[secdir] Secdir early review of draft-pignataro-eimpact-icmp-02

Shawn Emery via Datatracker <noreply@ietf.org> Fri, 26 April 2024 22:49 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A4C47C151071; Fri, 26 Apr 2024 15:49:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-pignataro-eimpact-icmp.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171417174965.64289.3398737354645398983@ietfa.amsl.com>
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Date: Fri, 26 Apr 2024 15:49:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rmM9ErWtY25GCNn7_YPc99FbjuY>
Subject: [secdir] Secdir early review of draft-pignataro-eimpact-icmp-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2024 22:49:09 -0000

Reviewer: Shawn Emery
Review result: Has Issues

This draft specifies an extension to ICMP that provides sustainability metrics
and data on a per-hop basis to the targeted node.  This data includes
information on node power draw, the node components' power draw(s), node
network throughput, and environmental certifications.

The security considerations section does exist and defers to RFC 4884 and 8335
in regards to the security of ICMP extensions.  The section also recommends
limiting the extension to the internally-facing administrative domain in
consideration of privacy by filtering out these sustainability metrics and
data.  I agree with these assertions.  However, one attack vector that I could
think of is a high-fidelity reporting of power draw for the targeted node's
memory, cache, or HSM component then an attacker could perform a remote
side-channel attack (i.e., using DPA) during cryptographic operations in order
to extract the associated secret key.

General comments:

Thank you for the use-case section.

Editorial comments:

None.