Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft-ietf-lisp-sec-29> for your review
dsaucez <damien.saucez@inria.fr> Thu, 22 September 2022 05:49 UTC
Return-Path: <damien.saucez@inria.fr>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1733CC1526E1; Wed, 21 Sep 2022 22:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inria.fr
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id beavAE6_74zx; Wed, 21 Sep 2022 22:49:18 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12028C15259F; Wed, 21 Sep 2022 22:49:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=4qdv6FxHOgzaIGp88rC9JiNEA6U8Z1D8JRsWFjSqphI=; b=uVLa+hSbgNzrc4HE3OaKEOLd0HnPqMCXgUYPg+Wsy0CH/h8VHdT4RLob uPLIAtKLoi9ny9s5BHtI0JJUU6IoDnWUl412/+Np+wmil/ksta3FkiaR4 i4Tca9ndJ/3mnRnsSA0OOaXbfEn4frGx4qDwwOIBPE4iqeqYRVz4gNzO+ Y=;
Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=damien.saucez@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.93,335,1654552800"; d="scan'208";a="24355967"
Received: from clt-128-93-176-161.vpn.inria.fr (HELO smtpclient.apple) ([128.93.176.161]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 07:48:14 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: dsaucez <damien.saucez@inria.fr>
In-Reply-To: <8A2221DE-111F-4470-A727-A4F521BA9AFA@amsl.com>
Date: Thu, 22 Sep 2022 07:47:50 +0200
Cc: "Fabio Maino (fmaino)" <fmaino=40cisco.com@dmarc.ietf.org>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, "ermagan@gmail.com" <ermagan@gmail.com>, Albert Cabellos <acabello@ac.upc.edu>, "lisp-ads@ietf.org" <lisp-ads@ietf.org>, "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, Luigi Iannone <ggx@gigix.net>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E5B60D73-1FDD-452D-9489-91E192111A41@inria.fr>
References: <20220916225854.DF796AB21D@rfcpa.amsl.com> <1274860A-06FD-4BA9-9422-D5052BD56ABE@cisco.com> <8A2221DE-111F-4470-A727-A4F521BA9AFA@amsl.com>
To: Alanna Paloma <apaloma@amsl.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/4SaOui00HFF3qQh9Ol10V8rhy40>
Subject: Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft-ietf-lisp-sec-29> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2022 05:49:22 -0000
Hello, Sorry for my late answer, my affiliation is Damien Saucez Inria 2004 route des Lucioles - BP 93 Sophia Antipolis France Thank you Damien Saucez > On 21 Sep 2022, at 23:32, Alanna Paloma <apaloma@amsl.com> wrote: > > Greetings, > > Thank you for your reply. We have updated as requested, as well as per Dino’s response to the cluster-wide queries. > > Please note that we are awaiting word from Vina and Damien regarding how they would like their affiliation information to appear across the documents in C381. > > The files have been posted here (please refresh): > https://www.rfc-editor.org/authors/rfc9303.xml > https://www.rfc-editor.org/authors/rfc9303.txt > https://www.rfc-editor.org/authors/rfc9303.html > https://www.rfc-editor.org/authors/rfc9303.pdf > > The relevant diff files have been posted here: > https://www.rfc-editor.org/authors/rfc9303-diff.html (comprehensive diff) > https://www.rfc-editor.org/authors/rfc9303-auth48diff.html (AUTH48 changes) > > Please review the document carefully and contact us with any further updates you may have. Note that we do not make changes once a document is published as an RFC. > > We will await approvals from each party listed on the AUTH48 status page below prior to moving this document forward in the publication process. > > For the AUTH48 status of this document, please see: > https://www.rfc-editor.org/auth48/rfc9303 > > Thank you, > RFC Editor/ap > >> On Sep 20, 2022, at 5:47 PM, Fabio Maino (fmaino) <fmaino=40cisco.com@dmarc.ietf.org> wrote: >> >> Please see in-line... >> >> On 9/16/22, 3:59 PM, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org> wrote: >> >> Authors, >> >> While reviewing this document during AUTH48, please resolve (as necessary) >> the following questions, which are also in the XML file. >> >> 1) <!--[rfced] It appears that text may be missing in this sentence >> after "defined in". Should this refer to RFC 7835? Please review and >> let us know how to update. >> >> Original: >> LISP-SEC builds on top of the security mechanisms defined in to >> address the threats described in Section 4 by leveraging the trust >> relationships existing among the LISP entities >> ([I-D.ietf-lisp-rfc6833bis]) participating in the exchange of the >> Map-Request/Map-Reply messages. >> --> >> >> Section 5 >> >> OLD: >> LISP-SEC builds on top of the security mechanisms defined in >> >> NEW: >> LISP-SEC builds on top of the security mechanisms defined in [I-D.ietf-lisp-rfc6833bis] >> >> >> 2) <!-- [rfced] HMAC is expanded in this document as "Keyed-Hashing for Message >> Authentication (HMAC)". While the title of RFC 2104 matches this expansion, >> we have changed it to "Hashed Message Authentication Code (HMAC)" as that is >> more common. Please let us know if you strongly prefer that this be reverted. >> >> o The Map-Server uses the ITR-OTK to compute a Keyed-Hashing for >> Message Authentication (HMAC) [RFC2104] that protects the >> integrity of the mapping data known to the Map-Server to prevent >> overclaiming attacks. >> --> >> >> Ok >> >> >> 3) <!-- [rfced] Should instances of "ECM message" be updated to read simply >> "ECM" to avoid redundancy (if expanded, "ECM message" would read >> "Encapsulated Control Message message"). Please review and let us know >> if we may update the text. >> >> Example from Section 5 (original): >> 2. The Map-Resolver decapsulates the ECM message, decrypts the ITR- >> OTK, if needed, and forwards through the Mapping System the >> received Map-Request and the ITR-OTK, as part of a new ECM >> message. >> --> >> >> Ok. >> >> Global >> >> OLD: >> ECM message >> >> NEW: >> ECM >> >> >> 4) <!-- [rfced] We note that RFC 3394 does not include any mention of >> "msg-key" or "per-msg-key". Please review and let us know how to update the >> citation. >> >> Original: >> According to [RFC3394] the per-msg-key is used to wrap the OTK >> with AES-KEY-WRAP-128. >> --> >> >> The per-msg-key is defined in this doc, and wrapped using the OTK defined in this doc using AES-KEY-WRAP-128 that is specified in RFC3394. The following should be more clear: >> >> Section 6.5 >> >> OLD: >> According to [RFC3394] the per-msg-key is used to wrap the OTK with AES-KEY-WRAP-128. >> >> NEW: >> The per-msg-key is then used to wrap the OTK with AES-KEY-WRAP-128, as specified in section 2.2.1 of {RFC3394] >> >> >> 5) <!-- [rfced] Should "128 less significant bits" be "128 least significant >> bits"? Please review. >> >> Original: >> The most significant >> 64-bit are copied in the One-Time Key Preamble field, while the >> 128 less significant bits are copied in the One-Time Key field of >> the LISP-SEC Authentication Data. >> >> Perhaps: >> The most significant 64 bits >> are copied in the 'One-Time Key Preamble' field, while the 128 >> least significant bits are copied in the 'One-Time Key' field of >> the LISP-SEC Authentication Data. >> --> >> >> Ok >> >> 6) <!--[rfced] It is unclear if "will be discarded" is referring to >> "a replayed Map-Reply" or "the incoming Map-Reply". Please review >> and let us know how this sentence should be updated. >> >> Original: >> If a replayed Map-Reply arrives at the ITR, there is no <nonce,ITR-OTK> >> that matches the incoming Map-Reply and will be discarded. >> >> Perhaps (referring "a replayed Map-Reply": >> If a replayed Map-Reply arrives at the ITR, there is no <nonce,ITR-OTK> >> that matches the incoming Map-Reply and the replayed Map-Reply will be >> discarded. >> --> >> >> Ok >> >> 7) <!