Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Wed, 29 January 2020 15:46 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AECE120020; Wed, 29 Jan 2020 07:46:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.498
X-Spam-Level:
X-Spam-Status: No, score=-14.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JCLXS36+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=JkTl6cuV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9pLsO96sFxPB; Wed, 29 Jan 2020 07:46:38 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 907D81200BA; Wed, 29 Jan 2020 07:46:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6294; q=dns/txt; s=iport; t=1580312797; x=1581522397; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=iK9S74OxUIUo3KL79ihLgoIFNimjFrpcyELqqCeuYXQ=; b=JCLXS36++BwpzSHBR2kjKvrzjoIGG4o92A8y6p2vH7Eh2r/7tQyp6RPU 2jXnz3JscRkty05M44uAMilNBHYdSG3aDRgkdUirVFBQhoXogIzPGJSIJ C4tuUns+Fv4e2rfXUhN+AKFSTQ/Cx1I3498rzu/YQA1atJcVLgrvVUIm5 4=;
IronPort-PHdr: 9a23:yGyN+hex39W9Y5sZCg1o8rmplGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwGRD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/YjIrGs9BWXdu/mqwNg5eH8OtL1A=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CfBQDjpzFe/5NdJa1mHAEBAQEBBwEBEQEEBAEBgXuBVFAFgTwIIAQLKgqECoNGA4pymm6CUgNUCQEBAQwBAS0CAQGEQAIXghMkOBMCAw0BAQQBAQECAQUEbYU3DIVfAgEDEhERDAEBNwEPAgEGAhoCJgICAjAVBQsCBAENBSKDBIJLAy4BA5EgkGYCgTmIYnWBMoJ/AQEFhH0YggwJgQ4qhR6FP4FDGoFBP4ERJyCCTD6EYIJ5MoIsjWCCOjuPU45EcAqCOZY3G4JIiAqER4chhEWDSYsXmw0CBAIEBQIOAQEFgWkigVhwFWUBgkFQGA2OHQkaFYM7ilN0gSmKXS2BBAGBDwEB
X-IronPort-AV: E=Sophos;i="5.70,378,1574121600"; d="scan'208";a="712085613"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Jan 2020 15:46:36 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 00TFkaif002728 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 29 Jan 2020 15:46:36 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 29 Jan 2020 09:46:35 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 29 Jan 2020 09:46:35 -0600
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 29 Jan 2020 10:46:35 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bcPvyEhIfgBvQgGwuz0hNURLoj2ig/p9BBGprMc1kHwbCZ/vTTgQ+e4+CLIVExRTYwMwNduHNZH+WMLcVLRK3Z+0USNnPn8LXUCnnTIHVL4BC5CIqzssBvyCzL7SQ5IZeQZqdy+CzDJ9eYYzmY7NGI3wStaDZYHPtmVnZnKb3HvsDrvcO+u25rH3B2GzsFOTyNg/XSf15OLzBpSclw1UI85opdijqrGyaiTDz2J7C02FFNLs7fg/k0bFXWiUTEQXqSUvz2G7TZ4JTLd53aRRkp67w8ZTZcKVHOearH8bAufmHgSmefYK9od5j2OtXsf9c8K99GSuoh1hlEGjqp/uUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iK9S74OxUIUo3KL79ihLgoIFNimjFrpcyELqqCeuYXQ=; b=GjDdWr3INucGPP6eZkCgJ6jvOAL1eo20A7Mm6nTWVeNF8dzSr1gOTMXijNyNVGsQlSY7ns0hZqm7laAKfbpmL0JLh7tfi9+OJhtBXgVZhUbYyM+ZB26rptS+SXo+fRqFLPbvEBG7Ey0yKqw6lCZIoMYTHZWz5LbNVI8S2qp2QloyIHFOfhHmdzFcI3I/QhMfjYBatV8i+RTVgxTW4UNSttcXkX5DQqqFys8ZJLiO79ABy67NvwhAHPj4OpRYYEZJulUWDe4kXVvm81pyML6YTcJpGad61AndBqDJziKBfWXHSyB97pHm8FLDLkytUAN9KYudPtPUiM7oR48POMJ8SQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iK9S74OxUIUo3KL79ihLgoIFNimjFrpcyELqqCeuYXQ=; b=JkTl6cuVstXKAMYUfvEfWjo3EOqGsGdYSY2UT2eyfdeOfnpTuhk7+e5EPSB/4tGTUmOlxHqi9k9PeVgb7mySZde0QjMpkQccgAfyHswnmoD9laS7v8OjKv3AOo7WuXV64PbusbAv+CrSick0yDuJCR9mHGkW1TIAQOi/U+QFdgo=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB1530.namprd11.prod.outlook.com (10.172.38.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.24; Wed, 29 Jan 2020 15:46:34 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::bcaa:91e6:c27b:b8ff]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::bcaa:91e6:c27b:b8ff%11]) with mapi id 15.20.2665.026; Wed, 29 Jan 2020 15:46:34 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
Thread-Index: AQHV1rol7hp9w1bEa06QELjbj0JyDqgB2d0A
Date: Wed, 29 Jan 2020 15:46:33 +0000
Message-ID: <AED6BD10-1EDE-4BF3-A63F-0B81A516E246@cisco.com>
References: <158030752268.2728.2544838912831012540.idtracker@ietfa.amsl.com> <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [194.179.44.108]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d8a6580e-58db-4669-13ce-08d7a4d26aff
x-ms-traffictypediagnostic: DM5PR11MB1530:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB15302C407CA6DF5AB897A0C1A9050@DM5PR11MB1530.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02973C87BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(396003)(376002)(136003)(366004)(199004)(189003)(81156014)(8936002)(81166006)(478600001)(316002)(110136005)(54906003)(2616005)(36756003)(186003)(4326008)(86362001)(450100002)(6506007)(2906002)(26005)(224303003)(6486002)(33656002)(6512007)(76116006)(66556008)(66446008)(66476007)(66946007)(71200400001)(91956017)(64756008)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1530; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xpCEGdVnzje03OzDx/76IRHBo5xDTNAJm6VNYVAvhFfmp/X0p4e6HzMqETVN/CUNo+yWk371fzqD1k8OeTUF+RzVwZWE/Q8MGWFqUMjzP/nSsPcocA/HbVTD/wUhAreZumAzKjisph05mjZrUJCWPUoIsFvtwU1/pwURFNSdL5X0Dqd+OTFugk7nVT0x16xpww8KtChZz6wLckq/RQpdbpW2oscuoKkZHck+cjcufNuRRC7APwqqEXKe8NP3IF0Urph+Pe7uK6+VcWA2S0PVR2IE1VGVNni4XJ/jebYKnn4v973Q4GkkRRqi4mQbzGOgnf7wYOlfhzCkiF5Xh2QTkXCrappvzYsCejHt9YkJfkKY7wsnvnOqKCa5ItmW4jovC8ixUcGAVf6E9/EcbbK+uc6ErT1cQlYcLfwmKcrrL2RtBLNH9W0wBjW0hFnXSEKN
