Re: [core] Roman Danyliw's No Objection on draft-ietf-core-echo-request-tag-12: (with COMMENT)
Roman Danyliw <rdd@cert.org> Fri, 15 October 2021 12:57 UTC
Return-Path: <rdd@cert.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22B453A079D; Fri, 15 Oct 2021 05:57:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5n7IJ0gCHLiA; Fri, 15 Oct 2021 05:57:06 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0118.outbound.protection.office365.us [23.103.208.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CC8D3A0787; Fri, 15 Oct 2021 05:57:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Dz+hBMDMmCZ4CnOHWdTLqEILYxySD+IvwUNhW7K5OuFj/uoX2ZhX+9cz6twDlknDWafQ3beFgQ0iJYloQD6LaCtJoolNXgEfq9U8zkZmzhC2VYCiengD7NTBZYck+TMszwqk9bEG8hGXk7jMrbFcAALzVW+AbES/YNtJ/BYjEnf8uZXSHA21/JfiVOZS+QryKPm2czUgHfuXFxcqIutFr8UGhwC/OpxnJIh2j+CFWsuR3ZxnS/9s6JmHqMnLrEuVmzCVA6BU2RWCZHiJGluJeP0irIC1oON/bsRrE5YST3yErTf0U4MmRrTG24Bu3wjpDhQyPYBsNWZzEgaCdVH6/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WhMmXbWeKpWs7B/7XoFt758yYTD3i5PTcIqTsPto3I4=; b=vY6SlbixF7qBmbcFqOrxiftozhMNbqBZr4L/X9qGp1rb7Gr15Ow7LHqn7Fy7n9vBSvW1TWQGLnsqT+vRANAJLxwx6+oUijafW6GJ3RvCWySlzWlhU5VMcs45qnRS9K3lVUN9XKSrsnEYkQByh5lJANSekvx79HW2y69ew5eNIDR1FcTVNcnD1kVS5km6XCuegm0B1uTZfRoRHiVYM5fXn6ksXS1tG1Yg81WC1srgO9yB1oaejnDy2hZb6ns/eTp/Z35JqUXjvwxgoeoeElxAb2l6ucn/TUDyxclk3GZ5pYoflIybHsrtRNJa8rwF8ZhBE38XcW9Vw+7omtVh7UMFDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WhMmXbWeKpWs7B/7XoFt758yYTD3i5PTcIqTsPto3I4=; b=RQN75+/mSc5K0yc2qbdlXN13+arkOu3Jxkmgrzt5L8Z9E9gBt471Zrvy9J+PzkPimZcdiFJ+OcjslLVG8U+dHOxVbWep05t2OZ103nx7ZkKnBuPBJdRllQDh171wbTqjT9BoTNq2h8pkbqcvkxVqadx/Mxuq5wjxZCwtM+r5OXk=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0628.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:133::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.22; Fri, 15 Oct 2021 12:56:50 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4587.031; Fri, 15 Oct 2021 12:56:49 +0000
From: Roman Danyliw <rdd@cert.org>
To: Christian Amsüss <christian@amsuess.com>
CC: "draft-ietf-core-echo-request-tag@ietf.org" <draft-ietf-core-echo-request-tag@ietf.org>, "core-chairs@ietf.org" <core-chairs@ietf.org>, The IESG <iesg@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Roman Danyliw's No Objection on draft-ietf-core-echo-request-tag-12: (with COMMENT)
Thread-Index: AQHXBW8cvCaSDidzg0Coyufct8gU8atKGyyAgIthmfA=
Date: Fri, 15 Oct 2021 12:56:49 +0000
Message-ID: <BN1P110MB0939C50F2C3C0FB2D2A9258CDCB99@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <161359527152.11372.63177839446582675@ietfa.amsl.com> <YPSOLVspH6FQ4TTi@hephaistos.amsuess.com>
In-Reply-To: <YPSOLVspH6FQ4TTi@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: amsuess.com; dkim=none (message not signed) header.d=none;amsuess.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c851710b-d088-4882-c9b3-08d98fdb40ec
x-ms-traffictypediagnostic: BN1P110MB0628:
x-microsoft-antispam-prvs: <BN1P110MB06282BF5AA29116EC11A0406DCB99@BN1P110MB0628.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zx75xNjyRG0DnhQKvJAsP1OhbTfhYUPt9OZsqiYxWWzPBVUwsiEAR/f416T8lnGdvI3VseTpyiV2RZxNtTjTnQfX1l0ZBGcCVK3gUrutjB1kf+qt9k19E6quITiqSw4L4gVt68gD7UlEfKmphe+AY+0AYHq2H9fZZfpWriR+zm/9P1y8WK8/kP56uSqfT12PKQyoUaJ7Ma6edyEu4hV9kfw3mNIHxYVN6oIE+h5/3s5m4h7MfXqhx9qv9gNpQ5xntj2IfmJvIFsBzgiNkuMRxJXvBMkIlSdI6MV36Iyxmf3Txcmj4kNgZf45yciJvahuRZr5O5pTymzVUO8cIMLphsQaLFgP7PLqtqFCKEt3vZhW2Xe1/H1HqcDBSgMqvQrjE14/CMHTZIPQeh3DP4MSU075wmqUpmOkECpdTX6sdSTiMWxdkX970NYOHNX8bYqYh5yN28LaOdThkJSVdQBKuOZo5j+J6RryL0HTevmQONcaZYeZk0rra1BQAH/cl/cRHUf/Mt9MGnLdukHQwfhqinMSXrgXGtX5SIHTEeSngrlQti0+8dVCLoiqg7ca4PFSImUePK9ocxgSXjBgBGtC3Fc+B4XWzvR/zBQNuXKRS+smOMIjvGhpqS9TlbonySrf4G6W2+/eqhsLNmTpsQf6pVxTANenXWhrTfSoEGVIXbBI+pb5Sl22v6PScSYtad8iUA/oLldp4QENMVgQDRHufg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(86362001)(186003)(83380400001)(66574015)(8676002)(5660300002)(6916009)(9686003)(54906003)(53546011)(2906002)(26005)(7696005)(6506007)(55016002)(8936002)(76116006)(33656002)(38100700002)(122000001)(52536014)(71200400001)(4326008)(82960400001)(38070700005)(966005)(498600001)(66476007)(64756008)(66556008)(66446008)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5Z+PDkJklvt0vPULXU3z7nRWlLmWdcnN0tkcJiObJpRwfdofu131Ojl34p4jyNL0CvLSb4lWR4DIEtYTrVfsjvRsueDkXQyFEta3yOVDqMzQJUyR9OFFstR4KSpolgygP8I/wRMpMBd2RdVEYA+p1D2IzygUDxYEk0SNppnScfZLB5hPTB7