Re: [secdir] Secdir last call review of draft-ietf-ippm-stamp-07

Greg Mirsky <gregimirsky@gmail.com> Mon, 26 August 2019 22:10 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 891E812001A; Mon, 26 Aug 2019 15:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyVLUmLNOvua; Mon, 26 Aug 2019 15:10:34 -0700 (PDT)
Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53877120013; Mon, 26 Aug 2019 15:10:30 -0700 (PDT)
Received: by mail-lj1-x243.google.com with SMTP id m24so16521329ljg.8; Mon, 26 Aug 2019 15:10:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JGW00s4H2qgmzOAKgOA/N2wrwAzMgx17Kd7bF3O+7T8=; b=SDvnxa5ix6xKfD7X+ET05BGsJdlt0O3rFaNLAHbTsNZWa+hdggwpAHtbMq9q5xNRT7 MpvrCHiVAzf+Ru33Z94DXXLM4SfQFi2N/gan25C6BXKUkZNydKnRXtk+QeS8su2y/fAm HdutWMgmmWoMimzsdLgHuzVmZzzv8sZQzdekLT/A++pNiOIZsmjICzus7ShtBsQhkT3x rqXokjdI7FbL4XyetOkXTfzwrueTomojpoQwSGw7K+/Xux58JyHYZWvNdLO6HWh+s2bG 8KhWSwh5DQ8O9qdxkc7wCzVGVmVQD3DO8hVOocsWXNb4BaJWwEwKqoMZcFZJ2pMz6tVy xefA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JGW00s4H2qgmzOAKgOA/N2wrwAzMgx17Kd7bF3O+7T8=; b=LSHAexUW+r/IPjJTi3e6ccaZPBxY28sn+nA3rnxPi1bPF3NwttDAV+8VFvXTux28GA UQz67BJ5awSID5KBf/bYgdN7io8pzio3Bw0P5WDHF0zIEH10fWmhL1EWfwgWD/u3Secy 2PJ2glg6v51JcHC1q2P1UNRWSLyR5eNA+MLhwZc0mkhHQGgqhuPTR+DiuGz/lc5mBQ7o ltCCq3Rga+ArAfGyaOjJ3tIxt98gWBSv/E9rsphwgzNcEoXv8bnXeXa0DCIlzQ6usFkU WsjPJX/xkZ5Sm1xyjun3AGmPhEvvvNwq5f7trYVt6zVMVqpBDUERfLa2MgGbK2qh5c3x aEOA==
X-Gm-Message-State: APjAAAVsjuwKrFhC4tmK3ViSIr+49biNDF4qoDrXbvyZrb3kmL2WQOvS 70Wk7LlNQy8CG0BMVPJ4OPMleUiE4v8nCMFDLmQ=
X-Google-Smtp-Source: APXvYqymF6vRKwwYW7N4vkgYx01NY7F+/fRqVTTq3jhUcFDlCtySsAJ39t7epUhz699IB6UdfE8LErveMhuy559n24g=
X-Received: by 2002:a2e:7c12:: with SMTP id x18mr12185437ljc.100.1566857427872; Mon, 26 Aug 2019 15:10:27 -0700 (PDT)
MIME-Version: 1.0
References: <156649425577.14757.13703548347532993926@ietfa.amsl.com>
In-Reply-To: <156649425577.14757.13703548347532993926@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Mon, 26 Aug 2019 15:10:15 -0700
Message-ID: <CA+RyBmUogDWxsAuZoL-beiYQ9+ZyJLheooZRafcp7ZENb+rPXQ@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: secdir@ietf.org, draft-ietf-ippm-stamp.all@ietf.org, IETF list <ietf@ietf.org>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/mixed; boundary="000000000000681d2605910c6cc6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Lx-5cVZdirmvZ9w9FeUpFQfjoNk>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ippm-stamp-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 22:10:40 -0000

Hi Russ,
thank you for your review, comments, and suggestions. Please find my notes
in-lined under GIM>> tag.
Also, please find the diff and the working version of the draft attached.

Regards,
Greg

On Thu, Aug 22, 2019 at 10:17 AM Russ Housley via Datatracker <
noreply@ietf.org>; wrote:

> Reviewer: Russ Housley
> Review result: Has Issues
>
> I reviewed this document as part of the Security Directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the Security Area
> Directors.  Document authors, document editors, and WG chairs should
> treat these comments just like any other IETF Last Call comments.
>
> Document: draft-ietf-ippm-stamp-07
> Reviewer: Russ Housley
> Review Date: 2019-08-22
> IETF LC End Date: 2019-09-03
> IESG Telechat date: unknown
>
> Summary: Has Issues
>
>
> Major Concerns:
>
> Section 4.1.1: This paragraph is a bit surprising:
>
>       The STAMP Session-Sender and Session-Reflector MAY use, not use,
>       or set value of the Z field in accordance with the timestamp
>       format in use.  This optional field is to enhance operations, but
>       local configuration or defaults could be used in its place.
>
> Why not have this bit set to align with the bits that actually appear
> in the packet?