x-ms-exchange-antispam-messagedata: PPHOB2J04ULCD8l7kLwbeglJibkDW+Xt23zDhqxoRUu/ADiJU5eoCBn0NXgPeYxBtLhyRW7N3J9r7L9pwXb5FBqlyuB//QNlaR+AZ9xRWAvGkHWmsgnTNPyQQkJ3jifSA6QHWLLZUwJsyOikZMYCNw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <24E6669F14DC504F8F7136E8AC28D195@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d8a6580e-58db-4669-13ce-08d7a4d26aff
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2020 15:46:33.8175 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OiewU1Cp5BEDpdGzNYszG9mvY1tUQforpjavCNYH+QcmM1aTIy8v4j/cQdbnKqWuOU34BbkDkJDvSxHRvUdAew==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1530
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/5cgJbuQkcSLiVBnZqmfL44uR9s8>
Subject: Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 15:46:49 -0000
Pascal Thank you for your prompt reply. I will clear my DISCUSS in a moment as you will change the text. Agreed on all the points except for the 'nonce'. I know the concept of course but the sentence "was never used with this device" is still too strong IMHO. To comply, it would require to keep the history for ever... I would prefer a less stringent wording. -éric On 29/01/2020, 16:38, "Pascal Thubert (pthubert)" <pthubert@cisco.com> wrote: Hello Eric : ) Many thanks for your review! I cc'ed SEC-DIR because we could really use their recommendation to solve some of your questions, more below. Please see below: > == DISCUSS == > > -- Section 4.4 -- > The length of the reserved field is not specified. Or am I missing something > obvious ? I concatenated the reserved fields in the picture and declared it as 40 bits. Also added the number of bits in the reserved fields of other structures. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > == COMMENTS == > > -- Section 4.2 -- > While status is set to 0 when sending a NS, what is the expected behavior of a > receiver ? Changed to " In NS messages it MUST be set to 0 by the sender and ignored by the receiver. " > -- Section 4.3 and 4.4 -- > Why is the Pad Length field a 8-bit field while the actual padding will always be > less than 8 bytes. Suggest to make it a 3 or 4 bits field and extend the reserved > field. Actually I thought that if we want to extend the option in the future, it is better to indicate the length of the public key as follows: | Type | Length | Reserved| Public Key Length | Where: Public Key Length: 13-bit unsigned integer. The length of the Public Key field in bytes. Public Key: A variable-length field, size indicated in the Public Key Length field. JWK-Encoded Public Key [RFC7517] >Padding: A variable-length field completing the Public Key field to align to the next 8-bytes boundary. Works? > > -- Section 6.1 -- > About "Nonce option MUST contain a random Nonce value that was never used > with this device", how can it be done? Keeping a local history? Giving some > operational hints would bee welcome. Especially, when there are multiple 6LR in > the LLN: how can they synchronize the nonce? The nonce is used once, so there's no synchronization. A new pair is formed and exchanged at each validation. The nonce game used here appear to be common practice. Yes, there's usually a need of local history, and the fact that we get a nonce from both side, apart from guaranteeing that the result is effectively unique to both parties, also makes the chances for history to repeat very low. CC'ing SEC-DIR: Please help: if there is a reference for that practice, what it takes to maintain a nonce, and why we have a nonce from both sides? Trying to reinvent that text does not look like a good idea for this draft. > > -- References -- > Is there a reason why the crypto algorithms RFC 7748 and 8032 are not > normative? Interestingly they are informational. So that would be a downref. CC'ing SEC-DIR: Please help: should we make these refs normative? > > == NITS == > > -- Section 2.2 -- > To be honest, I am not a big fan of simply announcing concepts and referring to > many other RFCs. Suggest to mention which terms and concepts are defined in > each document. Else, the current section 2.2 mostly forces the readers to read > all the references. Yes and they are really there as additional reading, not normative. I changed the text to " The reader may get additional context for this specification from the following references" I also moved classical ND and SEND references to informational references. Works? > -- Section 6 -- > s/may use a same Crypto-ID/may use the same Crypto-ID/ ? Done Many thanks again Eric! Let's see what SEC-DIR thinks And a very happy new year (in France we have till Jan 31st to send wishes 😉) Pascal
- [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-… Éric Vyncke via Datatracker
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Barry Leiba
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Benjamin Kaduk
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)