[6lo] Attracting attention on a last minute change in AP-ND

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 17 April 2020 08:05 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2BF43A100C; Fri, 17 Apr 2020 01:05:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Kj/2LiNE; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=EM+vcEk3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fee8h-rxDD_3; Fri, 17 Apr 2020 01:05:08 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 065203A1011; Fri, 17 Apr 2020 01:05:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15354; q=dns/txt; s=iport; t=1587110708; x=1588320308; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=7H3kU5d9VVUDqFoCBUyO5yCpEJUVhqMxtO5BbGyksf0=; b=Kj/2LiNEZF+4dVPvf3BXyOsU5fotP/Nikzm0KtIkm9u5hRNNY9Aldb2B 0ldoZxqdunL7gQjtUC29hTYUANesZ/dDL8kkK4u5btqIr4zgevHMQIO9B HOMntPrcc+uMqkp6wJaC3AXqti3/QNNTsSiQxBrZ44umKxZV3hPcAosb9 0=;
IronPort-PHdr: 9a23:5+0IqRQ5yl7Hpaw4/1Lx3NvYJ9psv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQmHNlIWUV513q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AaFwBbYple/4kNJK1jAxwBAQEBAQcBAREBBAQBAYF7gVQkLAVsWCAECyqHYwOKYYJfgQGIcY4zgUKBEANUCgEBAQwBARgLCgIEAQGBMIMUAoIPJDgTAgMBAQsBAQUBAQECAQUEbYUqCCQBC4VxAQEBAQQBEC4BASwLAQsGARkEAQEBTwYLHQkBBA4FCBqDBYJLAy4BDqQEAoE5iGKCJ4MAAQEFgTIBE0GDLA0Lgg4JgTiCY4JChU6BRBqBQT+BEAFDgU9JB4MKSQEBAgEBGIEPBQESAQccHwUhgn2CLYoyg2WKQIFJhHaRZSxJCoJEBId+hWmET2KEYIJUgQaHRIRniEGBfoFyj2WBVYdngj6QZQIEAgQFAg4BAQWBaSJEI3BwFTuCaQlHGA2FeoteCQMXg1CFFIVBdAKBJ4tXJwaBNmABAQ
X-IronPort-AV: E=Sophos;i="5.72,394,1580774400"; d="scan'208";a="490854845"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Apr 2020 08:05:06 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 03H856Op004553 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 17 Apr 2020 08:05:06 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 17 Apr 2020 03:05:06 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 17 Apr 2020 03:05:05 -0500
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 17 Apr 2020 04:05:05 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nsJqUf6b1GeTkHp+2c2+7LisEcs9mL1ByCRgfpeYtUC/AisJu6mH9VmtBQTUflHKGwmoLxt6e/SGRkq4GQVwkcL//bAZLDqGAXHjlf433EEIhJxmmmvcTSZtNdZNNly//7ZeMx9yGEULAmN06AjkbwhhzWeVu45tdOC6Bd/dmMahHHmMhV9PflNChstr+NYGd86XegawQ83ZdpbDUhRqLXjLyef9DW8kYXAcPkaIArxzwrqYJOzQMFUAyae6ifctu0ob9hC3BdZGTeFmaAHMiqIjadYfDjPBCWgzfVQdowzk3Oh2aIZqPQEGXwaWcTNoSC+G7ntBkxqB/p+g9oLaMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oqdtza6U/qrJE667HwMe3gsNMUX/WIxjP025VXYpwNc=; b=UbtSrT+WoyU6hRfgdoJoz8gLwDSLHSNVq+J9noZJ9+p4A8ubjrx41sW/E0x9coPuvXe2yy1Xi9IrCgfhDYoq2/c2QmYuzGcog7zFlTXgxv9/KCeQBwOA7io1jVvsOutecCsm1NMdtR0BwPefM9gkk2eaICGROGPYgQOv76PRnuitKrPPfifhA3K1sbHCf0miiYfk2qrxD4X/NSCVs1rm4JA3MKbNalXPBonHkSINz1i84jwHZj7+Z2YsftoaDnnfBivmumx3HWWspkPhHOcnmWURncg3dAybnuvnG3UoyLDRUfnzN7YLccWbeMMThQjXsJoOsZaiKw2ZoWG9iwj0iA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oqdtza6U/qrJE667HwMe3gsNMUX/WIxjP025VXYpwNc=; b=EM+vcEk3QBY6o3rqS8NSEBDB5AbsdcuLPJmKRHUkpCOXlF9MZbZfKeUBwdE2aYRRSQaH6ci5SF/Xzn1kRluWZXWgCFwjTcZzyw4xAY88RjS9fDfqspnhjNX7EQagxgct1tDZoWpNaj+tD6WWtoN9195Oi06elZndlmEecAywIWc=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB4080.namprd11.prod.outlook.com (2603:10b6:208:137::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.26; Fri, 17 Apr 2020 08:05:03 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::113b:3127:ef12:ea7]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::113b:3127:ef12:ea7%7]) with mapi id 15.20.2900.028; Fri, 17 Apr 2020 08:05:03 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "6lo@ietf.org" <6lo@ietf.org>
CC: The IESG <iesg@ietf.org>
Thread-Topic: Attracting attention on a last minute change in AP-ND
Thread-Index: AdYUjQIbfV9t/ITcQVa4YkKZhdPC7A==
Date: Fri, 17 Apr 2020 08:04:33 +0000
Deferred-Delivery: Fri, 17 Apr 2020 08:04:10 +0000
Message-ID: <MN2PR11MB356588AC5EFEC0B869B2E0E7D8D90@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:e545:2f3d:5a3f:6b62]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eb06b175-7139-45dc-a4f9-08d7e2a608b1
x-ms-traffictypediagnostic: MN2PR11MB4080:
x-microsoft-antispam-prvs: <MN2PR11MB408022DFFE063D6ACBDDBB7BD8D90@MN2PR11MB4080.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0376ECF4DD
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(376002)(39860400002)(136003)(346002)(396003)(366004)(7696005)(53546011)(81156014)(478600001)(33656002)(86362001)(8676002)(8936002)(450100002)(966005)(4326008)(71200400001)(316002)(55016002)(66446008)(6506007)(66476007)(5660300002)(2906002)(6916009)(66556008)(66946007)(64756008)(76116006)(9686003)(186003)(6666004)(30864003)(52536014)(66574012); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3DtNaKeqgwu3WZis2XxP3vR6IZqxT60yHPWEy5oPa0BwV9zNIqgvpLVBRaRqNyGeZs1VL8yxG/AhqjJRABfa7jyddZ9bClgyaE2EkJ74ex70vKUf4ehk3g7oCTDyuDa8wlOhIzxbItRN1wg9KvaO0KmlQ6vhGmom4MPVt/SY8nEap78EiC27v6AHOd2oarlcRU7N25mfExK8v0AqcakxL2H+4zFSGGTemYFWj8rQYzuPwEx9cNmyxh2W/CvjSPXjCkbpgyeojJBlwW1hvUlJI0YBqzRJCEcH36yW/GmuocwE86jus6Kv08D3DjlL8CZOR6qMJA2kl4Ns+lypXwBXqgwI2JMAQ8yjiSP4n3gVvZENQX3r6fmZZfzoIA/WoZ0ABQSvy60E2plQtnohd3nWuDiUjULRPLxU+NUzcFxk53ntnMVAAI9Phcl+2OPy5DQlxEInGLbLI7nryyHmu1ypFPVEpUldzG61/x7+4vJN2PdT5uRy0nIRR3tGFuimMIY52AWDmKdtmyuqb9YdzuoCAQ==
x-ms-exchange-antispam-messagedata: +id45/2DBcysm4SloQDLadkM1005lOLyzs1aPH6UfJRVS5A9n2ehRxdhesMgd5X1e08M2grAjoKMMPPvYYbB9HiVdRYU7TSGmIWoOiCo1kj7sN73lQlKM26ep+DogUE5//tGilWauo/OytlkMCbEAiScCvvY8VFJuPL88es2mhEjPnPIR4EDP57zpcQVIg8EHRzPKz8381SLVkmxiaresg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: eb06b175-7139-45dc-a4f9-08d7e2a608b1
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2020 08:05:03.3523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1dxg5VK3s8fuR8s79oYHmmch5m8m+B3mXGvlNYPWTvpSBVFCRajpwcXhsmnAyPrf8R+RmRISVFRnphv8/oYb5Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4080
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/6ru3nk0NnvQhSaXTOqmNI5U4Jpw>
Subject: [6lo] Attracting attention on a last minute change in AP-ND
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2020 08:05:11 -0000

