IETF Logo Mail Archive

Re: [Tsv-art] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Tue, 14 June 2022 07:17 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE206C13C2DB; Tue, 14 Jun 2022 00:17:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQJLB2fPKCIm; Tue, 14 Jun 2022 00:17:44 -0700 (PDT)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39DE1C13C2D0; Tue, 14 Jun 2022 00:17:44 -0700 (PDT)
Received: by mail-pj1-x102d.google.com with SMTP id g16-20020a17090a7d1000b001ea9f820449so6335987pjl.5; Tue, 14 Jun 2022 00:17:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ajicXg8k0ZLFTTwIXoIW9gmctzD7kg/6A/8ukm+zfsk=; b=FzepT8IjJmzcwpNn8+O1EJkSnGjFMuao48G18KYZYx4FgeSdQFBW7U8bMRqb5HrrBR 8+kZJvD0yZZqPxeHu92R1sk5reyG1T5vMOHcDFaVQRgnL/ON98wd87dIaRgvnGPQoH4i /6OwIvC+BaXtNET38HhOimrmrAF/YZukcLIr3YxHBAkdzNK/t2sm46ReojGl7gnyJeSm 3/eUs2gtgCpJYBZjxpt72eGiDAlvNbLNo9rBYfOhfUONoHj7n+c3mGtyziVyK23nPPrp n1+YNZ/7DRWc9uVLhsd8xQPR5URxxljpDNxbdvElcVD4/nBkSpRM8gW97rh9Y/wC+2Ip ozAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ajicXg8k0ZLFTTwIXoIW9gmctzD7kg/6A/8ukm+zfsk=; b=hifyy3bhUYA8SEDFEh/XHeB9DtBKBKX6WCzPrI9g7twtkLPunKO3BzxZ/m0dTVqO5r 6LeXF2Gj+uCYU5QOyz4kFClgliiErTOGMGnvt/b8IEB9s6JsFPIZwUBetzND3GkFgMtd tkEdKFp05F0SLQUWwhHnpUBqe+Zz/iH7Migfsyrxroxh2rRSBtym9vByfRJfPlK4XYoi o/HA5wBCZpF9r+hNQhqKAzeD+dXGo6G0P64GLkvtdg9YwWtK9y18pzmQ8TXT7N8Co3TU ELfM2xKZYKmpT/WvkxeBbysUTasmTxzV4xsivC++ZiyxeBHsZwU7d9cTI2FYsYFSpmz+ lvBQ==
X-Gm-Message-State: AJIora/LxkUGl3Z6ydqLpGJM3MACHaMy5JufAgfqqfh4o6Q2G6gROJ4B uxpcLkNH6f+a6D5q7OvxiD5hclIAR6P9G3O4esdYvAcVPRxuZp/8aQo=
X-Google-Smtp-Source: AGRyM1uTFMZso+V9euLBtuZuddlQXtmTYfwg5GrMTuvaED8ul8LRfYSK7LykQKzModDWobKKo0ysCR5yVPtOXGF70ig=
X-Received: by 2002:a17:902:a60a:b0:168:b5f7:4148 with SMTP id u10-20020a170902a60a00b00168b5f74148mr3031794plq.47.1655191063780; Tue, 14 Jun 2022 00:17:43 -0700 (PDT)
MIME-Version: 1.0
References: <163068085282.8497.2281892161766368778@ietfa.amsl.com> <CABUE3XkLEN8k5-t33UAPXiViOBWSs6NEZkPutVkESoWKb8ifXw@mail.gmail.com> <77C2CDAF-5911-4EF8-B841-A7B98653BA77@csperkins.org>
In-Reply-To: <77C2CDAF-5911-4EF8-B841-A7B98653BA77@csperkins.org>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Tue, 14 Jun 2022 10:17:32 +0300
Message-ID: <CABUE3Xm45AsskRbg7qG6+=3r_1e5MwkRREuiT5QoHfR1p=-Zkw@mail.gmail.com>
To: Colin Perkins <csp@csperkins.org>
Cc: IPPM Chairs <ippm-chairs@ietf.org>, tsv-art@ietf.org, draft-ietf-ippm-ioam-direct-export.all@ietf.org, IETF IPPM WG <ippm@ietf.org>, Martin Duke <martin.h.duke@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/F14wGrnyGsSe-lhgom1fkbwr5wY>
Subject: Re: [Tsv-art] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 07:17:47 -0000

Dear Colin,

Thanks again for your review.
I am revisiting this thread as the draft is in IETF last call.

I believe most of the comment have already been addressed - see the
current version of the draft:
https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-flags-08

There is one comment that is still outstanding, regarding your comment
about integrity protection. We propose to add the following paragraph
to the Security Considerations section:

   The integrity of the DEX option can be protected through
   a mechanism of the encapsulating protocol, or by incorporating
   the mechanisms specified in [I-D.ietf-ippm-ioam-data-integrity].

If there are no further comments, we will include this paragraph in
the next version of the draft.

Thanks,
Tal.

On Fri, Nov 26, 2021 at 3:40 PM Colin Perkins <csp@csperkins.org> wrote:
>
> Hi,
>
> Apologies – I realise I’m replying to this very late.
>
> > On 4 Oct 2021, at 08:13, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
> >
> > Dear Colin,
> >
> > Thanks for the feedback.
> >
> > Please see below a comment and a question regarding your feedback.
> >
> >
> > On Fri, Sep 3, 2021 at 5:54 PM Colin Perkins via Datatracker
> > <noreply@ietf.org> wrote:
> > [snip]
> >
> >> It may be worth considering to require the exporting mechanism to perform an
> >> authenticated handshake with the destination to which it will export data, to
> >> gain explicit consent to export the data to that destination, before starting
> >> to send exported data.
> >
> > [TM] The point is well-taken. The following text edit is proposed,
> > borrowing some of the text from your comment:
> > OLD:
> >   Although the exporting method is not within the scope of this
> >   document, any exporting method MUST secure the exported data from the
> >   IOAM node to the receiving entity.  Specifically, an IOAM node that
> >   performs DEX exporting MUST send the exported data to a pre-
> >   configured trusted receiving entity.
> > NEW:
> >   Although the exporting method is not within the scope of this
> >   document, any exporting method MUST secure the exported data from the
> >   IOAM node to the receiving entity.  Specifically, an IOAM node that
> >   performs DEX exporting MUST send the exported data to a pre-
> >   configured trusted receiving entity. Furthermore, an IOAM node
> >   MUST gain explicit consent to export data to a receiving entity before
> >   starting to send exported data.
>
> Something like that would seem appropriate.
>
> >> It may also be worth considering to add authentication
> >> of IOAM DEX triggers, to ensure they come from a known and trusted source,
> >> before acting on export requests.
> >>
> >
> > [TM] Can you please clarify what you mean by "add authentication of
> > IOAM DEX triggers"? What is the threat that you have in mind?
>
>
> As the security considerations section notes, there’s a risk that an attackers could inject a spoof packet containing an export trigger. One way to prevent that would be to use a digital signature to authenticate the trigger messages as being from an authorised source. Maybe the larger IOAM framework already includes this, or a discussion of why it’s not appropriate, in which case it’s sufficient to add a (clearer) reference to that discussion. But if not, then the draft could usefully either add that, or add some discussion about why it’s not needed/appropriate.
>
> --
> Colin Perkins
> https://csperkins.org/
>
>
>
>

v2.23.0 | Report a Bug | By Email