Re: [Tsv-art] [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
Tal Mizrahi <tal.mizrahi.phd@gmail.com> Tue, 14 June 2022 09:07 UTC
Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE268C1649D8; Tue, 14 Jun 2022 02:07:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuoKjivOqBrN; Tue, 14 Jun 2022 02:07:06 -0700 (PDT)
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C40B8C1649DE; Tue, 14 Jun 2022 02:07:06 -0700 (PDT)
Received: by mail-pl1-x62f.google.com with SMTP id n18so7265480plg.5; Tue, 14 Jun 2022 02:07:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=uE+xWU//h59Mv2DPlrdStX8eFg1P6lcLfCY/JARxrq4=; b=pCFURYj/pdYIxPhrMdXa4jmFXpIl3lgISu2oYeL6rUsSh9jH5/1mnnaZITfM/cmVJj 4/x7iTCM1iY0Tq5TWrWwKQ9fXSHdVKFfs1hJEJcumAKDJB5zjc5XT54TQPhO9mE1AwMO KT+0P5oU+CCkxAoCVRFyNryRFbASqLutueiui2aLJPDAO2LvIHqweoH+9EMs5a7BMie4 ci/fbiYHCCTRro+f6/5GDZmQ45ED9yYwRJgIAfUHsSYYMNbX7rMGdrzfaczJU0vEQQBQ IppqlOS9OK8pnr8zElpKJbM9lgZyThgh3gR6wfBsCjKMLMy3MQobnwIETKkr5BtH2rta XcXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=uE+xWU//h59Mv2DPlrdStX8eFg1P6lcLfCY/JARxrq4=; b=AT4HWD9gge8nCgjaRpWIQq1WZqJadRvxNhwfD45HxxWivV7DHlcTSA3J3bhjnzNi4z 9Wh4nMHeJW8rYHkrtoopXjIjgerkC8rspeZpaQnirxjiTcSlT5a8GRyHBXv7IW053uFR JygHTUMdRYfEu9GMIIaGx1JtLNmX2bhghrCPzO8HYhgXM3TFKV4QoPucQjRSd2FKJwTe Ej9iJamo6jvswpH1AcU0pmWnZPh4zzB9Q9J2wVDYqGrZ1hhDZp4dX6UAkzOh5clw58Fr 6Azoqi3cn8tQvO2orZFEt3tES411tY4yW7LLc3QY93czOvU/APR3GvI+M8pqayk9uXJn iJWg==
X-Gm-Message-State: AJIora+mF8M6Y7TKeSr1GV1k7mY64V0hxC0td6Vm6a59uTDs4fy2cwXu vgpdNOSyvYlVr1wcvFJdqgKjY716XeUa4aGW1DbsugPyt8KatQi7248=
X-Google-Smtp-Source: AGRyM1uFdw2bs/sY5FM3gkSGNO0N5Qn4h01w0yIjSkNLvEIrYSGx3KiE9iHSPWv/TR5QaxGqnZeMTGmqQzDZe1CnjAU=
X-Received: by 2002:a17:902:a60a:b0:168:b5f7:4148 with SMTP id u10-20020a170902a60a00b00168b5f74148mr3415585plq.47.1655197625996; Tue, 14 Jun 2022 02:07:05 -0700 (PDT)
MIME-Version: 1.0
References: <163068085282.8497.2281892161766368778@ietfa.amsl.com> <CABUE3XkLEN8k5-t33UAPXiViOBWSs6NEZkPutVkESoWKb8ifXw@mail.gmail.com> <77C2CDAF-5911-4EF8-B841-A7B98653BA77@csperkins.org> <CABUE3Xm45AsskRbg7qG6+=3r_1e5MwkRREuiT5QoHfR1p=-Zkw@mail.gmail.com> <bdd2de70-f048-1d88-0ab1-5aa84ec9e8a2@uliege.be>
In-Reply-To: <bdd2de70-f048-1d88-0ab1-5aa84ec9e8a2@uliege.be>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Tue, 14 Jun 2022 12:06:54 +0300
Message-ID: <CABUE3X==McggSrPx1i+vHNA=ORXbuLo6yf_v70aJ7bNr3+cwww@mail.gmail.com>
To: Justin Iurman <justin.iurman@uliege.be>
Cc: Colin Perkins <csp@csperkins.org>, tsv-art@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, draft-ietf-ippm-ioam-direct-export.all@ietf.org, IETF IPPM WG <ippm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/LaUDUM98fVMUJnCwRVd28JQTEGo>
Subject: Re: [Tsv-art] [ippm] Tsvart early review of draft-ietf-ippm-ioam-direct-export-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 09:07:11 -0000
Hi Justin,
Thanks for the heads up. You raised a good point.
I suggest the following text instead.
The integrity of the DEX option can be protected through a mechanism
of the encapsulating protocol. While [I-D.ietf-ippm-ioam-data-integrity]
introduces an integrity protection mechanism that protects the
integrity of IOAM data fields, the DEX option does not include IOAM
data fields, and therefore these integrity protection mechanisms are not
applicable to the DEX option. As discussed in the threat analysis of
[I-D.ietf-ippm-ioam-data-integrity], injection or modification of IOAM
option headers are threats that are not addressed in IOAM.
+ please see an additional comment below, marked [[TM]].
Cheers,
Tal.
