IETF Logo Mail Archive

Re: [OPSEC] Martin Duke's Discuss on draft-ietf-opsec-probe-attribution-08: (with DISCUSS and COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Wed, 12 July 2023 15:31 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18F42C1519AC; Wed, 12 Jul 2023 08:31:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.595
X-Spam-Level:
X-Spam-Status: No, score=-9.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="TE7dsLxY"; dkim=pass (1024-bit key) header.d=cisco.com header.b="Vz8s11Rr"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P200LcEbs0xQ; Wed, 12 Jul 2023 08:31:34 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D54DC1519A4; Wed, 12 Jul 2023 08:31:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5120; q=dns/txt; s=iport; t=1689175894; x=1690385494; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=LK6BsXGuaNUnn+IFmPxIBlQu5ipXmhz+hTNmhzWgrfA=; b=TE7dsLxYYlnSAao0ITIXs+Ql1V1zBNixYM8S80EPwjy0FAoExjlnkEE/ wbwwxpVlnZwAutmcq0yCxCS7jxA14Ne3LtE+Q/TMYSWPlaSYxKKA47foC 5BnIXhurrq0xEhzEXpI/2F53sgCuWqxtmEl5bTeE604kvN88muNKHnunp w=;
X-IPAS-Result: A0AZAACoxq5kmI0NJK1aEwEBBwEBAQEBAQcBARIBAQQEAQFAJYEWBwEBCwGBYFJzAlkqEkcDhE6DTAOETl+IXp11FIERA0IUDwEBAQ0BATsJBAEBhQYCFoYLAiU0CQ4BAgICAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhWgNhgUCAQMSEREMAQE3AQ8CAQgaAiMDAgICMBQBEAIEAQ0FIoJcAYJcAwEQBp04AYFAAoomeoEygQGCCQEBBgQFgU5BsF0DBoEVLQGHZRoBZWWDd4Q1JxuBSUSBFSccgWaBAj6CYgEBAgGBKAESATYCg0Q5gi6LJg0MgmGDBYILGC4HO4EREQqMH4Enb4EegR56AgkCEUEmgQgIXoFuPgINVQsLY4Ecgk0CAhEnExQFTngbAwcDgQUQLwcEMh0JBgkYGBclBlEHLSQJExVBBINTCoEJPxUOEYJRIgIHNjsbTYJqCRcONVN+EDEEFB2BNAMZKx1AAwtwPTUUGwZBAieBVzCBQCQkon8DaIMkBCIFCAwIEH9qGQIPAgEWkwYKgxJIizihJYEuCoQLi32CUIxHhgcEL4QBjGyYCmKYJiCCL4sQgUGTWQiFFAIEAgQFAg4BAQaBYzprcHAVOyoBgggBAQExUhkPjiAJAw0JFYM9hRSKZXUNLgIBBgEKAQEDCYtIAQE
IronPort-PHdr: A9a23:7YBCvRbJS+FVxA51FpJgPYv/LTDihN3EVzX9orIuj7ZIN6O78IunZ QrU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+YgBOAMirX1TJuTWp6CIKXBD2NA57POPwT4PMnsK81O2a8JzIaAIOjz24Mvt+K RysplDJv9INyct6f78swwHApGdJfekeyWJzcFSUmRu9rsvl9594+CMWsPUkn/M=
IronPort-Data: A9a23:Eu0h8KPLRlH5rDrvrR1ul8FynXyQoLVcMsEvi/4bfWQNrUon1zAFz DBJWjiCPfaPa2P3eo9+a43kphkPvZ+Ez9I1HnM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h ykmQoCcaphyFBcwnz/1WlTbhSEUOZqgGPykUYYoBggrHVU/EHh400o48wIEqtcAbeaRUlvlV eza+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U7WVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjidp7PcFNvEhVVto1y2luNtR7 otW6qXlHG/FPoWU8AgcexBcFyc7Nqpc9fqXZ3O+qseUiUbBdhMAwd03UxpwZtNeo70xWD0Xn RAbAGhlghSrivynxrm4R8Fnh98oK4/gO4Z3VnRIlGuGVq53HcibK0nMzccCjBYXl5BWJtHPa PJGUBF9ZwjeXhIabz/7D7pnzLv32RETaQZwr0qOqKEf4mXPwkp2yreFGN3NYdGBAM5Vl0eCv UrH8nj3RBYAO7S3xSCM/G7ph+LTk2b8QJkfH/ig7PlgjRia2nAJCRcLSVq8p9G4h1KwHdVFJ CQ8+yc1ooAz+VClCN7nUHWFTGWstxoYXZ9bFPc3rVHLwavP6AHfDW8BJtJcVDA4nMRte20U1 FS0o8/WWSRDl7a1byyGqY7B+FteJhMpBWMFYCYFSy4M7N/ivJw/g3rzojBLTfDdYjrdRG+Y/ tyakMQtr+5I1Z9Rh81X6XiC0mzy+sWVJuIgzliPNl9J+D+Vc2JMi2aAwFzf4PAowG2xEQTZ5 CJsdyRzEIkz4XylnSiJRqAGG6ukoqbDOzzHilkpFJ4kn9hMx5JBVd4KiN2dDB42WirhRdMPS BOL0e+2zMMKVEZGlYctP+qM5z0ClMAM7+jNWPHOdcZpaZNsbgKB9ywGTRfOjzG0yBB2yv5kY 8jznSOQ4ZAyV/wPIN2eGb917FPX7ntWKZ77HMqilE33jdJymlbEEedt3KSyghARtfPY/1q9H yd3PMqRwBIXS/zlfiTS6uYuwaMicxAG6WTNg5UPLIare1M+cEl4UqO56e16IeRNwf8K/tokC 1ngACe0PnKl2y2eQehLA1g+AI7SsWFX9yphZnNxYgr3hBDOo++Htc8iSnf+RpF+nMRLxv9vR P5DcMKFasmjgBydk9jBRfERdLBfSSk=
IronPort-HdrOrdr: A9a23:3KlUf6m0oECyKoAdCebydNHvrtvpDfOKimdD5ihNYBxZY6Wkfp +V/cjzhCWbtN9OYh4dcIi7Sda9qBPnn6Kc4eEqTNCftJGPghrmEGgQ1/qd/9SGIVyxygc979 YtT0EaMr3N5DdB/L3HCWWDYrMdKZy8gdyVbITlvjZQpGNRGttdBm5CY27xfjwUNWt77NgCZe ehD6F81lydkAEsH7yG7w4+LpH+TrPw5fbbiBg9aiIP2U2rt3eF+bT6Gx+X0lM1SDVU24ov9m DDjkjQ+rijm+vT8G6e60bjq7Bt3PfxwNpKA8KBzuIPLC/3twqubIN9H5WfoTEOpv214lpCqq iPn/5gBbU315riRBDznfLf4Xin7N/o0Q669basuwqmnSU+fkNjNyMOv/MDTvKT0TtQgDg16t M644vejesWMfsF9x6NuuQhkHpR5xCJSTBJq59hs1VPFYQZc7NftooZ4QdcF4oBBjvz7MQ9HP BpF9y03occTbq2VQGRgoBU+q3lYl0jWhOdBkQSsM2c1DZb2Hh/0ksD3cQa2nMN7og0RZVI7/ nNdv0ArsACcuYGKaZmQOsRS8q+DWLABRrKLWKJOFziUKUKIWjEpZL76Kg8oOuqZJsLxp0vn4 mpaiITiUciP0b1TcGe1pxC9R7ABG27QDT208lbo4N0v7XtLYCbRxFriGpe5PdIj89vdvEzAc zDSq6+K8WTWFfTJQ==
X-Talos-CUID: 9a23:DE4Z1G7DwbLfKuJExdss/xUqS/4neUDh0EiMO2OfAkZPFqbKcArF
X-Talos-MUID: 9a23:VF/Pxg5pStm+M9pakDDLbGa7xoxwufSPL1Fdia4hqsa8ahVbKTyBkgm4F9o=
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Jul 2023 15:31:33 +0000
Received: from alln-opgw-1.cisco.com (alln-opgw-1.cisco.com [173.37.147.229]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 36CFVJfP020275 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 12 Jul 2023 15:31:32 GMT
Authentication-Results: alln-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=evyncke@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.01,200,1684800000"; d="scan'208";a="4150113"
Received: from mail-co1nam11lp2173.outbound.protection.outlook.com (HELO NAM11-CO1-obe.outbound.protection.outlook.com) ([104.47.56.173]) by alln-opgw-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jul 2023 15:31:18 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IXkWbr6ZoKWx73OVwwOP0WrlcJh4NA99jnDRT9J2Du2N/zd5kwCgQ7rSJTpyY87UFWPIA04pRm5IN3oV1U84hJWC5iGavgF9SJKw9zSOG0WzRuA2rl5kiv7B+If8+u/AOpw9kfzFMz/4LDV6OxYM8Jt8XW98z6okb/ENz7kdtmVAR4jnDkAB48C2HrEBkd/Ihq+uQ0S+NXZg2xtmd9dBEQ5U2Ct62KR3r22YCwxpdCAbItsdFAOVFXCPNkSmzxQETSIWJDvgSYPOCVFYSPTnKITj/H/xuH7oABUWah/3kSiiUzDfgfMJ+z6+j2dU46XlThQhSqAyggqWW5MNzW9PCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LK6BsXGuaNUnn+IFmPxIBlQu5ipXmhz+hTNmhzWgrfA=; b=dHQh+a+BJMUCmoPluOhvPQRWibeJgjZl5psVorWil9p7LGyUe2mlvjNKFyMmtEV+aqpaKvpVVJOg3z615th+Xhs7NLUU9ZhSkLTn8yPmQXkV6wPCQdkK5i3u54HcZww241igvXFnteFn0IXU00bq3wXnC7wrsQTffObphvIlKgIy9m8b96KX0VhhtRU9rhf3RImYJtuQlb/m1cLD3dgIirpiDYtv8esUXvMaDzfJOu6utMgmTknRld33F//jDOSEUrq/vKboTO+0lMJegA+m5ncuw3ebsnzJueQDErDnOFY3lUXQuOzhzu8Q/pFNyG2kQWdJpN8cKsm9nhGP/QUJ5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LK6BsXGuaNUnn+IFmPxIBlQu5ipXmhz+hTNmhzWgrfA=; b=Vz8s11RrUi3bjSUJWsYRmRCqmV0b2/EVdhkZ/DxJJa6hlFvNdlqm/IkF2FxKCMVq6UZ8Y98Y/AoR5iJuFNz8vYE+myE3DKbPex0o3yu7VjZMe54KVI4vzePmiOrhGPydoAEaqX/0TLJBi2qUgHf3nD5+K1II44kjhD0ptFHGcbM=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by DM4PR11MB6192.namprd11.prod.outlook.com (2603:10b6:8:a9::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.32; Wed, 12 Jul 2023 15:31:16 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6098:a11f:49e5:c244]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6098:a11f:49e5:c244%4]) with mapi id 15.20.6565.028; Wed, 12 Jul 2023 15:31:16 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Martin Duke <martin.h.duke@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsec-probe-attribution@ietf.org" <draft-ietf-opsec-probe-attribution@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "furry13@gmail.com" <furry13@gmail.com>
Thread-Topic: Martin Duke's Discuss on draft-ietf-opsec-probe-attribution-08: (with DISCUSS and COMMENT)
Thread-Index: AQHZs07aUK8iE0vOQ0CBIjRdgGdtw6+2ZrOA
Date: Wed, 12 Jul 2023 15:31:16 +0000
Message-ID: <93EDBEF7-D297-444D-A209-4B8136F74B69@cisco.com>
References: <168900791516.4159.13220229134950611342@ietfa.amsl.com>
In-Reply-To: <168900791516.4159.13220229134950611342@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.74.23062500
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|DM4PR11MB6192:EE_
x-ms-office365-filtering-correlation-id: c6a7c5f5-6450-443c-b482-08db82ed08af
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QN8OctYrN9iNpCgqsaJCcCOkD28nD+rMw4rHEarq/97ylKAqTkYOQhkF53fwkf3vuwuOWWyUPfG8oK+kmsRhEbRTSZIoKiRuiEMgcra9jQz0aQj33QcH2pQcNMsnPlXNm70n3rCGXHgH1A+T36yFPsLjSyvQp692J2MQC/3xPYNAKhu+Lml35PDK6GA2CTSqYKEbpnyTEPY+D5mnygg2PPfrt/LSHHGHKN+GghLeACRPPKh/dWa3dGF9vc5/OigKZTwABpbgxzUz5t9IeU4h9irmzlb94C5euDdQYw3HjkhzNFlEfR2GS8eqnMhbpnmV64MdINK7UcOtNXw0v//QEi19bqkq5O47bpMQDcexpXNs1PxA6yUNWDdknz9+E/9kY5G2aCn61YN93+k9OMGPuztWiv1LaZJPL3vByUW/cSQy+OXT3lVJeHvGpvr+8OTdp85pEWeQXavuzxal4uf2Qo4CAOlOmRydLl8FQWtHchos1jEmxXkr26Mmcf+limb0EafjmKnNayUr4TI6IHpGQyuQGpPvLNUkbyWP3+2ndDh5yY8jt3/mw5uYpj9c+YyO7pN2w/YLs3wk2lfMkJNB6TcByCM0e5ok1ylWDABpeHv8eiwoY2rNfpUXW5yrJjyn2758WMQQrcpLaiWlCdF1mvXwzn/R6SJ34YLaK8bT6lk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(346002)(366004)(396003)(136003)(376002)(451199021)(86362001)(38070700005)(38100700002)(122000