMwzzQAXc26DQHQXgQLpDGNiv4A9wx7Og57fxst+5yEQgOtk413SaJF8ebxNiietHfeJgMKAW+WiSmRrSo2tRqVp3ZorutbrO1ktx8eXY7FPWamH06PnZH+fcEqbKkDXFzUh0URm1kNz0A/qDVaT2+BhEksISDyCqldonsx/YMXRkfUdM7h+yJUevgZb/ugFiJoz/f7TkBDrr5QLdxYR5hYH9ZkO7KzsiiHXPyPrnEOo66jnwxcyB53bnz9mLoJX3BTvO1cLtsYR33G/jSYJGLhPnlp593BcPlUzw76HXXX1pUxkaYxQFXGdfAz2PkAGgpPy4U+QYrdEJd10ASIy+4Vu6uNjaSP0eE1H2ypLs42GGa17bMK7GYVRftqRzuwNJiZLZqOHJjkwcN2AzZp9MAYvs1XZJTnhwMp7mpUTJgeSXxJ4vzU0Im7sWDe2MIfftxvSelvnVeaKGXw91KPqF4YGMxYkwu2tgHPtwRnAuqL+qcxI54U/iuCuA638kn9lAWMHLX6ZHsXBYR1Qy9AIYUwbdmDDEydYNIQ3xhjW9sZFTOnFVOYu7nhmPFP+op6sXIg8fSIUcKjpYgqnBby11DRcE689/k0wZCKA8PgVa
Content-Type: text/plain; charset="utf-8"
Content-ID: <C6A02BA44B63B8449F344228B493D7FE@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA2PR11MB4972.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 23cd91d1-0c0f-46d9-1200-08db2f46bcac
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2023 04:41:46.2424 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2Z1LNA4WVfLqloEYgGwmg7y4mabmvhAJxEntfdFCvbCWdaYwt1wwIaWn0FNOnJAC3bau8rbK46ExmGbsgbwhBA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5464
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.123, xfe-aln-003.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/5ClBm_EPZkayHIZ0bid_K7KPAOY>
Subject: Re: [OPSEC] draft-ietf-opsec-probe-attribution: WGLC
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2023 04:42:06 -0000
Hello Fernando, Now, it is my turn to apologize for the belated reply ;-) About the section 4 and the impact of data in the SYN packet, you are correct: this may influence the experiment, hence we wrote " However, it may change the way the packet is processed;" we could be perhaps more explicit. For UDP probing, when it is done, the expected behavior is not a to receive a UDP but an ICMP error message if there is no listener on this port. This is of course relevant to the probing experiment itself and not really to the inclusion of the probe description URI in the UDP packets. We will update the text: "note that if the probe is destined to a listened-to/well-known UDP port, the inclusion of the probe descriptor URI may be undefined". For IPv6, the probe attribution text will only be added in the extension headers that are used anyway in the probing (like your RFC 7872 or our JAMES research) See below for EV> Thank you a lot for your review Regards, -éric On 13/03/2023, 15:57, "Fernando Gont" <fgont@si6networks.com <mailto:fgont@si6networks.com>> wrote: Hi, All, My apologies for the delay in my response -- I've clearly missed the WGLC deadline. But, hopefully "better late than never". Some comments on version -01 of this document: * Section 4: I believe some discussion is warranted about how this might affect the measurements themselves. e.g., * SYN-scans containing data might be discarded * Also, if you're UDP-probing, the UDP probe packet needs to impleent the target protocol, or else it won't elicit a response. This in turn means that most likely you won´t be able to encode the URI in the probe packet. * When probing over IPv6, including EHs will definitely affect the probe results (as per e.g. RFC7872) * Section 4, page 5: > * for a [RFC793] TCP packet with the SYN flag: data is allowed in > TCP packets with the SYN flag per section 3.4 of [RFC793] (2nd > paragraph). However, it may change the way the packet is > processed; s/793/9293/ EV> thanks * Section 4, page 5: > * for a [RFC8200] IPv6 packet with either hop-by-hop or destination > options headers, in a PadN option. However, the PadN option is > not recommended: as per the informational [RFC4942], section > 2.1.9.5, it is suggested that PadN options should only contain 0's > and be smaller than 8 octets, thus limiting its use for probe > attribution. Indeed, inserting the probe description URI in PadN > options could bias the measurement itself. So... what would be the recommended approach for including the URI, if any, in an IPv6 probe packet? EV> we will fix the text by providing a recommendation * Section 4, page 5: > For example, the Linux > Kernel follows these recommendations since its version 3.5; Is the "recommendation" to drop these