Last Call Review of draft-ietf-ippm-ioam-data-11
review-ietf-ippm-ioam-data-11-secdir-lc-emery-2020-12-10-00
| Request | Review of | draft-ietf-ippm-ioam-data |
|---|---|---|
| Requested revision | No specific revision (document currently at 17) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2020-12-08 | |
| Requested | 2020-11-24 | |
| Authors | Frank Brockners , Shwetha Bhandari , Tal Mizrahi | |
| I-D last updated | 2020-12-10 | |
| Completed reviews |
Genart Last Call review of -11
by Dan Romascanu
(diff)
Secdir Last Call review of -11 by Shawn M Emery (diff) Intdir Telechat review of -12 by Carlos J. Bernardos (diff) |
|
| Assignment | Reviewer | Shawn M Emery |
| State | Completed | |
| Request | Last Call review on draft-ietf-ippm-ioam-data by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/nzcF3TGSJ3kLfkdXVhKm7YFRWOc | |
| Reviewed revision | 11 (document currently at 17) | |
| Result | Has nits | |
| Completed | 2020-12-06 |
review-ietf-ippm-ioam-data-11-secdir-lc-emery-2020-12-10-00
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This standards track draft specifies data fields in the In-situ Operations, Administration, and Maintenance (IOAM) scheme. The data fields contain operational and telemetry information in a network domain. "In-situ" refers to the fact that the associated data is actually encapsulated in the data packet itself rather than through a separate OAM packet. The security considerations section does exist and describes multiple vulnerabilities to the IOAM. Attackers can create both false-positives and false-negatives in regards to failures or the true state of the domain. This can eventually lead to DoS attacks. Another form of DoS is by crafting an IOAM header to packets thereby increasing the resources required or exceeding the packet beyond the network's MTU size. Verifying the path of the data packets is deferred to draft-ietf-sfc-proof-of-transit's security consideration section which has good coverage and ways to mitigate the various attacks on the protocol. Eavesdropping is also possible, which can reveal operational and telemetry data of the network domain. IOAM also utilizes timestamps, in which an attack on the time synchronization protocol can affect the timestamp fields in IOAM. In addition the management functionality of IOAM could also be targeted, but suggests authentication and integrity checks to protect against said attacks. Various measures against these attacks are not prescribed based on the fact that this specification is about the data fields of IOAM. However, I think it would be beneficial to provide some guidance (at least for future specifications) for each of these attacks that utilize these data fields else why articulate the security issues at all? General comments: None. Editorial comments: None. Shawn. --