Re: [6lo] AP-ND 22

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 24 April 2020 14:26 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3C803A0593; Fri, 24 Apr 2020 07:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=D606BAe2; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=wCIAbQEX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3rKPdb-YZUE2; Fri, 24 Apr 2020 07:26:09 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104143A047D; Fri, 24 Apr 2020 07:26:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=109185; q=dns/txt; s=iport; t=1587738369; x=1588947969; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=hg95i9axo7nW+LAyfuuARJOjyfKicgJUE808kkvzi1g=; b=D606BAe2d6xv3NjQ6KwL8awbkFHuM86nKfU+Qx68hYWZtC2qQ5Wcjqrs Vo4Q+Dj60ss9xveb3TbN8b0zWDiDEpQn9kJ1yhGRDZBi2a2vGi3fu/eLa vj8yDg/nuaTeLsRKVDN5nE9BvGCGffDzGDaC3yrvSlfpD3Mk/o47YR+jd I=;
X-Files: image001.png, image002.gif : 57276, 134
X-IronPort-AV: E=Sophos;i="5.73,311,1583193600"; d="gif'147?png'147,150?scan'147,150,208,217,147,150";a="504856723"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Apr 2020 14:25:31 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 03OEPVGn012700 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 24 Apr 2020 14:25:31 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 09:25:31 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 09:25:30 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 24 Apr 2020 09:25:30 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mqOa4awqk7hWw+x3DGHeQQH3vPZKxUpEKHIpwCm+LcMamwJTeN4eGPwGcq448dSx3yWSsqo9MCAqyfh3m8/P1TJmP5EEhaKzc5gPeYy9vTWBgM+3DIbOZwUhiiziVFI3x/z0SZlQO/G7N1TqriXHoU8sak8Wu0w+ZcwxE+DxwTHph51gpkCCkPCXkoepZEqepZdGv9tF5uQcDwcdnGsXv0aObTOga2+LzKRhXFqpnqbC3XfVA/OGeojbEDn1ENiyqUZbhz9y1MevqnzfcrBI3V9j1TsoEvNkDcqcValF76G6yMpQ9B5WWP01TlAa3eLuABPnrJUNBTjgHb6VAU8q2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kOWbou6j3n8brmdXcZnRuDNFCwRgpnTAkSVDD9AaXJE=; b=QyAriPALUUtXURPmZlm0Lc+W3SUfCYI7/XU2vYTMNPg/mSn6Xw1d3++avG5RkY7yJlAIxiqkH5Pn0w2rkocDsiropx/I4kKQGpvQjAkGvARMblxtecZKomgFqFiyKVoRSMrhrPNnEsVI/xuMjgjRjf61m1gPIuJdnPOYy4nqh6iFaMYC2u2wMLbSiIg7SWHD9q7jGvIayJfRm3rJ+Kgq0ZxjglsyihDt/VQ1mHntrsKy0lanx9W3cQxC+Xzd8gWTquoSuoo77mOPFB/czwCiWCLND/2SHSKMqTdAixP9lJY7Hz4t6lf6r8hXdhJmvPssuxsgbX1X+jpkOuLGDo9gsg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kOWbou6j3n8brmdXcZnRuDNFCwRgpnTAkSVDD9AaXJE=; b=wCIAbQEXXvMsSdgnceS3EG46f77fnyHUsaowKl/az/rPLt8klkcSIkV1MGfp+WP9ORTv0BEWBXh3DoatMKqT5oBkI6OA7N3ssaqu5rMV+EDFb1jwn56INQurVn5f6rX4MCvMr9ugKrraOPU9dk41axkP2iIvjHdJ+cTglOj/D0E=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB4333.namprd11.prod.outlook.com (2603:10b6:208:195::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Fri, 24 Apr 2020 14:25:29 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::113b:3127:ef12:ea7]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::113b:3127:ef12:ea7%7]) with mapi id 15.20.2921.030; Fri, 24 Apr 2020 14:25:29 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Rene Struik <rstruik.ext@gmail.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>
CC: "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, Jim Schaad <ietf@augustcellars.com>, Erik Kline <ek@loon.com>, "'6lo@ietf.org'" <6lo@ietf.org>
Thread-Topic: AP-ND 22
Thread-Index: AdYaPBUI4IIn98FMRfifwO4scqbGqwABmpCw
Date: Fri, 24 Apr 2020 14:25:01 +0000
Deferred-Delivery: Fri, 24 Apr 2020 14:24:23 +0000
Message-ID: <MN2PR11MB3565827911F74C20D5A44531D8D00@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB3565BD638A8BCEE57216998BD8D00@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB3565BD638A8BCEE57216998BD8D00@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:3585:716c:7b83:3f72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 76a8de09-e96f-459c-f262-08d7e85b56e1
x-ms-traffictypediagnostic: MN2PR11MB4333:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB4333E632B051C20993BBFA74D8D00@MN2PR11MB4333.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03838E948C
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(376002)(346002)(366004)(39860400002)(54906003)(99936003)(21615005)(110136005)(7066003)(81156014)(52536014)(4326008)(8936002)(316002)(55016002)(71200400001)(2940100002)(186003)(6666004)(8676002)(86362001)(5660300002)(7696005)(33656002)(64756008)(66446008)(2906002)(66476007)(66946007)(53546011)(66576008)(6506007)(76116006)(9686003)(66556008)(478600001); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rknJWVUWm1y2T832DVmV/ICSRyIenbKEZrO70IiKSFk33uiprh6lO+NKZZGp1JRgmcMTN9GkoMyO2p+3Gg62upIj2CwK2rrwoS5HhWn3YaLF72PQcH8shxcYEY0/vTguOLSp8sG/8Xbhk0nnA1wy4B+QUs/U+jQoRAjGlRIjJj9CbrSrAFh6JwBzhTvSGKmjlrCeVS3TrHhlhWMG4U2uMlJuz8Zuqd4hWfqr352T7/FuUIG3he7mKGPp2blmZY2jfDDQPUlQi+OtFJeSNdkfToc4qtyhkhVE2tyDLWDKFXLPN/s3lr+Y6N/CQjyVEeI8LKZLHFePL+2VT3TbouxKyLokMOL1sG1IGAfqI07KDJ8peB6zDUcjIyzaThkljUuz2zFYrDF17rTVl07ONrt3Yr2fpBE8X+yyejaUcZtJ4cBAJWMtXFsi931LS2uerJvAfha3vi1HkCfMXbQTUCsbMA8jIqSwGDSbVcvihGUfmDdPg8K9CoZdrvWWKsoT+e2axHs3oyTGSnZq/Lku/o+6vg==
x-ms-exchange-antispam-messagedata: +nxMOh3W5v0FirRg0ygyc6L+9P1cjvSSrHNTj6zw8ZS8T60X4QyPDzidweBgGLXw0j2RFpBg05tx2TucgeGwbW7Ziao9SdQa0w0O+/Smb49EPCOzPu0WsVb/IUyADNi1R39TlA9mcxGefYmYotkNPF//34Ljv8Ya7aXPayXgh+w6Pj1v+KA4uDrfI4F9Ja6CyFVAmGmcxNoYFLD8ov3uVg==
Content-Type: multipart/related; boundary="_005_MN2PR11MB3565827911F74C20D5A44531D8D00MN2PR11MB3565namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 76a8de09-e96f-459c-f262-08d7e85b56e1
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2020 14:25:29.1551 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EWzAnEVNFuWYMtdHy2wZcaeMo1mwIc4hNbYtN7BS2KkYYCJr99NxBO1YYfVVL54aB2DAba+gh+PieLKHmePjFQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4333
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/s6Rmkw2vZfhN_6Td14bH9rnJkTw>
Subject: Re: [6lo] AP-ND 22
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 14:26:13 -0000