packets? Either way, please clarify this. EV> Justin (who discovered this) will clarify the text * Section 4, page 5: > The probe description URI should start at the first octet of the > payload and should be terminated by an octet of 0x00, i.e., it must > be null terminated. If the probe description URI cannot be placed at > the beginning of the payload, then it should be preceded by an octet > of 0x00. There should be some discussion about MTU related issues. e.g., what if including the URI would cause the probe packet to be larger than the minimum IPv4 MTU (68 bytes) or minimum IPv6 MTU (1280 bytes)? (since this would also affect the probe results themselves) EV> unsure, we can add text but isn't this obvious ? * Section 5, page 6: > Both out-of-band and in-band combined should be preferred. It could > be used as an indirect means of "authenticating" the probe > description URI in the in-band probe, thanks to a correlation with > the out-of-band technique (e.g., a reverse DNS lookup). However, the > out-of-band technique might not be possible due to several > conditions: the presence of a NAT, too many endpoints to run a web > server on (e.g., RIPE Atlas probes) I'd add a reference for RIPE Atlas. EV> good point, we will add a referene * Section 7, page 6: > This information is provided to identify the source and intent of > specific probes, but there is no authentication possible for the > inline information. As a result, a malevolent actor could provide > false information while conducting the probes, so that the action is > attributed to a third party. As a consequence, the recipient of this > information cannot trust this information without confirmation. If a > recipient cannot confirm the information or does not wish to do so, > it should treat the flows as if there were no attribution. This probably also make a case for favoring out-of-band signaling... EV> sure, but the authors also really want to cover the in-band signaling * Section 8, page 7: > > 8. IANA Considerations > > The "Well-Known URIs" registry should be updated with the following > additional values (using the template from [RFC8615]): > > * URI suffix: probing.txt > > * Change controller: IETF > > * Specification document(s): this document Should the document be std track for this? (particularly when the tet says "specification") EV> no, RFC 8126 only requires a permanent publication, it evens contains " including informal documentation." Thanks, and my apologies for my sub-optimal timing! EV> and my apologies for my sub-optimal reply ! Regards, Fernando On 10/1/23 21:17, Jen Linkova wrote: > Hello, > > This email starts the WGLC for draft-ietf-opsec-probe-attribution > (https://datatracker.ietf.org/doc/draft-ietf-opsec-probe-attribution/ <https://datatracker.ietf.org/doc/draft-ietf-opsec-probe-attribution/>). > > The WGLC ends on Sun, Jan 29th, 23:59:59UTC. > > Please review the draft and send comments/suggestions/opinions to the list. > > Thank you! > > -- > SY, Jen Linkova aka Furry on behalf of OpSec chairs. > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org <mailto:OPSEC@ietf.org> > https://www.ietf.org/mailman/listinfo/opsec <https://www.ietf.org/mailman/listinfo/opsec> -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com <mailto:fgont@si6networks.com> PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
- [OPSEC] draft-ietf-opsec-probe-attribution: WGLC Jen Linkova
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Jen Linkova
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Justin Iurman
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Prapanch Ramamoorthy (praprama)
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Justin Iurman
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Warren Kumari
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Jen Linkova
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Justin Iurman
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Justin Iurman
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Fernando Gont
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Eric Vyncke (evyncke)
- Re: [OPSEC] draft-ietf-opsec-probe-attribution: W… Jen Linkova