Dear WG:

Since we do not meet this IETF, there's no chance to present the proposed update to Ap ND in person.
The below changes 2 things in AP ND and asks an additional question.

ADDITIONAL QUESTION:
- The representation of the key is from the JSON space (JWK). Since LLNs are in scope, should we all the COSE Key object as an alternative?

CHANGE 1
- The full CIPO is included to the signed material, instead of the tuple ( JWK key , crypto ID ) both fields being taken from the CIPO as is in the current spec. This is done to enable other formats than JWK in the future by removing the term JWK from the text on the signature. Other fields may be added to the CIPO in the future, the signature would now protect those automagically. Note that this change was already done for the Crypto-ID during Benjamin's review.

CHANGE 2
- We add the way for the 6LR to signal its support JWK encoding. We use only a bit and do not advertise the list of Crypto-types that the 6LR supports, leaving the 6LN to trial and error, with a fall back to Crypto ID 0 that MUST be supported. 

SIDE question

About CHANGE 2, Should we do more? We could at an extreme list the supported Crypto IDs, or at the other support only Crypto ID 0 for now.

Please let us know what think, and the rationale associated

Many thanks

Pascal
-----Original Message-----
From: 6lo <6lo-bounces@ietf.org> On Behalf Of Pascal Thubert (pthubert)
Sent: mercredi 15 avril 2020 14:04
To: Benjamin Kaduk <kaduk@mit.edu>; 6lo@ietf.org; Mohit Sethi M <mohit.m.sethi@ericsson.com>; Rene Struik <rstruik.ext@gmail.com>
Cc: draft-ietf-6lo-ap-nd@ietf.org; 6lo-chairs@ietf.org; The IESG <iesg@ietf.org>; Shwetha Bhandari (shwethab) <shwethab@cisco.com>
Subject: Re: [6lo] Benjamin Kaduk's Discuss on draft-ietf-6lo-ap-nd-15: (with DISCUSS and COMMENT)

Hello Benjamin and 6lo:

Just to let you know and the group that we are still chewing the IANA section on this draft.
Doing that we found 2 important things.

1) JWK may not be the favored format for the key representation in LLNs (vs.. COSE's Key Object)
2) We are lacking the signal to tell the 6LN that the 6LR supports AP-ND.

For 1)

We'll poll the list if we can live with JWK only for this version. We have prepared candidate text if not.

In the meantime, and to be opened to the future where more key representations come in, I believe we should extend a change we made for your review in the crypto-id computation and add the whole CIPO to the signed material, as opposed to selected fields from the CIPO (JWK-encoded public key and Crypto-Type value). Doing that, we'll be able to add different encodings, new flags that signal it, and have all that protected in the signature.

