Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 09 April 2020 12:32 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BDC3A0776; Thu, 9 Apr 2020 05:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=cQtyeCQx; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=UERbGku6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fa4kw6qKdT54; Thu, 9 Apr 2020 05:32:40 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50DBB3A0A1D; Thu, 9 Apr 2020 05:32:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8260; q=dns/txt; s=iport; t=1586435555; x=1587645155; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=m3rgNWPWZ5OuYess/EZ6NqxKdNpVgnghWz4sxskOeGY=; b=cQtyeCQx7wrbbqKV2/m17GpMkZX2Keutgox2+wdXqD+nwZIJSeI14luB 5v0gum2hAJpYaKjhprMqEv+0iT5SoarxIDnziehg8ZrXgv3E6kuWRjeUV ihbR08eSXSjieWOZPhhS9y/FhvdOYsgqsd6/7erLuNs+sA2WenvHiEe8+ c=;
X-IPAS-Result: A0C/AgCMFI9e/40NJK1mGwEBAQEBAQEFAQEBEQEBAwMBAQGBe4FUJCwFbFggBAsqhByDRgOKa06BbCWBAZcfgUKBEANUCgEBAQwBAR4PAgQBAYREAheBdyQ4EwIDAQEBAwIDAQEBAQUBAQECAQUEbYVWDIVwAQEBAQMSEREMAQEwAQYBCwICAgEIEQMBAgECAiMDAgICGRcUAQUDCAIEAQkEBSKDBAGCSwMuAQ4DpRACgTmIYnWBMoJ/AQEFgTIBE0GDSRiCDgMGBYEJKosUgR8agUE/gREnDBCCGDU+gmcCAQEBARiBFAESASEXgnsygiyOEoJCO6AzCoI/h3iPRB2CUIhBhGGHSoRag2GKcAxpiSuPIINsAgQCBAUCDgEBBYFpImdYEQdwFWUBgj5QGA2RIjiDO4UUhUF0AgEKgRyOHwEB
IronPort-PHdr: 9a23:UNSsxRCMbeG6Soayray+UyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs13kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuIeD7aSc5EexJVURu+DewNk0GUJ+kNUffqXCz8zMeXw7nO1opdMLyHIOaz9yt0Py/8IHSZAMOgyehZbR1L1O9qgCD/sIXmoBlbK02z1PFpXZTM+JR2StkKEmSkBD1+srVntZ7/j5Vuu49+sIISqj8c6kiBbxfFyg9cm0=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.72,362,1580774400"; d="scan'208";a="449470659"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Apr 2020 12:32:33 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 039CWX1K028838 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 9 Apr 2020 12:32:33 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 9 Apr 2020 07:32:33 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 9 Apr 2020 08:32:32 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 9 Apr 2020 07:32:31 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CEe20GenDG4p7keWo2VKcsg/97DIALN1Gs4UqDvi/K4UGupdD5QJz0Gv5RNTZCdvcrVhn7DyClincdUrLVyA8tl5eMeuCdiS6w6RXT1XmW/yq8zlgfSLMdUGS/4IrTipht1BuxE4z18nRIvv1Kqd79mjKvZTcXN2v4NpaWHRUInwRWL/83+rS/V1Xbr0lVP1IkGrIZEDlTIj4/jI4rsVOGNrTvha65vrcW7TVYjiztRFFwjwLZ+EVBrlKJRRO4Onz1kudkgEBHqekdNYP5hOzMNv20aPxmwFKFgC6HBtODWrr8MyijRZs+TTGyz3q3s4fkVTL33GfLUxcNDjU/SqMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m3rgNWPWZ5OuYess/EZ6NqxKdNpVgnghWz4sxskOeGY=; b=MgGFNTTjBP8shai+ecZ567aiHGir0NJJpXXempzI3MF2m5OWDOoq4P9MUQp9kdRRbKkFFl5fkLMkDXYjTLTTtQBSXu5HaZV7eTN/Lfu4zj6DoxdurGM7ZaRqH+rNNQBaGuN2YSsCpXnmOQZ2ptDfFhjaftFgQBG4fwi5ztrSNsYB8SXhlmtCEmmfFB31qVNxFAP4XQb2AY8eSmZVIid1FN50Jqhktdsh3Vz+TcgA4eV+RjiCIUwg7p9DEIBCb54xl9ba6/pelaiCPGnYe4/0uimfpBVJE036eSvN/50BzYXSS0QvmTDNZ/ZRns+/ZlnpI540N/vW32xkWoO/B3ujkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m3rgNWPWZ5OuYess/EZ6NqxKdNpVgnghWz4sxskOeGY=; b=UERbGku6TpN4tQw7hMEQUMzZo3sclyajKLf8s1XPhLvg4C/cOGmNQ+C9OH6mt0Zi14a2Y9LlFyH7u6jaxxGennw4sl7PdFrjbm+tQ3XGK/y0LR9C/fjO/tEMCeKqdk0uAcGd/EZde5b+5ELjZbtpuB08zPMW5VkcNRzWR8fMf4Y=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (2603:10b6:3:10d::13) by DM5PR11MB1628.namprd11.prod.outlook.com (2603:10b6:4:c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.17; Thu, 9 Apr 2020 12:32:30 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::680d:e22e:72d5:67ca]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::680d:e22e:72d5:67ca%3]) with mapi id 15.20.2878.018; Thu, 9 Apr 2020 12:32:30 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
CC: "brian@innovationslab.net" <brian@innovationslab.net>, "taps-chairs@ietf.org" <taps-chairs@ietf.org>, "philipp@tiesel.net" <philipp@tiesel.net>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, "int-dir@ietf.org" <int-dir@ietf.org>, "draft-ietf-taps-transport-security@ietf.org" <draft-ietf-taps-transport-security@ietf.org>, "caw@heapingbits.net" <caw@heapingbits.net>, "taps@ietf.org" <taps@ietf.org>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)
