draft-ietf-ippm-owdp-reqs-04.txt   draft-ietf-ippm-owdp-reqs-05.txt 
Network Working Group Stanislav Shalunov Network Working Group Stanislav Shalunov
Internet Draft Benjamin Teitelbaum
Expiration Date: February 2003 Benjamin Teitelbaum Expiration Date: August 2003 Internet2
Advanced Network & Services and Internet2 February 2003
August 2002
A One-way Active Measurement Protocol Requirements A One-way Active Measurement Protocol Requirements
<draft-ietf-ippm-owdp-reqs-04.txt> <draft-ietf-ippm-owdp-reqs-05.txt>
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 8, line 36 skipping to change at page 8, line 36
transactions. transactions.
It should also be infeasible for such party to use any information It should also be infeasible for such party to use any information
obtained by observing, modifying or initiating protocol transactions obtained by observing, modifying or initiating protocol transactions
to impersonate (other) valid users. to impersonate (other) valid users.
6.5. Integrity 6.5. Integrity
So that it is possible to detect any interference during a So that it is possible to detect any interference during a
conversation (other than the detention of some messages), facility conversation (other than the detention of some messages), facility
must be provided to authenticate each message of the control must be provided to authenticate each message of the OWAMP-Control
protocol, its attribution to a given session, and its exact placement protocol, its attribution to a given session, and its exact placement
in the sequence of control protocol exchanges. in the sequence of control protocol exchanges.
It must also be possible to authenticate each message of the test It must also be possible to authenticate each message of the test
protocol and its attribution to a specific session, so that protocol and its attribution to a specific session, so that
modifications of OWAMP-Test messages can be detected. It must be modifications of OWAMP-Test messages can be detected. It must be
possible to do this in a fashion that does not require timestamps possible to do this in a fashion that does not require timestamps
themselves to be encrypted; in this case, security properties are themselves to be encrypted; in this case, security properties are
valid only when an attacker cannot observe valid traffic between the valid only when an attacker cannot observe valid traffic between the
OWAMP-Test sender and receiver. OWAMP-Test sender and receiver.
6.6. Replay Attacks
OWAMP-Control must be resistant to any replay attacks.
OWAMP-Test, on the other hand, is a protocol for network measurement.
One of the attributes of networks is packet duplication. OWAMP-Test
has to be suitable for measurement of duplication. This would make
it vulnerable to attacks that involve replaying a recent packet. For
the recipient of such a packet it is impossible to determine whether
the duplication is malicious or naturally occurring.
OWAMP-Test should measure all duplication -- malicious or otherwise.
Note that this is similar to delay attacks: an attacker can hold up a
packet for some short period of time and then release it to continue
on its way to the recipient. There's no way such delay can be
reliably distinguished from naturally occuring delay by the
recipient.
OWAMP-Test should measure the network as it was. Note, however, that
this does not prevent the data from being sanitized at a later stage
of processing, analysis, or consumption. Some sanity checks (those
that are deemed reliable and erring on the side of inclusion) should
be performed by OWAMP-Test recipient immediately.
7. IANA Considerations 7. IANA Considerations
Relevant IANA considerations will be placed into the protocol Relevant IANA considerations will be placed into the protocol
specification document itself, and not into the requirements specification document itself, and not into the requirements
document. document.
8. Normative References 8. Normative References
[RFC2330] V. Paxson, G. Almes, J. Mahdavi, M. Mathis, "Framework for [RFC2330] V. Paxson, G. Almes, J. Mahdavi, M. Mathis, "Framework for
IP Performance Metrics", RFC 2330, May 1998. IP Performance Metrics", RFC 2330, May 1998.
skipping to change at page 10, line 7 skipping to change at page 10, line 22
[CQOS] CQOS Home Page, http://www.cqos.com/ [CQOS] CQOS Home Page, http://www.cqos.com/
[RIPE] RIPE NCC Test-Traffic Measurements home, [RIPE] RIPE NCC Test-Traffic Measurements home,
http://www.ripe.net/test-traffic/ http://www.ripe.net/test-traffic/
[SURVEYOR] Surveyor Home Page, http://www.advanced.org/surveyor/ [SURVEYOR] Surveyor Home Page, http://www.advanced.org/surveyor/
10. Authors' Addresses 10. Authors' Addresses
Stanislav Shalunov Stanislav Shalunov <shalunov@internet2.edu>
Internet2
200 Business Park Drive, Suite 307
Armonk, NY 10504
USA
Phone: +1 914 765 1182
EMail: shalunov@internet2.edu
Benjamin Teitelbaum
Advanced Network & Services
200 Business Park Drive, Suite 307
Armonk, NY 10504
USA
Phone: +1 914 765 1118 Benjamin Teitelbaum <ben@internet2.edu>
EMail: ben@advanced.org
Expiration date: February 2003 Expiration date: August 2003
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/