IETF Logo Mail Archive

Re: [OPSEC] Opsdir last call review of draft-ietf-opsec-probe-attribution-05

Linda Dunbar <linda.dunbar@futurewei.com> Tue, 11 July 2023 20:35 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A73F2C16950F; Tue, 11 Jul 2023 13:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAIF0RWwuRMd; Tue, 11 Jul 2023 13:35:08 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2130.outbound.protection.outlook.com [40.107.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64F7BC16952C; Tue, 11 Jul 2023 13:35:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cHYL43xB7T4oCJJmC3GeyUAFy53wrzNpTpR4k1OPc84OTBFIVB7fBCJiS50xLanWemH7lLAEN2fhxo3Ufq9nmA4QX9zaSeTlMtWYTpmffz1CdhNlACNzhZbZJVxFkw4OLxczS7qf5rc0XLFJkMwKBdD3BjeEL11+0LQnfC72N8ns6wupzjFcSL7rVd/1urOlz3HjdHnKRw5UWS0vCgCSNSjGkBT/lhO6278jpnM18YqsFoo2CjuvM91t9YYAKWdRZ/sV2LPwBfNOpga1MlXXtrSCdcMZriv2F3T3bamLxtTFcQ4ySMARKP/Usa1KYt1VrR4UYyOM/BhO2m3e2+d3Fg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JP4Vo641wusgLjgsJdC9xURTwdkYloHdQMvIvju0M9s=; b=WQJYffugRYK4rY7G8Y8SpsB+nUQJoGtZeF8jlAqBN8uewymU0mMiI/gRsXY7olDkv2ey0dREYJ5G0yUFPAard2aWGMzemox6SxYXNoqimGHUr/zXx5kNu7lqZ28/I/QoUNiRf78bm0VEsURwgn39sVYohe80qppo99vgZp0jO5jhtc0233Ewgx8RlGsepn0i3a68miViCw5S23C9dt9aLqyPHgFprnrMyYKI0ktG6bQnBKs8SEY94BLCTcMc59b2tA9lZVRYsvWWif5sLo2IHRSiIK6bKS2Q/0XGx4cNXpXkyzKEAJhEp/Ohlr4ALYFfy2AznRXKqq2hCK8yCryPhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JP4Vo641wusgLjgsJdC9xURTwdkYloHdQMvIvju0M9s=; b=M5sUZJ+KQ+oWwDzgcS1iUGVsW5fWdIvNeBXUaoutPZrC112P6VnlEwsEx4xa9zjaSST1fSG6ktih48R9eWZwfG9JjwmvrnG8r9lnaPrCuzAncqebC0EVW1uPCY6wUiv8/yTiZ5a3Hx0so9+zA6IlALVxLBCXschq5WL7buc13ok=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by PH0PR13MB5716.namprd13.prod.outlook.com (2603:10b6:510:117::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6588.20; Tue, 11 Jul 2023 20:35:03 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::a60e:4559:fbed:3712]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::a60e:4559:fbed:3712%3]) with mapi id 15.20.6565.028; Tue, 11 Jul 2023 20:35:02 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Justin Iurman <justin.iurman@uliege.be>, "ops-dir@ietf.org" <ops-dir@ietf.org>
CC: "draft-ietf-opsec-probe-attribution.all@ietf.org" <draft-ietf-opsec-probe-attribution.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: Opsdir last call review of draft-ietf-opsec-probe-attribution-05
Thread-Index: AQHZmke9aeclq40AEkWzdS3qoY0oja+1OHlA
Date: Tue, 11 Jul 2023 20:35:02 +0000
Message-ID: <CO1PR13MB49201DFFA9FC75814996630B8531A@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <168624040559.34152.16732715656841514502@ietfa.amsl.com> <c03e5515-904b-d746-f512-8dd985991b6e@uliege.be>
In-Reply-To: <c03e5515-904b-d746-f512-8dd985991b6e@uliege.be>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|PH0PR13MB5716:EE_