The text in "6.2.  NDPSO generation and verification" becomes:
"
*  Concatenate the following in the order listed:

      1.  The 128-bit Message Type tag [RFC3972] (in network byte
          order).  For this specification the tag is 0x8701 55c8 0cca
          dd32 6ab7 e415 f148 84d0.  (The tag value has been generated
          by the editor of this specification on random.org).
      2.  the CIPO
      3.  the 16-byte Target Address (in network byte order) sent in the
          Neighbor Solicitation (NS) message.  It is the address which
          the 6LN is registering with the 6LR and 6LBR.
      4.  NonceLR received from the 6LR (in network byte order) in the
          Neighbor Advertisement (NA) message.  The nonce is at least 6
          bytes long as defined in [RFC3971].
      5.  NonceLN sent from the 6LN (in network byte order).  The nonce
          is at least 6 bytes long as defined in [RFC3971].
      6.  1-byte Option Length of the EARO containing the Crypto-ID.
"
Which is echoed in the signature validation "
it tries to verify the
   signature in the NDPSO option using the following:

   *  Concatenate the following in the order listed:

      1.  The 128-bit Message Type tag specified above (in network byte
          order)
      2.  the CIPO
      3.  the 16-byte Target Address (in network byte order) received in
          the Neighbor Solicitation (NS) message.  It is the address
          which the 6LN is registering with the 6LR and 6LBR.
      4.  NonceLR sent in the Neighbor Advertisement (NA) message.  The
          nonce is at least 6 bytes long as defined in [RFC3971].
      5.  NonceLN received from the 6LN (in network byte order) in the
          NS message.  The nonce is at least 6 bytes long as defined in
          [RFC3971].
      6.  1-byte EARO Length received in the CIPO.
"
Is that OK?

2) is an easy change, we can extend the 6CIO as we do in RFC 8505 already:


"
4.5.  Extensions to the Capability Indication Option

   This specification defines 2 new capability bits in the 6CIO, defined
   by [RFC7400] for use by the 6LR and 6LBR in IPv6 ND RA messages.

   The "A" flag indicates that AP-ND is enabled in the network.  It is
   set by the 6LBR that serves the network and propagated by the 6LRs.

   The "J" flag indicates that the 6LR supports JWK-encoded keys in the
   CIPO option.


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |   Length = 1  |   Reserved    |J|A|D|L|B|P|E|G|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                           Reserved                            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                 Figure 4: New Capability Bits in the 6CIO

   New Option Fields:

   J:  1-bit flag.  This 6LR supports AP-ND with JWK encoding

   A:  1-bit flag.  This network supports AP-ND "
And
"
   This specification protects the ownership of the address.  Its use in
   a network is signaled by the 6LBR by setting the 'A' flag in the
   6CIO.  This is echoed by the 6LRs, that also indicate the key
   encoding format that they support in another 6CIO flag, currently the
   'J' flag for JWK.

   When using a ROVR that is a Crypto-ID, a 6LN MUST use a 6LR that
   supports the key encoding used in the CIPO.  If the 6LR does not
   support the Crypto-Type, it MUST reply with an EARO Status 10
   "Validation Failed" without a challenge.  In that case, the 6LN may
   try another Crypto-Type until it falls back to Crypto-Type 0 that
   MUST be supported by all 6LRs.
"

Does that work for you?

You all keep safe;

