Re: [secdir] Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with DISCUSS and COMMENT)
Al Morton <acmorton@att.com> Fri, 06 April 2012 15:54 UTC
Return-Path: <acmorton@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF6C21F85C2; Fri, 6 Apr 2012 08:54:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.196
X-Spam-Level:
X-Spam-Status: No, score=-104.196 tagged_above=-999 required=5 tests=[AWL=1.600, BAYES_00=-2.599, MSGID_FROM_MTA_HEADER=0.803, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v45Mt3t9uu6I; Fri, 6 Apr 2012 08:54:10 -0700 (PDT)
Received: from nbfkord-smmo03.seg.att.com (nbfkord-smmo03.seg.att.com [209.65.160.84]) by ietfa.amsl.com (Postfix) with ESMTP id E675A21F85A1; Fri, 6 Apr 2012 08:54:09 -0700 (PDT)
Received: from unknown [144.160.20.145] (EHLO mlpd192.enaf.sfdc.sbc.com) by nbfkord-smmo03.seg.att.com(mxl_mta-6.11.0-8) over TLS secured channel with ESMTP id 1a11f7f4.0.586322.00-324.1623159.nbfkord-smmo03.seg.att.com (envelope-from <acmorton@att.com>); Fri, 06 Apr 2012 15:54:10 +0000 (UTC)
X-MXL-Hash: 4f7f11a26a92ad75-585a877889d8f4699ce311f12150af9cf856e916
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q36Fs6kT029708; Fri, 6 Apr 2012 11:54:09 -0400
Received: from sflint01.pst.cso.att.com (sflint01.pst.cso.att.com [144.154.234.228]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q36Frx6a029576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Apr 2012 11:54:01 -0400
Received: from alpd052.aldc.att.com (alpd052.aldc.att.com [130.8.42.31]) by sflint01.pst.cso.att.com (RSA Interceptor); Fri, 6 Apr 2012 11:53:18 -0400
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id q36FrInc008191; Fri, 6 Apr 2012 11:53:18 -0400
Received: from dns.maillennium.att.com (dns.maillennium.att.com [135.25.114.99]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id q36FrBRV007699; Fri, 6 Apr 2012 11:53:12 -0400
Message-Id: <201204061553.q36FrBRV007699@alpd052.aldc.att.com>
Received: from acmt.att.com (dn135-16-251-71.dhcpn.ugn.att.com[135.16.251.71](misconfigured sender)) by maillennium.att.com (mailgw1) with SMTP id <20120406155014gw1004or2ee>; Fri, 6 Apr 2012 15:50:16 +0000
X-Originating-IP: [135.16.251.71]
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 06 Apr 2012 11:54:19 -0400
To: Adrian Farrel <adrian@olddog.co.uk>, Samuel Weiler <weiler@watson.org>, The IESG <iesg@ietf.org>
From: Al Morton <acmorton@att.com>
In-Reply-To: <20120406144445.4188.3196.idtracker@ietfa.amsl.com>
References: <20120406144445.4188.3196.idtracker@ietfa.amsl.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_16846153==_"
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-RSA-Action: allow
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2010122901)]
X-MAIL-FROM: <acmorton@att.com>
X-SOURCE-IP: [144.160.20.145]
X-AnalysisOut: [v=1.0 c=1 a=dit6Jc5sqrAA:10 a=PLurumnWQikA:10 a=ofMgfj31e3]
X-AnalysisOut: [cA:10 a=BLceEmwcHowA:10 a=ZRNLZ4dFUbCvG8UMqPvVAA==:17 a=48]
X-AnalysisOut: [vgC7mUAAAA:8 a=EMLI_BE5mvm9JbZNRLYA:9 a=oeBJXHtBx7puNK96VC]
X-AnalysisOut: [wA:7 a=CjuIK1q_8ugA:10 a=mYAOWqAtFUkA:10 a=zQP7CpKOAAAA:8 ]
X-AnalysisOut: [a=KI9qLmWpAAAA:20 a=bN6E18yrVWTlGgkc5MIA:9 a=cMiAqtFLv3t6Y]
X-AnalysisOut: [XRXfw8A:7 a=JlbW2Bu-4FEA:10 a=uOmZzfvve58A:10 a=ISSXQUU-yz]
X-AnalysisOut: [IA:10 a=Hz7IrDYlS0cA:10 a=gBHw4jxdwhUfQ-f6:21 a=mByhXr5mLi]
X-AnalysisOut: [flxYEd:21 a=bmb9Z_KCjwIdY-NzA44A:9 a=osKTAfFAxhsyI6CC-WoA:]
X-AnalysisOut: [7 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=vgu2m8Mm752vdwO0:2]
X-AnalysisOut: [1 a=Q5K-Iz6U6mBRZnxG:21]
Cc: "secdir@ietf.org" <secdir@ietf.org>, "Murphy, Sandra" <Sandra.Murphy@sparta.com>, Dan Frost <danfrost@cisco.com>, ippm-chairs@tools.ietf.org, draft-ietf-ippm-rt-loss@tools.ietf.org
Subject: Re: [secdir] Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with DISCUSS and COMMENT)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2012 15:54:16 -0000
Hi Adrian and Sam, This preliminary revision of the -rt-loss-draft addresses DISCUSSes, Comments, Rtg-area and sec-dir reviews. The diff to 03 and 04 prelim are attached. Also, see replies below (to both Adrian's and Sandy's messages). regards, Al At 10:44 AM 4/6/2012, Adrian Farrel wrote: >Adrian Farrel has entered the following ballot position for >draft-ietf-ippm-rt-loss-03: Discuss > >When responding, please keep the subject line intact and reply to all >email addresses included in the To and CC lines. (Feel free to cut this >introductory paragraph, however.) > >Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html >for more information about IESG DISCUSS and COMMENT positions. > > > >---------------------------------------------------------------------- >DISCUSS: >---------------------------------------------------------------------- > >The Routing Diretorate review by Dan Frost missed the IETF Last Call >period by two days, but I would like the following points from his >review to be considered as part of this Discuss. Other smaller issues >are recorded as Comments. > > > General observation: It's not clear to me what the IPPM WG strategy > > is for security considerations sections in metric definition > > documents. For example, the security section of this document more or > > less repeats the one in (for example) RFC 2681, which itself > > duplicates verbatim the one in RFC 2680, and the issues discussed are > > general ones with measurement protocols rather than specific ones with > > the metric that is the subject of the document. There's probably a > > better way to organize this. Although IPPM has never formalized a strategy, we have been repeating security material in metrics RFCs. This allows new folks to read and improve the text, rather than be referred to a fixed reference. It seems to work. > > 3. Section 9.3 mentions the use of cryptographic hashing "to > > discourage the kind of