Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 03 February 2020 10:02 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06BD6120077; Mon, 3 Feb 2020 02:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=E9BlOtbu; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Xd42nmrJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I42ISbqDngQ6; Mon, 3 Feb 2020 02:02:30 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 955D4120108; Mon, 3 Feb 2020 02:02:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1708; q=dns/txt; s=iport; t=1580724150; x=1581933750; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=+Thv9PktyKg5TCyM7dTcgmHk7xJ2TOp58IInI37fvPY=; b=E9BlOtbuW2OmWxWcKKFNqjakgSEDtXVQ+jrBqdqMVGFfw1BkmRhp4qtN 7bRMF9Bk3RE9uS3VOhHgRJsYkBBPDgH9+wB3AhEMh4+8IxhdfJ9nwi2UM tstrmhNSo88G5obBDpuMAuE5wfBYYcoPMvsVF8V/xp9CmC7iJ3nEPZPts Y=;
IronPort-PHdr: 9a23:Lfi0uRNxFhdjcNNlUKsl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjjMP73ZSEgAOxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CiCQBA7zde/4QNJK1lDhABCxyDT1AFgUQgBAsqhBSDRgOKdYJfmA+CUgNUCQEBAQwBAS0CAQGEQAIXghwkOBMCAw0BAQQBAQECAQUEbYU3DIVmAQEBAQIBEhERDAEBNwEPAgEIGgImAgICMBUFCwIEDg0ahU8DDiABAqBFAoE5iGJ1gTKCfwEBBYUTGIIMCYEOKoUehT+BQxqBQT+BEUeBTn4+hE2DDjKCLJAcO49ZjzYKgjuWW4JIiA6QMoNJpjICBAIEBQIOAQEFgWkigVhwFYMnUBgNjh04gzuKGDt0gSmNYAEB
X-IronPort-AV: E=Sophos;i="5.70,397,1574121600"; d="scan'208";a="433834622"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Feb 2020 10:02:27 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 013A2Q5f007328 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 3 Feb 2020 10:02:26 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 3 Feb 2020 04:02:26 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 3 Feb 2020 04:02:25 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 3 Feb 2020 05:02:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CD1YTEsq7EIDdFF+tEHxy3nCCDLnhO00MVXtgPCUHu/2BjwGfovASwR+Iv9PN333sNme5Fk6Zs86y161AuzhYIrbdG71zvdIKedgFgByd+5JVvzoNQl52er2hdE4R7g5alP9OlKjli7penrsblBSoxoeh0cTpEevIMwpgYma4EGZbOgNCx3zCqZzDRzqmr/V3XwSWfDF9TjO4sI20zC5kWrwrie1255o/8+1MxV084SsMIMusy8XW88dwDpTxtNuwN0+xfITuYl0CUFg17NY76EdoVJQAgAA8oeQN7IyStZwSAoiMZo0FRuSHNzwQzkfA13ng2BsIG58U2INJyLeww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Thv9PktyKg5TCyM7dTcgmHk7xJ2TOp58IInI37fvPY=; b=jXasQCR5wmDEy4NqOuOy0ELoxYC/i2RvNOUT/qJgkeS91OZAWqeySdP33GWmDJdm99zXiqqPWJ1ZxaHMLYHWt/Ub2MKVgFJn9bcZUrVsstDq1f574V8E/FHRAOCqD4ozrr8daMTdkMw58+/JWh5/Ak4sb9X1zmBgq2BnvhvprnDGNBdpXvQe+UVOREKqa6uhbA91at61AzCYkxeUQUy3iJlSRrj/fxAm00Q1ef2blYMR1oapxrRgHYR9yHOB1fU1bxsww+2CuUaDN3EkB+QCkkses11YDVRU5fFRon9RbURhQnW/qrjPfBCF8H5XZgsSMtbSlxQQTklEatCmPrhjcw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Thv9PktyKg5TCyM7dTcgmHk7xJ2TOp58IInI37fvPY=; b=Xd42nmrJpnBXw8seWl9hhR9DcSE0dN/aedXHpJ7qWBu3PTTbcTC6NO0Fw9ZsgwczARpJSuVZE8nGKlr9O3LnB51Z+eW+/XjXFLRrwV1lQTojjS5uAFS6tSoiRj5XUKwEVpqmT8saLk1/QxtxgEeRWjpb3x0J7sv/CeDFDKNYAwc=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.27; Mon, 3 Feb 2020 10:02:24 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a%3]) with mapi id 15.20.2686.031; Mon, 3 Feb 2020 10:02:24 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
Thread-Index: AQHV1q8ObZjsSNLsNE+ME5HgTzGBvKgBtsSwgAc89gCAAE9OEA==
Date: Mon, 03 Feb 2020 10:02:04 +0000
Deferred-Delivery: Mon, 3 Feb 2020 10:01:07 +0000
Message-ID: <MN2PR11MB356524A64079FE1B9B1C486FD8000@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <158030752268.2728.2544838912831012540.idtracker@ietfa.amsl.com> <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com> <20200203051214.GP91553@kduck.mit.edu>