Pascal



> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu>
> Sent: vendredi 7 février 2020 01:10
> To: Rene Struik <rstruik.ext@gmail.com>
> Cc: Pascal Thubert (pthubert) <pthubert@cisco.com>; The IESG 
> <iesg@ietf.org>; draft-ietf-6lo-ap-nd@ietf.org; Shwetha Bhandari 
> (shwethab) <shwethab@cisco.com>; 6lo-chairs@ietf.org
> Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-6lo-ap-nd-15: 
> (with DISCUSS and COMMENT)
> 
> Hi Rene,
> 
> As implied by the later exchange with Pascal, it may be more expedient 
> to move the registration from the LWIG document into the AP-ND one, in 
> which case this question becomes moot.  But, for completeness, there 
> is not a strict need to change the intended status of the LWIG 
> document in order to use it as a normative reference from a proposed 
> standard -- we can run through a bit of an exception-handling process to do such a "downref"
> (which in many cases is not an exception, as there's now a list of 
> ones that are deemed to be acceptable without additional review:
> https://datatracker.ietf.org/doc/downref/).
> 
> -Ben
> 
> On Thu, Feb 06, 2020 at 12:49:18PM -0500, Rene Struik wrote:
> > Hi Ben:
> >
> > I just read your note below. Does this mean I should simply change 
> > the intended status of the next rev 
> > ofhttps://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representat
> > io ns/ to Standards Track? Are there any procedural hoops that this 
> > would imply or can I just simply change the category field in
> >
> > 	<rfc category="std" ipr="trust200902" docName="draft-ietf-lwig-
> curve-representations-09">? (well, Rev-09 is not out yet, but almost...).
> >
> > BTW - the Rev-09 version will not change any of the existing 
> > technical
> content, so does not impact the IANA request section in the published 
> version (Rev-08).
> >
> > Best regards, Rene
> >
> > On 2/6/2020 12:30 PM, Benjamin Kaduk wrote:
> > > Hi Pascal,
> > >
> > > On Thu, Feb 06, 2020 at 12:13:43PM +0000, Pascal Thubert 
> > > (pthubert)
> wrote:
> > >> Hello Benjamin
> > >>
> > >> <truncated again, retrying>
> > >>
> > >> We're getting there.  I snipped the places were we appear to have
> converged.
> > >>
> > >> Please let me know if the DISCUSS is now solved (we removed all
> ambiguity on the crypto-ID and forced that a key is employed uniquely 
> for the purpose of this draft and for one crypto-ID).
> > > I think the technical aspects are all resolved and there just 
> > > remains the tiniest of process nits.  Specifically, in order to 
> > > use some of the algorithms we define in the protocol we define, we 
> > > rely on the IANA codepoints currently requested to be registered 
> > > by [CURVE-
> REPRESENTATIONS].
> > > So we have a normative dependency on those registrations being 
> > > made, but right now [CURVE-REPRESENTATIONS] is listed as only an 
> > > informative reference, so there's not anything that will enforce 
> > > the sequencing of publication.  It's probably easiest to promote 
> > > that reference to being normative and make a note (either near 
> > > Table 2 or in the IANA
> > > considerations) that we rely on the codepoints being registered by 
> > > [CURVE-REPRESENTATIONS].
> > >
> > > Sorry to be so picky!
> > >
> > >> More below:
> > >>
> > >>> -----Original Message-----
> > >>> From: Benjamin Kaduk <kaduk@mit.edu>
> > >>> Sent: mercredi 5 février 2020 22:20
> > >>> To: Pascal Thubert (pthubert) <pthubert@cisco.com>
> > >>> Cc: The IESG <iesg@ietf.org>; draft-ietf-6lo-ap-nd@ietf.org; 
> > >>> Shwetha Bhandari
> > >>> (shwethab) <shwethab@cisco.com>; 6lo-chairs@ietf.org; 
> > >>> 6lo@ietf.org
> > >>> Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-6lo-ap-nd-15:
> > >>> (with DISCUSS and COMMENT)
> > >>>
> > >>> On Tue, Feb 04, 2020 at 02:22:23PM +0000, Pascal Thubert 
> > >>> (pthubert)
> wrote:
> > >>>> This was truncated when I received the echo, retrying...
> > >>> It appears different here as well; interesting.
> > >>> I will remove a layer of quoting to make it easier for me to write a reply.
> > >>>
> > >>>> Hello Benjamin
> > >>>>
> > >>>> Whao, that was quick. Many thanks again!
> > >>>>