interference mentioned above"; while this > > would mitigate the second form of interference, it wouldn't help > > with the first. > >I would add that "discourage" might not be an appropriate word. New paragraph addresses Sandy and Dan's points. >---------------------------------------------------------------------- >COMMENT: >---------------------------------------------------------------------- > >Other comments coming from Dan Frost's review > > > 1. Although it's probably obvious to most readers, it would be helpful > > to provide a brief informal definition of "round-trip loss" early in > > the introduction. A mention of the venerable "ping" procedure would > > also not be amiss. Did both. > > 2. Most of the text seems to assume an "active" or test-based > > measurement approach, but Section 9.2 refers to passive measurement. > > It would be helpful to discuss the applicability of the latter > > approach. Clarified the scope for passive. > > Nits: > > > > 1. The phrase "as immediately as possible" that appears a couple of > > times in the text (and that seems to originate in RFC 5357) is a bit > > unfortunate. "Immediately" or "as quickly as possible" are better. This odd turn of phrase resulted from many hours of discussion dating back to TWAMP's development. We wear the scar proudly. > > > > 2. Section 5.4, second paragraph: s/affects/effects/ > > > > 3. Section 8, second paragraph: s/Two key features ... is described/ > > Two key features ... are described/ > > > > 4. Section 9.3, first paragraph: > > OLD > > it is possible to change the processing of the packets (e.g. > > increasing or decreasing delay) that may distort the measured > > performance. > > NEW > > it is possible to change the processing of the packets (e.g. > > increasing or decreasing delay) in a way that may distort the > > measured performance. > > END thanks for pointing out the above. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- At 01:23 PM 3/15/2012, Murphy, Sandra wrote: >I have reviewed this document as part of the security directorate's >ongoing effort to review all IETF documents being processed by the >IESG. These comments were written primarily for the benefit of the >security area directors. Document editors and WG chairs should >treat these comments just like any other last call comments. > >The draft-ietf-ippm-rt-loss-03 draft defines a round trip loss >metric. A round trip loss measurement capability is specified in >RFC5357 ("Two-Way Active Measurement Protocol (TWAMP)"), but no >metric has been defined in the defined RFC2330 framework. > >As this draft defines a new metric, not the means to implement >measurements with the metric, I do not see that security >considerations apply. But I see no problem with discussion of the >considerations that should guide implementations. > >(Indeed, RFC2861 which defines a delay metric says much the same: > Conducting Internet measurements raises both security and privacy > concerns. This memo does not specify an implementation of the > metrics, so it does not directly affect the security of the Internet > nor of applications which run on the Internet. However, > implementations of these metrics must be mindful of security and > privacy concerns.) > >I have a few comments about the security considerations section. > >The section mentions both active and passive use of the metric. But >the abstract and intro imply this metric is for use in TWAMP, which >is active. Is use of the metric possible in passive measurements as well? Yes, but it is beyond the scope for adding the many additional considerations needed when using a passive scenario. However, we leave the door open to do this work in the future. >In section 9.3, it says: > > It may be possible to identify that a certain packet or stream of > packets is part of a sample. With that knowledge at the destination > and/or the intervening networks, it is possible to change the > processing of the packets (e.g. increasing or decreasing delay) that > may distort the measured performance. It may also be possible to > generate additional packets that appear to be part of the sample > metric. These additional packets are likely to perturb the results > of the sample measurement. > > To discourage the kind of interference mentioned above, packet > interference checks, such as cryptographic hash, may be used. > >How would a simple crypto hash prevent either the distortion of >performance (delaying a packet will not change its hash) or the >injection of additional packets (a cryptographic hash can be >computed for the injected packets as well). > >RFC2861 mentions similar injection concerns and recommends: > > Authentication techniques, such as digital signatures, may > be used where appropriate to guard against injected traffic attacks. > > >Is there reason to suggest authentication in this metric definition as well? Yes, as you point out: > TWAMP provides (but does not mandate) both authentication and > encryption. If TWAMP is the only use of the metric, those features > should be mentioned. If TWAMP is just one important use of the > metric, it could be good to mention the features here. The new paragraph mentions TWAMP as well, but it is only one of many protocols that can/will make this measurement. >--Sandy
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Adrian Farrel
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Adrian Farrel
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Adrian Farrel
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Benoit Claise
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Wesley Eddy
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Murphy, Sandra
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Stephen Farrell
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton