Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 29 January 2020 15:38 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C9AD1200B8; Wed, 29 Jan 2020 07:38:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jli5lBZd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Md8G8N9W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id krJUlawpC8rG; Wed, 29 Jan 2020 07:38:52 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6907E120090; Wed, 29 Jan 2020 07:38:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5062; q=dns/txt; s=iport; t=1580312332; x=1581521932; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DEN9HXtMacGEHfNaEUJYD4hUzWBfuXOQc5PdifnNKZE=; b=jli5lBZdqb+1zEuuqfKBN064wgTko7GXH/vJpGg3KVQY8YXu+/pEdgYy W3944zbLexom4YepxR7Khr0aYzzQBLZ+aq1hBul1p4/UU4R5Odb/+9OP1 4I7xzXKH1xURhY81ybiTY2AEUOYhjJQxd4uaaQkkw48Q8t1zoz9++t+Cu s=;
IronPort-PHdr: 9a23:/TqGTBL2J8qLi5sFeNmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXFXnLOPgYjYmNM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANCADHpjFe/5hdJa1mHQEBAQkBEQUFAYF7gVRQBYFEIAQLKoQUg0YDinKaboJSA1QJAQEBDAEBLQIBAYRAAheCEyQ4EwIDDQEBBAEBAQIBBQRthTcMhV8CAQMSEREMAQE3AQ8CAQYCGgImAgICMBUFCwIEAQ0NGoVPAy4BApEskGYCgTmIYnWBMoJ/AQEFhH4YggwJgQ4qhR6FP4FDGoFBP4ERR4JMPoRLgw4ygiyNYII6O49TjkRwCoI5llKCSIgKhEeHIYRFg0mLF5sNAgQCBAUCDgEBBYFpIoFYcBWDJ1AYDY4dCRoVgzuKU3SBKYpdLYIUAQE
X-IronPort-AV: E=Sophos;i="5.70,378,1574121600"; d="scan'208";a="438843210"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Jan 2020 15:38:51 +0000
Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 00TFcpQ6019568 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 29 Jan 2020 15:38:51 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 29 Jan 2020 09:38:50 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 29 Jan 2020 09:38:49 -0600
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 29 Jan 2020 10:38:49 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=grZFYxQKGD2lvPNUOE9qpm2chOZBkbuOs+vrm8poAw74rR3fXOY0cUW0mQKrnK8leK2MBx9tF/IGi25XNkqDtb3FznGOpnhid2W/pxhUa6CzXPeRXdMaKEE3YZ9ZNDMdoefFlMH8p5LUYmGJy+Iv1MijIkh+XIJ6SnKrhYejTJdFEcoixRuGa1fEffAAMSQ0RzUtZM/7iYkSCsxtzOEqv3t9zW81yuNnt9AJYFJMjpHaC1Q/fMVmlnFupqEmlfp4DNTsq6rUEIJHDLhjofftyZJwBWVUKFq/dEZROj2SjJdiuMcPO+ZztrNzTxCFqqHWCtIeNAeaimc+0ENnZpPaFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DEN9HXtMacGEHfNaEUJYD4hUzWBfuXOQc5PdifnNKZE=; b=EYK041k069/nn3hGxCVpmnWlyHM65d4JRCCLTpicV0uQycNoXRTCbgiVFDz8nxGBPYFLfU7ePrkcw05FqsC3U60rI+QibhEvxtxLoJp6jG9hTPlVjuU5DsXDB1Mc1E5/KCb5LZwywHR74v33Dluwhl9zFQ79qtZ9rT0N/TNHJG8mrP1VAghkrXm7UK+TsxGtkU6POFZB/LvEfOeONf7vWHbh1K+K6qGYKQYPy8U77F3lkZeSCJZA6C5El8Pkk9cXCPFx4h5Jl/phqdRi+CkYf6t2u2NfUUsLCZLFNwYKrcU2riVK9rjWaCMQHRvb4wG0x68oeu6fkVM30oLKHHaf6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DEN9HXtMacGEHfNaEUJYD4hUzWBfuXOQc5PdifnNKZE=; b=Md8G8N9WsH2gofUR+b7ovMRu2BLuCL3mdkpLxvhyHgB0dW1HzdDvsa3VTQqNjPba/vqhnOhH/27LmOSLVPzvokxkGAO4LpEfCS53ui6xg0VDIsJ8Vowk91Ue92q2hGD0EBX68ymHoOkxtJIjW+ZwvtcPDt45xvftFGSDQ25tUGU=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4383.namprd11.prod.outlook.com (52.135.36.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.24; Wed, 29 Jan 2020 15:38:47 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a%3]) with mapi id 15.20.2665.027; Wed, 29 Jan 2020 15:38:47 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
Thread-Index: AQHV1q8ObZjsSNLsNE+ME5HgTzGBvKgBtsSw
Date: Wed, 29 Jan 2020 15:38:26 +0000
Deferred-Delivery: Wed, 29 Jan 2020 15:37:25 +0000
Message-ID: <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <158030752268.2728.2544838912831012540.idtracker@ietfa.amsl.com>
In-Reply-To: <158030752268.2728.2544838912831012540.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:41e7:7725:e525:b2e8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c947e41d-0c6f-495a-5da0-08d7a4d15522
x-ms-traffictypediagnostic: MN2PR11MB4383:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB4383104E191CC38B9B6785BED8050@MN2PR11MB4383.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02973C87BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(376002)(396003)(346002)(136003)(189003)(199004)(86362001)(450100002)(76116006)(64756008)(4326008)(7696005)(66446008)(71200400001)(66946007)(9686003)(66556008)(66476007)(8936002)(55016002)(478600001)(33656002)(6666004)(186003)(5660300002)(224303003)(81166006)(54906003)(2906002)(316002)(52536014)(6506007)(110136005)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4383; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0luNVA8EpyH8/422ibbRbOj/GF8XPmmwoj1IHLYjzLHjPU+sSAvg1P8uiXls8DFqCWVk9rR2pXsyY3T4U/sUIPX1SM1yawhOxIfbq6cVzitx+sfPOBY5HBFi84D4REClqfUFRsiSz+JHjt5KkzSyiagWamblGvhPow16JtjwLnXZ2oDyxJ20WaDMvqJtrsOW3NmLKJCqAnHK1XhdSpBa46FWZs/S0+6yaE7ImJArCMY9MJZS4cC91luJsBBAUmkS8Ag3nV8BMQefc7GezrCz61V+0OOUY34fCJl5LgeRsdH650LcWhmh6PoiVYr70Be5N0S9RaZjxj4gVajY0SV0oRGM5aLhiCD27VPEXYyIVdpa7SZNAld6KbJlRn0mUKggayaea3O3waYHpgznM/qvnAmJjgZXrtWavhP11ap3ZeGDtMizgAJGMnDPOYUkckrj