On Tue, Jun 14, 2022 at 11:00 AM Justin Iurman <justin.iurman@uliege.be> wrote:
>
> Hi Tal,
>
> I believe the new paragraph should be:
>
> The integrity of the DEX option can be protected through a mechanism
> of the encapsulating protocol.
>
> Indeed, integrity protection of headers is out of scope regarding
> [I-D.ietf-ippm-ioam-data-integrity]. Only the integrity protection of
> IOAM-Data-Fields is proposed in this draft. And, the DEX Option-Type has
> no IOAM-Data-Fields, per se.
>
> Actually, [I-D.ietf-ippm-ioam-data-integrity] could be applied between
> the IOAM transit nodes and the collector (or entity, whatever it is
> called), once triggered by the DEX Option-Type.
[[TM]] Let's not go there. The exporting format is something that is
not currently within the scope of any working group document, and
specifically the integrity of the exporting format is currently out of
scope. It will be in scope once the working group adopts an exporting
format.
>
> Thanks,
> Justin
>
> On 6/14/22 09:17, Tal Mizrahi wrote:
> > Dear Colin,
> >
> > Thanks again for your review.
> > I am revisiting this thread as the draft is in IETF last call.
> >
> > I believe most of the comment have already been addressed - see the
> > current version of the draft:
> > https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-flags-08
> >
> > There is one comment that is still outstanding, regarding your comment
> > about integrity protection. We propose to add the following paragraph
> > to the Security Considerations section:
> >
> > The integrity of the DEX option can be protected through
> > a mechanism of the encapsulating protocol, or by incorporating
> > the mechanisms specified in [I-D.ietf-ippm-ioam-data-integrity].
> >
> > If there are no further comments, we will include this paragraph in
> > the next version of the draft.
> >
> > Thanks,
> > Tal.
> >
> > On Fri, Nov 26, 2021 at 3:40 PM Colin Perkins <csp@csperkins.org> wrote:
> >>
> >> Hi,
> >>
> >> Apologies – I realise I’m replying to this very late.
> >>
> >>> On 4 Oct 2021, at 08:13, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
> >>>
> >>> Dear Colin,
> >>>
> >>> Thanks for the feedback.
> >>>
> >>> Please see below a comment and a question regarding your feedback.
> >>>
> >>>
> >>> On Fri, Sep 3, 2021 at 5:54 PM Colin Perkins via Datatracker
> >>> <noreply@ietf.org> wrote:
> >>> [snip]
> >>>
> >>>> It may be worth considering to require the exporting mechanism to perform an
> >>>> authenticated handshake with the destination to which it will export data, to
> >>>> gain explicit consent to export the data to that destination, before starting
> >>>> to send exported data.
> >>>
> >>> [TM] The point is well-taken. The following text edit is proposed,
> >>> borrowing some of the text from your comment:
> >>> OLD:
> >>> Although the exporting method is not within the scope of this
> >>> document, any exporting method MUST secure the exported data from the
> >>> IOAM node to the receiving entity. Specifically, an IOAM node that
> >>> performs DEX exporting MUST send the exported data to a pre-
> >>> configured trusted receiving entity.
> >>> NEW:
> >>> Although the exporting method is not within the scope of this
> >>> document, any exporting method MUST secure the exported data from the
> >>> IOAM node to the receiving entity. Specifically, an IOAM node that
> >>> performs DEX exporting MUST send the exported data to a pre-
> >>> configured trusted receiving entity. Furthermore, an IOAM node
> >>> MUST gain explicit consent to export data to a receiving entity before
> >>> starting to send exported data.
> >>
> >> Something like that would seem appropriate.
> >>
> >>>> It may also be worth considering to add authentication
> >>>> of IOAM DEX triggers, to ensure they come from a known and trusted source,
> >>>> before acting on export requests.
> >>>>
> >>>
> >>> [TM] Can you please clarify what you mean by "add authentication of
> >>> IOAM DEX triggers"? What is the threat that you have in mind?
> >>
> >>
> >> As the security considerations section notes, there’s a risk that an attackers could inject a spoof packet containing an export trigger. One way to prevent that would be to use a digital signature to authenticate the trigger messages as being from an authorised source. Maybe the larger IOAM framework already includes this, or a discussion of why it’s not appropriate, in which case it’s sufficient to add a (clearer) reference to that discussion. But if not, then the draft could usefully either add that, or add some discussion about why it’s not needed/appropriate.
> >>
> >> --
> >> Colin Perkins
> >> https://csperkins.org/
> >>
> >>
> >>
> >>
> >
> > _______________________________________________
> > ippm mailing list
> > ippm@ietf.org
> > https://www.ietf.org/mailman/listinfo/ippm
- [Tsv-art] Tsvart early review of draft-ietf-ippm-… Colin Perkins via Datatracker
- Re: [Tsv-art] Tsvart early review of draft-ietf-i… Bernard Aboba
- Re: [Tsv-art] Tsvart early review of draft-ietf-i… Tal Mizrahi
- Re: [Tsv-art] Tsvart early review of draft-ietf-i… Colin Perkins
- Re: [Tsv-art] Tsvart early review of draft-ietf-i… Tal Mizrahi
- Re: [Tsv-art] [ippm] Tsvart early review of draft… Justin Iurman
- Re: [Tsv-art] [ippm] Tsvart early review of draft… Tal Mizrahi
- Re: [Tsv-art] [ippm] Tsvart early review of draft… Justin Iurman