GIM>> The use of the Z bit to indicate the format of the timestamp used by
TWAMP  test nodes has been described in RFC 8186
<https://datatracker.ietf.org/doc/rfc8186/>;. The value of the Z flag is set
by the Session-Sender and the Session-Reflector independently to reflect
the format of timestamp that each of them respectively uses. The Z flag is
part of the Error Estimate field and thus is part of the STAMP test packet
transmitted by the Session-Sender and the packet reflected by the
Session-Reflector.

> This is especially worrisome because of the text that
> come later (Section 4.2.1), which says:
>
>    o  Timestamp and Receiver Timestamp fields are each eight octets
>       long.  The format of these fields, NTP or PTPv2, indicated by the
>       Z flag of the Error Estimate field as described in Section 4.1.
>
> If the Z field (or Z flag) is not really meaningful, I do not see how
> the peer knows how to interpret a received timestamp.
>
GIM>> A Session-Reflector would not interpret the value of the Z flag (will
convert to "Z flag") but only the Session-Sender will
use the value in the Error Estimate field on the reflected packet to
correctly interpret the values in the Receive Timestamp and Timestamp
fields. (The Session-Sender Timestamp is the copy of the timestamp set by
the Session-Sender and is expected to be processed correctly.)

>
>
> Section 4.3:  Please divide this into two sections.  First, you have
> picked a single mechanism for authentication (HMAC-SHA-256 truncated
> to 128 bits).  This choice seems fine to me, even though you are not
> saying much about the key management.  I would prefer that you have
> a mandatory to implement key management technique, but allow others;
> however, I am not going to insist on that.  Then, a separate section
> should talk about confidentiality protection.
>
>
> Section 4.3:  This text needs work:
>
>    If confidentiality protection for STAMP is required, encryption at
>    the higher level MUST be used.  For example, STAMP packets could be
>    transmitted in the dedicated IPsec tunnel or share the IPsec tunnel
>    with the monitored flow.
>
> I find "at the higher level" very unclear.  I believe that IPsec would
> be below this protocol.
>
> I think that DTLS would also provide the confidentiality protection
> that you desire.  Since you are not specifying any details of the
> encryption, you can say that a "secured transport" (the term that you
> use in the Security Considerations) such as IPsec or DTLS can be used.
>
GIM>> Thank you for the suggestions. Renamed Section 4.3 in Integrity
Protection in STAMP, and added the new section:
NEW TEXT:
4.4.  Confidentiality Protection in STAMP

   If confidentiality protection for STAMP is required, a STAMP test
   session MUST use a secured transport.  For example, STAMP packets
   could be transmitted in the dedicated IPsec tunnel or share the IPsec
   tunnel with the monitored flow.  Also, Datagram Transport Layer
   Security protocol would provide the desired confidentiality
   protection.


>
> Minor Concerns:
>
> Section 1:  I do not follow this topic, and this may be clear to your
> expected reader, but it is not clear to me.  The Introduction does not
> tell me the relationship of TWAMP Light and [BBF.TR-390] to this
> document.  One possible way to resolve this is to divide the section
> into four parts: (1) background and history of measurement protocols;
> (2) shortcoming of those protocols; (3) what this document does to
> resolve those shortcomings; and (4) pointers to other documents that
> make up the rest of the shortcoming resolution.
>
GIM>> Thank you for your suggestions. Split the section into four
paragraphs. Hopefully the text is more clear now:
 1.  Introduction

   Development and deployment of Two-Way Active Measurement Protocol
   (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined
   features such as Reflect Octets and Symmetrical Size for TWAMP
   provided invaluable experience.  Several independent implementations
   of both TWAMP and TWAMP Light exist, have been deployed, and provide
   important operational performance measurements.

   At the same time, there has been noticeable interest in using a more
   straightforward mechanism for active performance monitoring that can
   provide deterministic behavior and inherit separation of control
   (vendor-specific configuration or orchestration) and test functions.
   Recent work on IP Edge to Customer Equipment using TWAMP Light from
   Broadband Forum [BBF.TR-390] demonstrated that interoperability among
   implementations of TWAMP Light is challenged because the composition
   and operation of TWAMP Light were not sufficiently specified in
   [RFC5357].  According to [RFC8545], TWAMP Light includes sub-set of



Mirsky, et al.          Expires February 27, 2020               [Page 2]

Internet-Draft                    STAMP                      August 2019


   TWAMP-Test functions to provide comprehensive solution requires
   support by other applications that provide, for example, control and
   security.

   This document defines an active performance measurement test
   protocol, Simple Two-way Active Measurement Protocol (STAMP), that
   enables measurement of both one-way and round-trip performance
   metrics like delay, delay variation, and packet loss.  Some TWAMP
   extensions, e.g., [RFC7750] are supported by the extensions to STAMP
   base specification in [I-D.ietf-ippm-stamp-option-tlv].
>
>
>
> Nits:
>
> The document uses "Z field" and "Z flag".  Please pick one and use it
> throughout the document.
>
GIM>> Settled on "Z flag".

>
> These terms are defined in Section 2.1, but they are not used in the
> rest of the document:
>
>    AES Advanced Encryption Standard
>
>    CBC Cipher Block Chaining
>
>    ECB Electronic Cookbook
>
>    KEK Key-encryption Key
>
GIM>> Cleared them all.