Re: [OPSAWG] [**EXTERNAL**] RE: [IPFIX] WG LC: IPFIX documents

Wed, 24 Jan 2024 01:33:03 -0800 

Hi Paul,

Thanks for the follow-up. Much appreciated.

Please see inline.

Cheers,
Med

De : Aitken, Paul <pait...@ciena.com>
Envoyé : mardi 23 janvier 2024 18:25
À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucad...@orange.com>; Joe Clarke 
(jclarke) <jcla...@cisco.com>; opsawg@ietf.org
Cc : t...@ietf.org; ts...@ietf.org; 6...@ietf.org; ip...@ietf.org
Objet : Re: [**EXTERNAL**] RE: [IPFIX] WG LC: IPFIX documents

Med,


Why does the document identify issues without proposing solutions to them all? 
How and when will those other issues be fixed?
[Med] The new IEs in this I-D fix all the issues.

Then please don't write "some of".
[Med] We do already say “this section specifies a set of new IEs to address 
**all the ipv6ExtensionHeaders IE limitations **”.





 MSB                                                                 LSB

  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 ...

 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

 |  EH Type#1    |   Count       |...|  EH Type#n      |   Count       |

 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



   Abstract Data Type:  unsigned64

This is neither a simple IE, nor an unsigned64. It's a structured data type, ie 
a variable-length array of { type, count } tuples.
[Med] Do we need to define a new type for this?

See subTemplateList in RFC 6313.

   Examples include a structured data type composed of multiple pairs of
   ("MPLS label stack entry position", "MPLS label stack value")

which is similar to what's proposed here: multiple pairs of { type, count }.

[Med] Please find the candidate changes at Diff: 
draft-ietf-opsawg-ipfix-tcpo-v6eh.txt - 
draft-ietf-opsawg-ipfix-tcpo-v6eh.txt<https://author-tools.ietf.org/api/iddiff?url_1=https://boucadair.github.io/ipfix-tcpoptions-and-v6eh/draft-ietf-opsawg-ipfix-tcpo-v6eh.txt&url_2=https://boucadair.github.io/ipfix-tcpoptions-and-v6eh/subTemplateList/draft-ietf-opsawg-ipfix-tcpo-v6eh.txt>.

Again, the "octetArray" type is somewhat misleading as it's really a 32tetArray.
[Med] I’m not sure this is problematic given that the definition of octetArray 
indicates explicitly the following:
   The octetArray data type has no encoding rules; it represents a raw
   array of zero or more octets, with the interpretation of the octets
   defined in the Information Element definition.

32-bit values are being encoded, not octets.
[Med] This is now discussed in a separate thread. Let’s try to converge there. 
Thanks.

    7.  Security Considerations

The ipv6ExtensionHeadersChainLength could be used to determine hardware 
capabilities and limitations, and possibly even to identify the hardware 
through which the traffic is flowing.
[Med] Not sure how this can be used to identify the hardware.

The reported values will be hardware specific, so the information could be used 
for hardware fingerprinting. Insufficient on its own, but potentially useful in 
combination with other information.

The point is that no other IEs encode specific information about hardware 
capabilities.

[Med] Added this note:

“ipv6ExtensionHeadersChainLength and ipv6ExtensionHeadersLimit IEs can be 
exploited by an unauthorized observer as a means to deduce the processing 
capabilities of nodes. {{Section 8 of !RFC7012}} discusses the required 
measures to guarantee the integrity and confidentiality of the exported 
information.”


P.
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to