IETF Logo Mail Archive

Re: [secdir] Review of draft-ietf-ippm-ioam-data-11

"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Thu, 17 December 2020 11:25 UTC

Return-Path: <fbrockne@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47EDB3A1627; Thu, 17 Dec 2020 03:25:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lT1aJrv1; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=w3LGTSUT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykjxzk4Jvzdb; Thu, 17 Dec 2020 03:25:08 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB9CC3A1583; Thu, 17 Dec 2020 03:25:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15042; q=dns/txt; s=iport; t=1608204307; x=1609413907; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=9XJ/8ZyRsxfMKmYKiJveqYK1ch8f1A3H5d9E4poiV10=; b=lT1aJrv1EsdtEyBnQQ7hcXOM/qXsFuUtWxTRn9nqDgR21ew4FNGO4YpN gFf7jLW7vfaf1qaQXZNQ7GlcjQQnU71m6LA7HKgyMCWoz0E/Ch2SvTkNG oFOAs0FHfoTDbOaX9eEOPYbExa4J+JrHT8P10pxWrP1W/fccREeSSrpfC U=;
X-IPAS-Result: A0BhAQA0P9tf/4MNJK1iHAEBAQEBAQcBARIBAQQEAQGBfgQBAQsBgSIvIy4HdVsvLgqENYNIA41cA4oaigCEcoJTA1QLAQEBDQEBIwoCBAEBhEoCF4FcAiU3Bg4CAwEBAQMCAwEBAQEFAQEBAgEGBHGFYQyFcgEBAQEDEhEKEwEBNwEPAgEGAhEEAQErAgICHxEdCAIEAQ0FCBqDBYF+VwMuAQ6Re5BrAoE8iGl2gTKDBAEBBYE3AoNwDQuCEAMGgTgBgnSDeoJEgUuCJyYbgUE/gRFDglY+ghtCAQEDgV4rgmozgiyDJwEDMhEOAiFZVgYKIA8BGJMihyqMLZAwL1cKgnSJI40MhT6DJoonlHEdk2qLDYJ3ji9UhCMCBAIEBQIOAQEFgSVHJIFXcBWDJFAXAg2OIQwXg06FFIVEdDcCBgEJAQEDCXyKYgGBEAEB
IronPort-PHdr: 9a23:DpdhzBPa4VZS4JHrwZgl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvKwx3lDMVITfrflDjrmev6PhXDkG5pCM+DAHfYdXXhAIwcMRg0Q7AcGDBEG6SZyibyEzEMlYElMw+Xa9PBtaHc//YxvZpXjhpTIXEw/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oKxDjpgTKvc5Qioxneas=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,426,1599523200"; d="scan'208,217";a="611119907"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Dec 2020 11:25:06 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 0BHBP6N6009994 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Dec 2020 11:25:06 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Dec 2020 05:25:06 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Dec 2020 05:25:05 -0600
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 17 Dec 2020 05:25:05 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I1aXfe1yksBigpXIBJF8d8x1ktE6iXCT/kdo9p0LtEsjt7JOVr79/zB7hBD3qo2d7G/jAThEuCXq/Vm7A78KdPz4fGtK+9zHF2EHmDWIFDGYTQ5fWd3ure35REGRtf7IVDMVBfu+ga/1LqezXaJRDcS9+W2EvFHhfkt9OAhCB/1Uvv2fwgk24zInKdiW0cUIOfwcUSpcp3F2EBOHb0he8/DHB+ShcOa5xOyLJirJCIGHkIMh7oSp0Hc2fXtH1hZQdG8IDNqjzjYLaeEQcRpx3W+mAmt0sbvj7RorhU1Y66kiANtzaHVg+0x9YD0VW5A3zVLzrX/gLw2jfjTCDXMRnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9XJ/8ZyRsxfMKmYKiJveqYK1ch8f1A3H5d9E4poiV10=; b=UGRUufog2DDRdzBAVMUHPLn8i+hlQtVXlgM1LYgn0+7HmJpsO/TPXQKoBayZof0DF3cSb8CF2Zpf6uITkzGzTuu8MeP1my9JtlaJQm9uk2nIaYd2F9ewFS3QgkniUcO17mE0NkZCrdZXM5UuOTmrUH7zay5vWKkKNrZep98YlmJ6q4aohHYx/8ZK72Nr500Px8eQ41JvJ1y16Y/+7x7QSXIqYWY2bVp/NqPuE1lZjm9UZGQvM16+Bx414M+OpX8GK5ZpO3objP7yW+zSgdPB6zyacEJeprkQ/GsNSJgx5zxJSHB4HgD39uRFxRrmxnO61BiY6Wwm7Wsnt//O6Z+vlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9XJ/8ZyRsxfMKmYKiJveqYK1ch8f1A3H5d9E4poiV10=; b=w3LGTSUTguL+YzPJeL4owvPHKAaTZKZ3aTLAuDIoqAlj+m2/S9l9Dpr502COb0Ns97EysqGXVKJ8ab/dH73le8nnV7zaeGqQ3+QiaW8eBY8DQqJk28t0t3GFF6czmaiaMbrmirgnFTVc00El/iK+aHy2E6E1+RL/PQCocOItN60=
Received: from BYAPR11MB2584.namprd11.prod.outlook.com (2603:10b6:a02:c8::31) by BYAPR11MB3543.namprd11.prod.outlook.com (2603:10b6:a03:b1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.21; Thu, 17 Dec 2020 11:25:04 +0000
