Early Review of draft-pignataro-eimpact-icmp-02
review-pignataro-eimpact-icmp-02-secdir-early-emery-2024-04-26-00
| Request | Review of | draft-pignataro-eimpact-icmp |
|---|---|---|
| Requested revision | No specific revision (document currently at 03) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2024-04-30 | |
| Requested | 2024-04-10 | |
| Requested by | Carlos Pignataro | |
| Authors | Carlos Pignataro , Jainam Parikh , Ron Bonica , Michael Welzl | |
| I-D last updated | 2024-05-30 (Latest revision 2024-05-30) | |
| Completed reviews |
Secdir Early review of -02
by Shawn M Emery
(diff)
Opsdir Early review of -02 by Qin Wu (diff) Secdir Early review of -03 by Shawn M Emery |
|
| Comments |
This is an early review request, for this document leveraging the existing ICMP Extension mechanism for environmental sustainability data. Your review is much appreciated and most welcome! Carlos. |
|
| Assignment | Reviewer | Shawn M Emery |
| State | Completed | |
| Request | Early review on draft-pignataro-eimpact-icmp by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/rmM9ErWtY25GCNn7_YPc99FbjuY | |
| Reviewed revision | 02 (document currently at 03) | |
| Result | Has issues | |
| Completed | 2024-04-26 |
review-pignataro-eimpact-icmp-02-secdir-early-emery-2024-04-26-00
This draft specifies an extension to ICMP that provides sustainability metrics and data on a per-hop basis to the targeted node. This data includes information on node power draw, the node components' power draw(s), node network throughput, and environmental certifications. The security considerations section does exist and defers to RFC 4884 and 8335 in regards to the security of ICMP extensions. The section also recommends limiting the extension to the internally-facing administrative domain in consideration of privacy by filtering out these sustainability metrics and data. I agree with these assertions. However, one attack vector that I could think of is a high-fidelity reporting of power draw for the targeted node's memory, cache, or HSM component then an attacker could perform a remote side-channel attack (i.e., using DPA) during cryptographic operations in order to extract the associated secret key. General comments: Thank you for the use-case section. Editorial comments: None.