In-Reply-To: <20200203051214.GP91553@kduck.mit.edu>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:bc37:b7fd:22bd:a988]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7ef21f8f-04f1-4cf6-c58d-08d7a8902acf
x-ms-traffictypediagnostic: MN2PR11MB4366:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB4366DC15C561104860931543D8000@MN2PR11MB4366.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0302D4F392
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(346002)(396003)(376002)(136003)(199004)(189003)(66556008)(64756008)(66446008)(76116006)(7696005)(5660300002)(71200400001)(9686003)(2906002)(52536014)(66476007)(66946007)(81156014)(186003)(55016002)(224303003)(81166006)(8936002)(6916009)(86362001)(6666004)(478600001)(4326008)(33656002)(6506007)(316002)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4366; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 911K3W6xKqQJX6+dNmPl7aUI8o3v/8TgFm94vcLBiM1b6NsWpRmSR2muZRDV+67vZ2dpP7QjWSggL6yZNkCgXTg6v54Zo2N1RJCtHDywHnNOt5uWCd3EJBpIeqQPFe0ergSAJ3U5rQLO0moqnLhK36/GxZQtLpYfieByD/xEQneWIJ4OY+ZOn/e+6G/XIgA0siKLZXTQa4p7/3Nh2U2n5Oxp9Ds/+F1kKR0zwB+B4vKNEsDyQ4hju6Mu/k3MyWjK9T3bsWkApNln7cv+bigQ5lt6EnEjpCauxsXbgLt3SiH1/3ecAOnWTt46lc+pUNgb9Qx/rw9GvxjSX+RI5QfORRM5WAj+MjXq2l4/urta4a7ogSOiKe3uz1hrXMvmVYFPwCZ1adE6VZvs90DrSB4R5NMUoCQHhjAd52ImZqzVVsyL1583iEe0kyp5BMs/GJ5b
x-ms-exchange-antispam-messagedata: Xw7D8R68emv2Sa5JrbNo0OPumoL29T93NpN4SImTi/T01xhQhHrczD+wlh5c1IGAcQlZtAA/75+IG4qkERJ9hgaVkbf3FjAcwC7Ht3B/jcq5rr0vzCE5wZcUTva6HB4Pkd4f42bGut8doCD12fV+CxilS3xgPE1nSSdRJ7jKHLDB941NTsuoJVQxCDVsQMTFSu4XBWBcm4IfZ2di8AgJJw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ef21f8f-04f1-4cf6-c58d-08d7a8902acf
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2020 10:02:24.1292 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wvk6wpLHCqfmKiO/26vnM7boXfU7aTtUeSPYMt1HkPEo2OEHa55evGCMEWqC27LTxjEuQWksssP/3qnrpeF0dw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4366
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/06ZQ5FjFKvcI9XrWRfxiJVPMeBY>
Subject: Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 10:02:33 -0000
Hello Benjamin > > CC'ing SEC-DIR: Please help: if there is a reference for that practice, what it > > takes to maintain a nonce, and why we have a nonce from both sides? Trying > > to reinvent that text does not look like a good idea for this draft. > > It's pretty standard, so I'm not sure that there's a perfect reference for it. A > key phrase is that it provides "contributory behavior", so that a party (either > one) that knows it has a good RNG knows that the protocol will be secure. Great: I modified section 6.1 to include this indication as follows: " The 6LN replies to the challenge with an NS(EARO) that includes a new Nonce option (shown as NonceLN in Figure 5), the CIPO (Section 4.3), and the NDPSO containing the signature. Both Nonces are included in the signed material. This provides a "contributory behavior", so that either party that knows it generates a good quality Nonce knows that the protocol will be secure. The information associated to a Crypto-ID stored by the 6LR on the first NS exchange where it appears. The 6LR MUST store the CIPO parameters associated with the Crypto-ID so it can be used for more than one address. " Many thanks! Pascal
- [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-… Éric Vyncke via Datatracker
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Barry Leiba
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Benjamin Kaduk
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)