On the side, It appears that the key representations are typically of length 8n +1. Considering that IPv6 ND aligns its options at 8n bytes, it would make sense to start a byte ahead like this, don't you think?

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |Reserved1|  Public Key Length  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Crypto-Type  | Modifier      |  EARO Length  |               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               +
      |                                                               |
      .                                                               .
      .                  Public Key (variable length)                 .
      .                                                               .
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      .                           Padding                             .
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 2: Crypto-ID Parameters Option

From: Pascal Thubert (pthubert)
Sent: vendredi 24 avril 2020 15:54
To: 'Benjamin Kaduk' <kaduk@mit.edu>; Rene Struik <rstruik.ext@gmail.com>; Mohit Sethi <mohit.m.sethi@ericsson.com>
Cc: 6lo-chairs@ietf.org; Shwetha Bhandari (shwethab) <shwethab@cisco.com>; Jim Schaad <ietf@augustcellars.com>; Erik Kline <ek@loon.com>; 6lo@ietf.org
Subject: AP-ND 22

Hello Benjamin (and 6lo)

We are soliciting your help on AP ND for hopefully the last time, about the last step, that was supposed to be the IANA section that was missing for JOSE and Crypto Type 2.

Rene worked quite a bit with Jim and the conclusion that I made from that is that the formats that we already discussed in appendix B (SEC1) were better suited than JOSE (or COSE) and avoided both the registry issue and gaps in the existing specifications.

We had a conversation yesterday with our AD (Erik) and Shepherd (Shwetha) and we agreed to give a try at using those formats for -22. The conclusion that it looked OK but we need a validation that the new key and signature formats do not alter the security of the spec.

So there we go; 20 being the version that made it through IESG, and 21 the increments that you already reviewed and provides encoding agility, please find the proposed 22 attached and the diff between the proposed 22 and either 20 or 21.

The main diffs from 21 are
 - the removal of JWK,
 - a discussion on brown field that basically indicates that a back level 6LR constitutes a breach in the perimeter, meaning that all 6LRs need to be upgraded.
 - the J flag from 21 is gone, since we dropped JWK and dismissed the idea of operating AP ND in a brown field.

Can you please have a look and validate that we did OK?

Many, many thanks for all your help throughout!

Pascal, Rene and Mohit


[cid:image001.png@01D61A53.AE322D20]
Pascal Thubert
PRINCIPAL ENGINEER.ENGINEERING
pthubert@cisco.com<mailto:pthubert@cisco.com>
Tel: +33 49 723 2634
 cisco.com
Cisco Systems, Inc.
45 All Des Ormes Regus Centre
BP1200
06250 MOUGINS CEDEX
France
[cid:image002.gif@01D61A53.AE322D20]
Think before you print.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
Please click here<http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> for Company Registration Information.