cyy7K1MRLMZEF3Jf3n1r2zieyvuk58dGbd9dSLH4gLXXdjW+VU+66La8cpD6OXeS1ng/yIZZC7HYSg6O9ofVE53SULcCPqPNfRigQFPBBnATZHq/GVDezWySOh0I9a3TPwKlzJK25uT2lBjbeACqgHHT/FLKV9Nxrdo+Pd1g2w6pqySD1FX7iKmCiYysBVYuDZCTFpWUHAxMpl+bJrE0e5xBQnQDpitZo0n3l/wWdU66KOR58PqXWLXdPML3+SiOXjsMCCDN67zNnrKzO3F3CxgbA0wBKAdr68Q1oH5mYZrjW+yBl9dALl8A+WGzFh5+uIX+pd/pTssJvsY4ou0cscXvoZLrp6BCsajMMzs7fXlPGwrIRcKJ8EH1zryXu0DxcIWc1cRue2ON741OG9Cs6f7ApaJa8jhW4E55gCvJTY8fa5FM8ckuHcyS40589VeN18p3T/YadjUGQeO1V+oZirU8kVALGrb0CuUOpl1E9IganjxVjurlidbLDpMc6x62OqE+f+BojFIMtzob2OhVil98Dx0QgrF83ayMdXZZKRWTMjS6hLk+tw6g=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c851710b-d088-4882-c9b3-08d98fdb40ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2021 12:56:49.8336 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0628
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Iv6vPvW1T-xbCEHRNmOkVj6me7s>
Subject: Re: [core] Roman Danyliw's No Objection on draft-ietf-core-echo-request-tag-12: (with COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2021 12:57:12 -0000
Hi Christian! Sincere apologies for this tardy response. Thank you for this detailed explanation and the pointer to the generic-short-echo. This works for me. Please consider my comments resolved. Roman > -----Original Message----- > From: iesg <iesg-bounces@ietf.org> On Behalf Of Christian Amsüss > Sent: Sunday, July 18, 2021 4:25 PM > To: Roman Danyliw <rdd@cert.org> > Cc: draft-ietf-core-echo-request-tag@ietf.org; core-chairs@ietf.org; The IESG > <iesg@ietf.org>; core@ietf.org > Subject: Re: [core] Roman Danyliw's No Objection on draft-ietf-core-echo- > request-tag-12: (with COMMENT) > > Hello Roman, > > thanks for your input on echo-request-tag, and apologies for the delay in > processing them to completion. > > Please see [1] for a few general comments; here are individual responses to > your comments: > > > ** Section 5. Per “As each pseudorandom number most only be used once > …”, how will that be possible when echo values as small are 1-byte are > possible? > > Not all applications of Echo depend on pseudorandom numbers. Where they do > not, their construction can ensure that only unique 1-byte values are used.until > these are exhausted. > > See also GENERIC-SHORT-ECHO[1]. > > > ** Section 5. > > However, this may not be an issue if the > > communication is integrity protected against third parties and the > > client is trusted not misusing this capability. > > > > -- Why is the use of integrity presented as only a possibility here? Didn’t > Section 2.3 require it when assuring the freshness requirement – “When used > to serve freshness requirements including client aliveness and state > synchronizing), the Echo option value MUST be integrity protected between the > intended endpoints ...” > > -- Would it be clearer here to say that this is mitigation against an on-path > attacker, not against rogue/compromised clients? > > In the course of the GENERIC-SHORT-ECHO changes, this has been made more > precise using the concept of "authority over synchronized property" > introduced there. > > > ** Appendix A helpfully tries to lay out recommendations. A few comments: > > > > -- all of the recommendations here have option values much larger than > > the permitted minimum of 1-byte. In addition to the recommendations, > > could the circumstances of the lower bound also be discussed > > Item 3 of appendix A can be as short as 1 byte (until it overflows to 2), with a > concrete example linked, and includes a requirement for its applicability. > > > -- it would be helpful to explicitly state which methods apply to the > > specific use cases (client aliveness, request freshness, state > > synchronization, network address reachability). For example, method > > 3 (persistent counter) notes that it can be used for state > > synchronization but not client aliveness > > These are now tied together by the Characterization chapter introduced in > GENERIC-SHORT-ECHO. > > > Best regards > Christian > > [1]: > https://mailarchive.ietf.org/arch/msg/core/SIHjiM5AjFRZJRZGUjf3cW1sUu4 > > -- > This may seem a bit weird, but that's okay, because it is weird. > -- perldata(1) about perl variables
- [core] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
- Re: [core] Roman Danyliw's No Objection on draft-… Christian Amsüss
- Re: [core] Roman Danyliw's No Objection on draft-… Roman Danyliw