001)(36756003)(33656002)(6486002)(966005)(8936002)(6506007)(5660300002)(478600001)(186003)(41300700001)(8676002)(6512007)(2616005)(2906002)(71200400001)(316002)(4326008)(76116006)(66946007)(91956017)(66476007)(83380400001)(54906003)(110136005)(66446008)(66556008)(64756008)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oT2QFo357hOb9ZTmY9f9GKuNjEprtLWr9NEdgybb4oRa73j0TZ681x5jDFqEG9T4xJBRYz1llgQZMGLaSAQ3e7wa7cgFe8521XoVlNj7EODa0Cjr38PSVvwBbwPcPKCmYHG6htoVXmiqddI5ZEXI64LStk4TBbGsvsQ1uUE1fzNrRIfDozpLLoAbldJ5u8qvbgHzK5+oFtFR17To5uV0RLtxX6icIcRY3FdTpkZhE3It1/joUBxFo755ls+5A+JDJjkx02rC1sJyVEM7ZIKlNi9IIRuNELm4/PQiPqFP8tVxQQQ/+tl3uuNwnsCXm9QyQ3VDhTH+bDhTtSCPUAGx51MhG+b2FSIvC1R4+Y330hrvnvIi7D7o6XWkN6oneh66n+WU/gWluyuHV8kD+SSInAYencasIUJi6jDJ5NBnLbXsj6pBu2oIW2bhv4WkIckGdUV/ydRLCNZcR/qel8gPYHFviAyZMBIB1RMBXV1R2l+qosWm1VgnsCp/uCuL0S5nzhYEiu7bCf+yXJmQz0wxEW+xSwYw1rM+D8sBctQKDHkKCedo0L0gtVBN7nsARPalcvmEz01sKjWNzVaFhjA3dZrjBCGfBbHrFcO2eA9krk9kyFXnNNEJHKZXabLS71+VT4JqiwNLTRGx76uBoAcLZ6vv1/asXipNqKh9bSlsAN1ZnAxlhk1BGMlBkyrKN5g4KvOFpaU7KIfpvajYJyUUsC86tUgBuWPhQ5FRAVnTjvB+n0ZUCp35PHZZ7UMQVCu+eciyqptFsI8sausFSnXhDh4rdeg2EotAKBNp80a4UMYFJ3JS/rXkO1cUqVgQP2FIHhSu7/f+mUVCnj9NOqjZVnvO8QhyzqPcXFR0AWxvzx27Rhd2wElPmZ60YKn5IypOmAFsQo5tKASru2QGzBmTywYg+8UpGBqn930+QFZji8uH6Erv1QOy5zkkg5bujOjz+gb3JdLlAIh5HSohLi1k7DHvPlr67S1otRDDdQQE0JklN6r1MtIgcHUCkRMkPf4pg14/gk7yObspu9oIfM7XZqZ6iDWGvZ5ZnsEnDHHY282ZWW+5KRJ/6b2toRavIE3yioB9KG+sv8B3x7dpndRSDd1ReymIbV63qsFjHzTwyBVxJvHcDbJq+QcrVoRYmLxhlSZUJRamMog++berobA/RN5G8nBbwEcSRGDHx0lYCZ+E2xQYLjozzrjW9D8d4cBjMbIZda3hahmWT2IeJRD1YlRPuNeSrSjvUvI0r3PZXxoqDPXmI6vRXpTsM1y1FaDoyBfna0mdN/s/47xmUPSVNUsqzrfUnW1MWlCbYQPypuBcZ0kOhF1L3mImUaP+GtjbfzQKWQSqKHH4qTDs7WQgNIDV7++DxQfe1ik3gAOI7NqLdnyEJuhst2kIzXYKiiLJEtA2lfp8bINsqPkIAY4p3VlgZ8EniNX5Fph3iCIY/CqHtv/PHhXzyeuOGU7kp9P+BT1oJGqU8mMLY46e9d1E/SIM0VKI5kdosYopij3n9L4wm3MPnTX4+rQG4rpBAaWwhuH+vvlU48fT5aej3mqfKJKDrtc6MHCQRvc6y6muFMOS1KDYPIRSJ5A1u9SSULzvyE0ycN02I71PrL5ntuPDlIaag6iYt1obl3cj44jX7bIS+zmrzkYqTFaGshiKFpk4
Content-Type: text/plain; charset="utf-8"
Content-ID: <8EB086517A531C49A885568E7A53F0A5@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c6a7c5f5-6450-443c-b482-08db82ed08af
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2023 15:31:16.7195 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TC0sJrVFsBC6HF3rq1oI8APJAikY7Gj+L4JrjNzRb2TKHkvn4sDEIsQ6KOH0JhIS5nxa8dvcXKkTLscupFdWRA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6192
X-Outbound-SMTP-Client: 173.37.147.229, alln-opgw-1.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/k6jdkZMKDzIrgpjBuBVSkh0oqNo>
Subject: Re: [OPSEC] Martin Duke's Discuss on draft-ietf-opsec-probe-attribution-08: (with DISCUSS and COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 15:31:38 -0000