--[rfced] Throughout the text, the following term appears to be used >> inconsistently: >> >> key wrap vs. Key Wrap vs. key wrapping >> >> Please review these occurrences and let us know >> if/how this may be made consistent. >> --> >> >> Please, change ONLY the following instances: >> >> Section 6.5 >> OLD: >> as well as the AES-KEY-WRAP-128 Key Wrap algorithm >> NEW: >> as well as the AES-KEY-WRAP-128 key wrap algorithm >> >> OLD: >> 1. The KDF and Key Wrap algorithms >> NEW: >> 1. The KDF and key wrap algorithms >> >> OLD: >> The output of the AES Key Wrap operation is 192-bit long. >> NEW: >> The output of the AES key wrap operation is 192-bit long. >> >> OLD: >> AES Key Wrap decryption operation >> NEW: >> AES key wrap decryption operation >> >> >> 8) <!-- [rfced] Please review the "Inclusive Language" portion of the online >> Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> >> and let us know if any changes are needed. Note that our script did not flag >> any words in particular, but this should still be reviewed as a best practice. >> --> >> >> I don’t see any occurrence of non-inclusive language. >> >> >> >> Thanks for another great review! >> Fabio >> >> >> >> Thank you. >> >> RFC Editor >> >> >> On Sep 16, 2022, at 3:56 PM, rfc-editor@rfc-editor.org wrote: >> >> *****IMPORTANT***** >> >> Updated 2022/09/16 >> >> RFC Author(s): >> -------------- >> >> Instructions for Completing AUTH48 >> >> Your document has now entered AUTH48. Once it has been reviewed and >> approved by you and all coauthors, it will be published as an RFC. >> If an author is no longer available, there are several remedies >> available as listed in the FAQ (https://www.rfc-editor.org/faq/). >> >> You and you coauthors are responsible for engaging other parties >> (e.g., Contributors or Working Group) as necessary before providing >> your approval. >> >> Planning your review >> --------------------- >> >> Please review the following aspects of your document: >> >> * RFC Editor questions >> >> Please review and resolve any questions raised by the RFC Editor >> that have been included in the XML file as comments marked as >> follows: >> >> <!-- [rfced] ... --> >> >> These questions will also be sent in a subsequent email. >> >> * Changes submitted by coauthors >> >> Please ensure that you review any changes submitted by your >> coauthors. We assume that if you do not speak up that you >> agree to changes submitted by your coauthors. >> >> * Content >> >> Please review the full content of the document, as this cannot >> change once the RFC is published. Please pay particular attention to: >> - IANA considerations updates (if applicable) >> - contact information >> - references >> >> * Copyright notices and legends >> >> Please review the copyright notice and legends as defined in >> RFC 5378 and the Trust Legal Provisions >> (TLP – https://trustee.ietf.org/license-info/). >> >> * Semantic markup >> >> Please review the markup in the XML file to ensure that elements of >> content are correctly tagged. For example, ensure that <sourcecode> >> and <artwork> are set correctly. See details at >> <https://authors.ietf.org/rfcxml-vocabulary>. >> >> * Formatted output >> >> Please review the PDF, HTML, and TXT files to ensure that the >> formatted output, as generated from the markup in the XML file, is >> reasonable. Please note that the TXT will have formatting >> limitations compared to the PDF and HTML. >> >> >> Submitting changes >> ------------------ >> >> To submit changes, please reply to this email using ‘REPLY ALL’ as all >> the parties CCed on this message need to see your changes. The parties >> include: >> >> * your coauthors >> >> * rfc-editor@rfc-editor.org (the RPC team) >> >> * other document participants, depending on the stream (e.g., >> IETF Stream participants are your working group chairs, the >> responsible ADs, and the document shepherd). >> >> * auth48archive@rfc-editor.org, which is a new archival mailing list >> to preserve AUTH48 conversations; it is not an active discussion >> list: >> >> * More info: >> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >> >> * The archive itself: >> https://mailarchive.ietf.org/arch/browse/auth48archive/ >> >> * Note: If only absolutely necessary, you may temporarily opt out >> of the archiving of messages (e.g., to discuss a sensitive matter). >> If needed, please add a note at the top of the message that you >> have dropped the address. When the discussion is concluded, >> auth48archive@rfc-editor.org will be re-added to the CC list and >> its addition will be noted at the top of the message. >> >> You may submit your changes in one of two ways: >> >> An update to the provided XML file >> — OR — >> An explicit list of changes in this format >> >> Section # (or indicate Global) >> >> OLD: >> old text >> >> NEW: >> new text >> >> You do not need to reply with both an updated XML file and an explicit >> list of changes, as either form is sufficient. >> >> We will ask a stream manager to review and approve any changes that seem >> beyond editorial in nature, e.g., addition of new text, deletion of text, >> and technical changes. Information about stream managers can be found in >> the FAQ. Editorial changes do not require approval from a stream manager. >> >> >> Approving for publication >> -------------------------- >> >> To approve your RFC for publication, please reply to this email stating >> that you approve this RFC for publication. Please use ‘REPLY ALL’, >> as all the parties CCed on this message need to see your approval. >> >> >> Files >> ----- >> >> The files are available here: >> https://www.rfc-editor.org/authors/rfc9303.xml >> https://www.rfc-editor.org/authors/rfc9303.html >> https://www.rfc-editor.org/authors/rfc9303.pdf >> https://www.rfc-editor.org/authors/rfc9303.txt >> >> Diff file of the text: >> https://www.rfc-editor.org/authors/rfc9303-diff.html >> https://www.rfc-editor.org/authors/rfc9303-rfcdiff.html (side by side) >> >> Diff of the XML: >> https://www.rfc-editor.org/authors/rfc9303-xmldiff1.html >> >> The following files are provided to facilitate creation of your own >> diff files of the XML. >> >> Initial XMLv3 created using XMLv2 as input: >> https://www.rfc-editor.org/authors/rfc9303.original.v2v3.xml >> >> XMLv3 file that is a best effort to capture v3-related format updates >> only: >> https://www.rfc-editor.org/authors/rfc9303.form.xml >> >> >> Tracking progress >> ----------------- >> >> The details of the AUTH48 status of your document are here: >> https://www.rfc-editor.org/auth48/rfc9303 >> >> Please let us know if you have any questions. >> >> Thank you for your cooperation, >> >> RFC Editor >> >> -------------------------------------- >> RFC9303 (draft-ietf-lisp-sec-29) >> >> Title : LISP-Security (LISP-SEC) >> Author(s) : F. Maino, V. Ermagan, A. Cabellos, D. Saucez >> WG Chair(s) : Joel M. Halpern, Luigi Iannone >> Area Director(s) : Alvaro Retana, John Scudder, Andrew Alston >
- [auth48] AUTH48: RFC-to-be 9303 <draft-ietf-lisp-… rfc-editor
- [auth48] [C381] Re: AUTH48: RFC-to-be 9303 <draft… rfc-editor
- Re: [auth48] [C381] Re: AUTH48: RFC-to-be 9303 <d… Alvaro Retana
- Re: [auth48] [C381] Re: AUTH48: RFC-to-be 9303 <d… Fabio Maino (fmaino)
- Re: [auth48] [C381] Re: AUTH48: RFC-to-be 9303 <d… Fabio Maino (fmaino)
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Alanna Paloma
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… dsaucez
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Alanna Paloma
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Vina Ermagan
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Fabio Maino (fmaino)
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Fabio Maino (fmaino)
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Alanna Paloma
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Dino Farinacci
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Fabio Maino (fmaino)
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Albert Cabellos
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… dsaucez
- Re: [auth48] [C381] AUTH48: RFC-to-be 9303 <draft… Alanna Paloma