x-ms-office365-filtering-correlation-id: 68cff824-df58-4845-cab9-08db824e4dd6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: v+BmS33PG8565eZkWRqhnjvcnBhEslle7MrE/8weLa9Z1w4f/MNXLNvV7AYOZf61f54gC91z1t0Fi1MiTgV8p0LA0oAY/toaWK8L5HQ6GYZyQQTPqFR0KSuVdTp9lWA81LDXgcY//nyg3uF7VHcz/vakAlSB103DUUoTJUBIAjYuaVMb0BZmBXLzXWbs3xJ4IPBEuMw1waEoLft2APC3XJqF4MzUIS4WtnPnzPExiGMs4fmHKNoRkN5i+xumxkNPXRcA/IIBb8zVCRhruH8hJVteujCNI7IPM9j3Z/CEbC7C6le//pp3gBHPqG9CmjWHvpzFaKCez6SWPo0IosLeEPXxqLBnvrNPZ0Omvj1qHu0hQJ9FMwRuO+u2xfgeooJIdOiVB5tG4X905q94gUeiR0ucdKOgyMIn4j57S+lydmXck8S/U4384rhmL4XmvL2CvaiCGyHLrBdA4gVeUgR1hR/XS2kEHwt/4t1rusOrwceEasr4ftOj54lPrTVAUdSxllakGBEb2Jd1B0Hyt+KxwNO5hNgqFUKJYXvm6pECBIIiibDe2zmaSpySnxIo4WDKh++fPKahGQeAmTUe2KHUt30DjLjbmH54yprJyotGyJ/4xlgO8VAImyjqJgEzI9TSUkBuzRexTWCA9cv396lKICeb4GIno6U8j93c/zhrQ5g=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(39840400004)(346002)(376002)(136003)(366004)(451199021)(71200400001)(9686003)(316002)(44832011)(7696005)(54906003)(4326008)(122000001)(55016003)(76116006)(110136005)(38070700005)(38100700002)(478600001)(2906002)(66556008)(64756008)(66476007)(66446008)(66946007)(83380400001)(66574015)(5660300002)(8676002)(8936002)(52536014)(186003)(41300700001)(86362001)(26005)(53546011)(33656002)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PmnUGnc8yxXyckaY2WswyE12VSGji8FGDA/Sa8vALgEQqAnLCdymYoSuTzkZmTG9Yzn7PrMXcxvF4Zp6Pc7HFZLNmGVFnXceTL/9qCU0Sl3Zf0VsYjFTjeTxIAlFzgywaYdPIelOoWNPQiN8Aqc3ZkW3eGCfqti6BXex5kqLIpmddZgGHv5XagyynFEpntXch+f/sgc61Kguqx+Cht1VuNqUmo0O9O8cWHoJRL+ktF15DfQgVyXQ53W6AgG62CVzLoNlpCd5jkIRpb0Tkh+CK3/t4iaeJ0tUMSM2s9u9nKQSHm8O9wWDMuH+WEzgUTGhyDBiT3yRoj3NKdW4WERrUZ45WJ6fsn0q9js+H4KGZ6FDR+0vJVO9tXFqQc4GkGZEjzohNDYPZvjp3WjoJDU6omYKemsepJh9wVHxS3T8XgraOkLztj+7cav8bcJSasSdR32tFPn2Uq1h+rGIdneD8hTiin1LZNqOEGabW5T1zg/G0wc+9ctx6AE9sYxGJ80vPi+Hr8CgsxLGBAMg3BWkZBsBOakI7F7ZH06oTKXGpw5H2t2OZLoP0WHTw3n995jHfcjWOXLBCATW4byLl1L9LF7bj61pm6oT+7TYOXbnnNxVpEgREdo+VzvVWDkhGf4tzteXhi7EEJDZoamCRLpPlGFzquiWQqz5pSP7BXmEELHTGLJHPOqqE5e9BDc29G91p3grmAnwn0bL1yhTMBHiR3Kcov7n+jKdpRcw7XpfgYSNBmkWWSlVu1gohgcwAYLtMRKMp/ST9FKl13QXL9rIiUk1V2lA6KmAsH9Is4m0qSSV+/FqTH5/Ekj7P2TVFoLaVx80pZX4QipulVjXK+voXhMw6xL7YmvbV22V7hya9vIZiCKIBBGejFDQqF1wmnYf3YdbWMbjXUXn3qrY1LE7/2EM5pv/oxXXBsrhyr2+VNhp+r6oW5fQq5yTEXQAXcqcRpviae1IOxYZhyjKJLDXT/rnxfmv6A/dWdlgd4I9DRorJL5uHTm/djjhybV72Zq3FRKWzxx9HQ4KEbjDed5ALrHwrG4LFrlzcfsHf0wEwwRuFsAi2OtpK7jFS3zX1wzzdrLvcPWj0XMsXnrbSGR+pV4Z1HqSG9/slC2l5KOaXWNq11C30zkXp4Q5RXnbkgi6VFG3roEvODWjgWGPG43A+hVuwIZ9n3dlhZJvKXlBjzP1zi7qsmPVJGW9fZXuDO3IkDqKK9YSlHkHl8K1mKAqVg0VfAOroKh0GCXxj6qK9l1PIp3gZC6kR1gQmKY4u2VNxAy9ATalmaNuecPeFTQQ4I5DPEkHx6DHaQ+ieyBub1QNwgLOFVmtOUla8EJdr7WbaNkPrIZHnzuDQR56Xr/QfglJIsdySTsJzObvHWC/hdSLFEXUqrHqqa7n6Tz9G7seeXf1a3qkFWoI81eBQ2D9o10q4nIUku3dcOcj0/sK9IC4fpiJ3CvdlZuxsdfbziDIxXhC9PipW759cyJKwP7wnySF5flLn19DB1S4olhgS5OKUvoocp0w4cyZco81/lVarllA/fAZKyfKDRqz4GXTdk9o6A39Lp8NVqAR4HLt8m1H8TXz5pJUS6gz/uai5ZE6
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 68cff824-df58-4845-cab9-08db824e4dd6
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2023 20:35:02.7932 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UtAkEuaqqCCNK3tar5RzeJatDHXgtYJvwjsHfYJx6BeHwJCDJcRm7w17q23DLWRky8mgCu0Rc9qLB5W2P7/5Jw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR13MB5716
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/9x3aZhCJwj41TDUP_YWCbr39Fa0>
Subject: Re: [OPSEC] Opsdir last call review of draft-ietf-opsec-probe-attribution-05
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2023 20:35:13 -0000