> > >>>> I got a comment on the change to BCP201 and looked it up. Seems 
> > >>>> there was a confusion, BCP 201 is RFC 7696 not RFC 7748. So I 
> > >>>> rolled back the overload. Did you expect something else?
> > >>> I think I did expect something else; I thought I wrote:
> > >>>
> > >>> % It's probably better to cite RFC 7696 as BCP 201 directly.
> > >>> I guess maybe there was a copy/paste glitch.
> > >> Oups then : ) I changed the reference, also for BCP 26.
> > > Thanks!
> > >
> > >>>> I'm publishing 17 for the delta below, we still have the 3 open 
> > >>>> points. Please check the diffs at
> > >>>> https://tools.ietf.org/rfcdiff?url2=draft-ietf-6lo-ap-nd-
> > >>>> 17.txt
> > >>>>
> > >>>> More below:
> > >>>>
> > >>>>>> Why do we need to allow ambiguity/flexibility as to the point
> > >>>>> representation
> > >>>>>>> within a given Crypto-Type value (as opposed to fixing the 
> > >>>>>>> representation
> > >>>>> as a
> > >>>>>>> parameter of the Crypto-Type)?  Alternately, what does
> > >>>>> "(un)compressed"
> > >>>>>>> mean, as it's not really clarified directly?  Furthermore, 
> > >>>>>>> Table
> > >>>>>>> 2 lists an "(un)compressed" representation for type 0 (over 
> > >>>>>>> P-256), but RFC 7518
> > >>>>> notes
> > >>>>>>> that the compressed representation is not supported for 
> > >>>>>>> P-256 (Section 6.2.1.1).  I also am not finding the needed 
> > >>>>>>> codepoints registered in the
> > >>>>> JOSE
> > >>>>>>> registries to use ECDSA25519 (crypto-type 2) -- do we need 
> > >>>>>>> to register anything there?
> > >>>>>> Let us take this one separately in a thread with the co 
> > >>>>>> authors
> > >>>> I keep this item in the thread, to track that it's progressing 
> > >>>> separately
> > >> Please consider the changes in
> > >> https://tools.ietf.org/rfcdiff?url2=draft-ietf-6lo-ap-nd-18.txt
> > >> Did we clear the DISCUSS?
> > > [covered above]
> > >
> > >>
> > >>>>
> > >>>>> Perhaps it goes without saying (as part of DAD), but the 6LBR 
> > >>>>> has to consult its database of ROVR/IP address to determine 
> > >>>>> what response to give in the DAC.  Part of my question above 
> > >>>>> was about what state the 6LBR needs and what verification the 
> > >>>>> 6LBR does as part of the process
> > >>>>> -- am I correct that it's just checking whether (1) the 
> > >>>>> requested address is already registered and (if so) (2) that 
> > >>>>> the ROVR in the EARO matches the one registered with the 
> > >>>>> requested
> address?
> > >>>> Yes, per RFC 8505, inherited from RFC 6775. I'd say that DAD 
> > >>>> expressed as you did is the core function of RFC 6775.
> > >>>> This draft does not really change the 6LBR, just adds the 
> > >>>> capability to stimulate a revalidation by the 6LR.
> > >>> It sounds like it does go without saying :) Thanks for confirming.
> > >> This draft is really an extension of RFC 8505 and cannot be 
> > >> implemented
> separately.
> > >> But I guess it does not hurt to clarify a little bit. Maybe by 
> > >> changing the first paragraph of section 3 as "
> > >>     Section 5.3 of [RFC8505] introduces the ROVR that is used to detect
> > >>     and reject duplicate registrations in the DAD process.  The ROVR is a
> > >>     generic object that is designed for backward compatibility 
> > >> with the
> > > "backward compatibility with" is easy to misparse, so maybe add a 
> > > comma, or go with "backward compatibility but adds the capability"?
> > >
> > > -Ben
> > >
> > >>     capability to introduce new computation methods in the future.  Using
> > >>     a Crypto-ID per this specification is the RECOMMENDED method.
> > >>     Section 7.3 discusses collisions when heterogeneous methods to
> > >>     compute the ROVR field coexist inside a same network.
> > >> "
> > >> Is that readable?
> > >>
> > >> I'll publish this with the changes suggested by Roman
> > >>
> > >> Thanks a million!
> > >>
> > >> Pascal
> >
> >
> > --
> > email: rstruik.ext@gmail.com | Skype: rstruik
> > cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
> >

_______________________________________________
6lo mailing list
6lo@ietf.org
https://www.ietf.org/mailman/listinfo/6lo