Dear all,
The two issues we must be fixing are:
PROTO-17 "Encrypted Packets: Selectors that interpret packet fields
must be configurable to ignore (i.e. not select) encrypted packets,
when they are detected". "Since packet encryption alters the meaning
of encrypted fields, field match filtering must be configurable to
ignore encrypted packets, when detected." I guess we will need extra
text for this.
PROTO-106 Extend security considerations by a discussion on exported
Payload. Consider whether [PSAMP-INFO] or [PSAMP-PROTO] or both
is/are the place(s).
[CHARTER] says:
Selection of the content of packet reports will be cognizant of
privacy and anonymity issues while being responsive to the needs of
measurement applications, and in accordance with RFC 2804.
[RFC3917] says:
4.1. Encryption
If encryption is used, the metering process might not be able to
access all header fields. A metering process must meet the
requirements stated in this section 4 only for packets that have the
relevant header fields not encrypted.
[PSAMP-PROTO] says:
8 Security Considerations
As IPFIX has been selected as the PSAMP export protocol and as
the PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security
considerations.
So what to write? Hereafter a few proposal
- in Property Match Filtering section, I would add:
"Since encryption alters the meaning of encrypted fields, when the
Property Match Filtering classification is based on the encrypted
field(s) in the packet, it MUST be able to recognize that the
field(s) are not available and not select those packets.
Even if they are ignored, the encrypted packets MUST be accounted in
the Selector packetObserved Information Element [PSAMP-INFO], part of
the Selection Sequence Statistics Report Interpretation."
- in Hash-Based Filtering section, I would add:
"Since encryption alters the meaning of encrypted fields, when the
Hash-Based Filtering classification is based on the encrypted
field(s) in the packet, it MUST be able to recognize that the
field(s) are not available and not select those packets. Even
if they are ignored, the encrypted packets MUST be accounted in the
Selector packetObserved Information Element [PSAMP-INFO], part of the
Selection Sequence Statistics Report Interpretation."
- in the Security Considerations section, I would add next to first
sentence (repeated here):
As IPFIX has been selected as the PSAMP export protocol and as
the PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security
considerations.
In the basic Packet Report, a PSAMP Device exports some number of
contiguous bytes from the start of the packet, including the packet
header (which includes link layer, network layer and other
encapsulation headers) and some subsequent bytes of the
packet payload. The PSAMP Device SHOULD NOT export the full payload
of conversations, as this would mean wiretapping [RFC 2804].
Feedback?
Regards, Benoit.