x-ms-exchange-antispam-messagedata: 1OiQKIzL4QYqRnlYf0BSaENbUq5i8yWwooY2gd0dtg2xrGKrDhiGp53Ymm7hpoAS53Pruqu1Vh2KWbKOScAiBQj+6VrulTZfns6TsvY3XT0JhgNvUnmNQxKThIOzNBi5JOapCjZiKjxfDLnqZ0Kjr32E2VG4YZYd1pYFg5oR9WIReq+BUXtenCHrKQVFXptyNkkwUP3F0eY++OIvWXlb1A==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c947e41d-0c6f-495a-5da0-08d7a4d15522
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2020 15:38:47.8810 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: POUq1JJ5ZvMV/9nEvZd08MBAtJx4n99oq/5DzCoqMoWmjvfsqLIGyz7QbMqiVva3GId7I5I8MLkEX0S7eAqWfA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4383
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.18, xch-rcd-008.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/QfoWYTQu2eVnO_XVHVI_ICMz4Ng>
Subject: Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 15:38:55 -0000
Hello Eric : )
Many thanks for your review! I cc'ed SEC-DIR because we could really use their recommendation to solve some of your questions, more below.
Please see below:
> == DISCUSS ==
>
> -- Section 4.4 --
> The length of the reserved field is not specified. Or am I missing something
> obvious ?
I concatenated the reserved fields in the picture and declared it as 40 bits.
Also added the number of bits in the reserved fields of other structures.
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> == COMMENTS ==
>
> -- Section 4.2 --
> While status is set to 0 when sending a NS, what is the expected behavior of a
> receiver ?
Changed to
"
In NS messages it MUST be set to 0 by the sender and ignored by the receiver.
"
> -- Section 4.3 and 4.4 --
> Why is the Pad Length field a 8-bit field while the actual padding will always be
> less than 8 bytes. Suggest to make it a 3 or 4 bits field and extend the reserved
> field.
Actually I thought that if we want to extend the option in the future, it is better to indicate the length of the public key as follows:
| Type | Length | Reserved| Public Key Length |
Where:
Public Key Length: 13-bit unsigned integer. The length of the Public Key field in bytes.
Public Key: A variable-length field, size indicated in the Public Key Length field.
JWK-Encoded Public Key [RFC7517]
>Padding: A variable-length field completing the Public Key field to align to the next 8-bytes boundary.
Works?
>
> -- Section 6.1 --
> About "Nonce option MUST contain a random Nonce value that was never used
> with this device", how can it be done? Keeping a local history? Giving some
> operational hints would bee welcome. Especially, when there are multiple 6LR in
> the LLN: how can they synchronize the nonce?
The nonce is used once, so there's no synchronization. A new pair is formed and exchanged at each validation.
The nonce game used here appear to be common practice. Yes, there's usually a need of local history, and the fact that we get a nonce from both side, apart from guaranteeing that the result is effectively unique to both parties, also makes the chances for history to repeat very low.
CC'ing SEC-DIR: Please help: if there is a reference for that practice, what it takes to maintain a nonce, and why we have a nonce from both sides? Trying to reinvent that text does not look like a good idea for this draft.
>
> -- References --
> Is there a reason why the crypto algorithms RFC 7748 and 8032 are not
> normative?
Interestingly they are informational. So that would be a downref.
CC'ing SEC-DIR: Please help: should we make these refs normative?
>
> == NITS ==
>
> -- Section 2.2 --
> To be honest, I am not a big fan of simply announcing concepts and referring to
> many other RFCs. Suggest to mention which terms and concepts are defined in
> each document. Else, the current section 2.2 mostly forces the readers to read
> all the references.
Yes and they are really there as additional reading, not normative.
I changed the text to
" The reader may get additional context for this specification from the following references"
I also moved classical ND and SEND references to informational references.
Works?
> -- Section 6 --
> s/may use a same Crypto-ID/may use the same Crypto-ID/ ?
Done
Many thanks again Eric!
Let's see what SEC-DIR thinks
And a very happy new year (in France we have till Jan 31st to send wishes 😉)
Pascal
- [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-… Éric Vyncke via Datatracker
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Barry Leiba
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Benjamin Kaduk
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)