Justin, 

Thank you very much for the explanation. 
Is the "Probe" another ICMP message?  Does the "probe" have an ICMP Header? 


Does it mean that Source can include an "URL" to the ICMP message content? 


I reviewed the -08 version, I still can't find answers to my puzzle. 

Thank you
Linda

-----Original Message-----
From: Justin Iurman <justin.iurman@uliege.be> 
Sent: Thursday, June 8, 2023 3:28 PM
To: Linda Dunbar <linda.dunbar@futurewei.com>; ops-dir@ietf.org
Cc: draft-ietf-opsec-probe-attribution.all@ietf.org; last-call@ietf.org; opsec@ietf.org
Subject: Re: Opsdir last call review of draft-ietf-opsec-probe-attribution-05

Hi Linda,

Please see inline ([JI]).

On 6/8/23 18:06, Linda Dunbar via Datatracker wrote:
> Reviewer: Linda Dunbar
> Review result: Not Ready
> 
> I have reviewed this document as part of the Ops area directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the Ops area directors.
> Document editors and WG chairs should treat these comments just like 
> any other last-call comments.
> 
> Summary:
> This document describes the method for any organizations to send 
> queries to understand the received unsolicited probing packets.

[JI] I think there might be a misunderstanding here. What we define for the in-band technique is just a simple way to include a probe description URI (a link, an email address, a phone number, etc) in probes/packets so that third parties on the path would be able to identify them (what's the reason for such probes? who's responsible for that? what's the purpose? etc). We do *not* define how third parties would verify the probe attribution (at least, we explain how, but we do not define a query to do that automatically).

> Issues:
> - Are those queries generated automatically?

[JI] Not really sure about what you mean with "queries". See the above explanation. If I missed your point, please shout.

> - If the queries are generated automatically, does it require routers 
> upgrade to support the auto-generating of those queries? - If the 
> queries are generated manually, the draft should give some detailed 
> examples since those queries will be generated by people not coming to 
> IETF. - Today, most routers ignore the Internet probes they don't support. What are the problems of ignoring them?

[JI] No, routers do not need any upgrade. If the out-of-band technique, nothing is included in probes. If the in-band technique, the probe attribution is included in probes, but these bytes are just like data payload.

Thanks,
Justin

> Best Regards,
> Linda Dunbar
> 
> 
>

v2.23.0 | Report a Bug | By Email