Hello Martin,

Thanks for your review of this informational draft. 

Please find below some replies to your points, look for EV>

If required, then Justin will follow up with a revised I-D.

Regards

-éric

On 10/07/2023, 18:52, "Martin Duke via Datatracker" <noreply@ietf.org <mailto:noreply@ietf.org>> wrote:


Martin Duke has entered the following ballot position for
draft-ietf-opsec-probe-attribution-08: Discuss


When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)




Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ <https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/> 
for more information about how to handle DISCUSS and COMMENT positions.




The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-opsec-probe-attribution/ <https://datatracker.ietf.org/doc/draft-ietf-opsec-probe-attribution/>






----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


Is this meant to be an interoperable design or not? Sections of this document
propose "some techniques" which might inform a future protocol design, while
others are very specific about terminating bytes and so on. Some of these
objections might not apply depending on the answer.

EV> I would not qualify this as interoperable as there is a human being in the loop: the security/forensic analyst that will act on the in-band or out-of-band probe attribution.
EV> I.e., there is no automatic replies required by a device receiving or forwarding probe packets *beyond* the already specified behavior, e.g., RFC 4443 for ICMP ECHO_REQUEST. We tried to be clear on this based on previous directorate reviews but it seems that we are still unclear.

(S2.2) RFC9116 defines the "Canonical" field as "the canonical URIs where the
'security.txt' file is located, which is usually something like
'https://example.com/.well-known/security.txt' <https://example.com/.well-known/security.txt&#39;>. Obviously you do not mean that
this field should be the location of that file! But maybe you mean the
"probing.txt" file instead, as that is the well-known name. But then the
example has "measurement.txt"? Is this an intentional difference, or the result
of an incomplete revision?

EV> We simply wanted to re-use the syntax of RFC 9116
EV> and nothing in RFC 9116 says that the actual filename must be security.txt
EV> hence, in our example, we use "measurement.txt" on purpose

(S4) Is this meant to be an exhaustive list of transports for the URI, or are
they examples?

EV> unsure whether it should rather be a comment ;-) but you are correct: these are examples (and we should accordingly update the draft). Thanks.

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


Thanks to Magnus Westerlund for the TSVART review. I note that Magnus's last
message in the thread makes some good (non-DISCUSS) points that do not have a
public reply.

EV> I think we did our best to reply to all points (of course, sometimes with a disagreement). Sorry if we skip a reply or two.

I wonder if it would be better for the UDP and TCP versions to use an option,
instead of just putting it in the payload.

EV> Using TCP or UDP options (especially the latter IMHO) could actually bias the measurement itself. But, this is debatable of course.

v2.23.0 | Report a Bug | By Email