Received: from BYAPR11MB2584.namprd11.prod.outlook.com ([fe80::bd56:222e:91b5:fc4b]) by BYAPR11MB2584.namprd11.prod.outlook.com ([fe80::bd56:222e:91b5:fc4b%7]) with mapi id 15.20.3654.024; Thu, 17 Dec 2020 11:25:04 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: Shawn Emery <shawn.emery@gmail.com>, secdir <secdir@ietf.org>
CC: "draft-ietf-ippm-ioam-data.all@ietf.org" <draft-ietf-ippm-ioam-data.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, Shawn Emery <semery@uccs.edu>
Thread-Topic: Review of draft-ietf-ippm-ioam-data-11
Thread-Index: AQHWzB+R9/zLhlAw2USHLw32Jfa4b6n7NC7w
Date: Thu, 17 Dec 2020 11:25:04 +0000
Message-ID: <BYAPR11MB2584875CF7E3A20FEFD0240ADAC40@BYAPR11MB2584.namprd11.prod.outlook.com>
References: <CAChzXmZLeHo1PeFXaoNBL=Ni2srjaHXENeGkdm5PY=1QM2z5Ag@mail.gmail.com>
In-Reply-To: <CAChzXmZLeHo1PeFXaoNBL=Ni2srjaHXENeGkdm5PY=1QM2z5Ag@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.220.48]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cb96fd11-5986-450c-832a-08d8a27e66d5
x-ms-traffictypediagnostic: BYAPR11MB3543:
x-microsoft-antispam-prvs: <BYAPR11MB35435BDC2C57F85D03FE4FC4DAC40@BYAPR11MB3543.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0TQ/2alYwmqHHDx3d8ql4igQ6Ud0/keQIuMG3BJVDYAQKm/1esYVPTN2IIGY+RyvLHhlEQwPEUnbXOdUhBZoQJHuCyrqE2h7hxOO2gqAMbGOF4HVnOoiD5EK/8vyS4OXCulTA+BadwGW6+ntIZuaL6H5omXrZosYAfJdjZBfwrX0xkLYLsjvLzAI3puHwm0oaocuC4PY+W5uUmyz/O5LZafiKDSc2bFf/OV4diRX56rWIFPS+MD0gu5mhUSE6ChncBpiR4xzlnN2v++8t2BtFgaXSEl/qKDyZAaDMM/2ByLg259nZc9ezBRqNDt5DLxrCWyroTYDfS++iN+U0WD65y6XncXvPc9bzUShca7TMnFDKd8c+s/9S2gUFcX5Z7LMZDXQOWTkHvORztgCscUuEQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2584.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(39860400002)(366004)(376002)(396003)(346002)(54906003)(7696005)(53546011)(83380400001)(8936002)(33656002)(76116006)(66476007)(186003)(478600001)(166002)(66446008)(9326002)(4326008)(66946007)(8676002)(2906002)(55016002)(64756008)(6506007)(110136005)(9686003)(52536014)(86362001)(966005)(5660300002)(316002)(26005)(71200400001)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 9I60HzZmipo6bJqmQX7eNOoJrNCAqQh8mlPqjwTWMI6Q5SDb8XlY+w5Gl7R9pOWT+KMGnS9EcGVnFjIroftNm3BdBOzSeja4CwVwlCd618amNYSc0K/TfCBLAxapu6OQKtbamWFWA2WuiioC+gTndhRo7DNUlQ3KQB2G0GJaxSiLPCrh64tOxZYK4zQ5dGJZjxy12Y9umYxxDd7s2hU0k8gMsdzEPXZJjKNrDADOmga6NioesPN4dZ/DzTzVtTXkTbIG6cTwdVDA1nXmpcP9I9X6l94nTYggFdzRfdbsh5HhxSZRxDuH4enrIeA2lB0PVqWMrWjHSbq1RAOEZRxoaSIKuAsWsSGU7nlGbgMXSgcl1naNhuqp9zmpVK2bNsFr38rLHvVDg+5nfOjczCOFRC9bCx42xOtxqTE2TPaUtSdIJAcuQIkUqjXDuMxmog4blLjDq64gatdOhxVtyt/THDsV8MzuEtfRxCQQ1XqMGXKZLb2e3i9LG/YYc7Az0vV1SoKmrlpV/kfqgsFwBqTrag2+mbblA/5gSB4+ukgayzL0Zjx6bBClI1tB5kXLvUmZNAfYyQPoMAw6g8WYVH1TSUB26fCoQRm3TChRUuwNLooiIhFmVmRZGerjqbzpB/e/XZje44oK19NW1N4+SKe6pR2ILo8Bu34LIaBOfIJAVGanhmIdi8K+YdSN50N/wPCCElO6DjGIKvSChB4841h+uqlqrp7xblqguW4BzP03lfY7PW8wti80zMLjGZ1683kpswE/9EcZ3YWXc2qrlGu9zLH4tauGA4fx6NQ7sRAV+CKCVBF7qGNlJI28YP8tp1/1hhXmI23bQLB9JmFA1IyxqDpl9wcFy9CNg8ZL3HrGeO7o8EHBO0lEkCRQ1LvKGsKDpisfRjeu2O+vpB1X8Wt1EbD6ien/2aSok3C9gh4Yq1phAksOwMoPnjnY49mQyTuLK99ztmQfKBZgttSrMzqJYYy3rW4R/wmwVF+xUMnyLT0=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB2584875CF7E3A20FEFD0240ADAC40BYAPR11MB2584namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2584.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb96fd11-5986-450c-832a-08d8a27e66d5
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Dec 2020 11:25:04.7203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TjDQf68f5bQcjdGk+2NzZBPaXUci/k7Suxb07WVwtsOCDj2ZWwV+3icyI80Poi82Dg681Ez5qu14PMILtUvSIA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3543
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GBh1zmhJ0p7-PwwJBOII3IO_3WM>
Subject: Re: [secdir] Review of draft-ietf-ippm-ioam-data-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 11:25:10 -0000

Hi Shawn,

Thanks a lot for your review. Please see inline (..FB)

From: Shawn Emery <shawn.emery@gmail.com>
Sent: Sonntag, 6. Dezember 2020 23:31
To: secdir <secdir@ietf.org>
Cc: draft-ietf-ippm-ioam-data.all@ietf.org; last-call@ietf.org; Shawn Emery <semery@uccs.edu>
Subject: Review of draft-ietf-ippm-ioam-data-11

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This standards track draft specifies data fields in the In-situ Operations, Administration,
and Maintenance (IOAM) scheme.  The data fields contain operational and telemetry
information in a network domain.  "In-situ" refers to the fact that the associated data is
actually encapsulated in the data packet itself rather than through a separate OAM
packet.

The security considerations section does exist and describes multiple vulnerabilities
to the IOAM.  Attackers can create both false-positives and false-negatives in regards
to failures or the true state of the domain.  This can eventually lead to DoS attacks.
Another form of DoS is by crafting an IOAM header to packets thereby increasing the
resources required or exceeding the packet beyond the network's MTU size.

Verifying the path of the data packets is deferred to draft-ietf-sfc-proof-of-transit's security
consideration section which has good coverage and ways to mitigate the various attacks
on the protocol.  Eavesdropping is also possible, which can reveal operational and telemetry
data of the network domain.

IOAM also utilizes timestamps, in which an attack on the time synchronization protocol can
affect the timestamp fields in IOAM.  In addition the management functionality of IOAM could
also be targeted, but suggests authentication and integrity checks to protect against said attacks.

Various measures against these attacks are not prescribed based on the fact that this specification
is about the data fields of IOAM.  However, I think it would be beneficial to provide some guidance
(at least for future specifications) for each of these attacks that utilize these data fields else why
articulate the security issues at all?

..FB: “…some guidance for each of the attacks…” very much hints at deployment considerations for IOAM. For that, we have an “IOAM Deployment” draft: https://tools.ietf.org/html/draft-brockners-opsawg-ioam-deployment-02 in flight. The current thought model is cover all aspects of IOAM deployment, including guidance on mitigating security concerns, in this deployment draft. Would that be a workable approach for you?

Thanks, Frank

General comments:

None.

Editorial comments:




None.


Shawn.
--

v2.23.0 | Report a Bug | By Email