Thread-Index: AQHWDlXlmLl+pE4XrEKlI+/geqSkX6hwtIeAgAAmMwA=
Date: Thu, 09 Apr 2020 12:32:30 +0000
Message-ID: <894AC91E-8128-42F0-8E6B-1A66EF84CF43@cisco.com>
References: <158642650492.8627.16111048765603393250@ietfa.amsl.com> <33e2fe4c9f68ee3fea18ed7109f210ea9374e1d8.camel@ericsson.com>
In-Reply-To: <33e2fe4c9f68ee3fea18ed7109f210ea9374e1d8.camel@ericsson.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:4c24:3036:65e7:5e26]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 292ddfa4-e18d-4e76-042d-08d7dc821266
x-ms-traffictypediagnostic: DM5PR11MB1628:
x-microsoft-antispam-prvs: <DM5PR11MB1628D47BC9CBE7C277AF3E61A9C10@DM5PR11MB1628.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0368E78B5B
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR11MB1753.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(346002)(136003)(366004)(966005)(316002)(2616005)(54906003)(6486002)(6512007)(186003)(110136005)(53546011)(6506007)(224303003)(15650500001)(33656002)(478600001)(8936002)(36756003)(76116006)(64756008)(66556008)(66476007)(66946007)(91956017)(2906002)(81156014)(66446008)(71200400001)(81166007)(86362001)(4326008)(5660300002)(7416002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pcpTQyG0J9rHaDjgKdmhz6T2nsZAxJiSIbCzBhGhPqU8YTtiSmfP3wtx6CMyjc9PIZscnpj5DHQUvMWbACOheOTxZMuUlcsmDapgcqULWRERqIM3CK6py9QarhMewCOE8n9xXoYGuAOU076C9Cxo7U2oZsrGql/f6D+TneU4bIdTaXR00OkbzjEPIICNamRbyH6PtFTH6euibryB5r48GUk87n5+JhgbXCLbakO/IyC2b80cs6p+ibFWEQtQnTPhmr3a5N7Ja2ZM1ylBU85R3UjsLzA1HEtBLI6FfsfFShkgwLR8Kd7d+/k6qFOJnlB1F3xnKb7rkIlMQ4LpB68+J5usz3I0m3Rrt73em2O+AEc9htXkslyXQwl6Qi66Hgb/4O/9ZD9MVjWl8D9QHB9nvzZYrOSTX8oeuceBrMgl807VwRz7zsID4rVcrGFOfw2lqmcMPnjCBwPiD0HB6qeXNNzu7+/jQy9hmiYBXAIPhpQyN5uUlkxVM5D3bcS7Qza3IT+oeePDXJXnbZFZ72Cm/w==
x-ms-exchange-antispam-messagedata: KGFa9vFhLy/ywrJiOji7Oe+HNeyR46D2UaF4Kx1V9keqoNA2tcho96nxHI867Cskniw+9nHIvs3AsE4luiJRX4kwQnLuw+4PaH5za1eRSbaOeR7F+NwboxKJKQ6ag20162CP8/apZ06U/U9jg1F4i6gmEUFBUOcIYJDNPSiRLTnxmCVL0KEkKgltuSNrRp/ccLH89v0niG5JucU9Y7sWBw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <80258F953CE1F64BB6E191DA24CFDD03@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 292ddfa4-e18d-4e76-042d-08d7dc821266
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2020 12:32:30.7659 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vKLW05OgQFJPuVOi5itj5Yq8gqynRC6IDvLcN9EeCIuApYmiP97KTbbNHiZEEx3UqAsCsbDM7KQAOK2CcBg4Kg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1628
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/_LRcN7w4KARw7NrKM3KmqUd4dNI>
X-Mailman-Approved-At: Thu, 09 Apr 2020 06:10:58 -0700
Subject: Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT)
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2020 12:32:42 -0000
Magnus A simple mention of the lack of IPv6 in section 3 of the description would be more than enough for me. -éric -----Original Message----- From: iesg <iesg-bounces@ietf.org> on behalf of Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> Date: Thursday, 9 April 2020 at 14:16 To: "iesg@ietf.org" <iesg@ietf.org>, Eric Vyncke <evyncke@cisco.com> Cc: "brian@innovationslab.net" <brian@innovationslab.net>, "taps-chairs@ietf.org" <taps-chairs@ietf.org>, "philipp@tiesel.net" <philipp@tiesel.net>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, "int-dir@ietf.org" <int-dir@ietf.org>, "draft-ietf-taps-transport-security@ietf.org" <draft-ietf-taps-transport-security@ietf.org>, "caw@heapingbits.net" <caw@heapingbits.net>, "taps@ietf.org" <taps@ietf.org> Subject: Re: Éric Vyncke's Discuss on draft-ietf-taps-transport-security-11: (with DISCUSS and COMMENT) Hi Eric, Aren't you going a bit to far now with this discuss? Yes, IETF stream procotocols are expected to support IPv6. This is a non-IETF devleoped security protocol which is investigated from the perspective of its features to influence considerations of required API surface for security features. All discussed in relation to a set of aspects where the only one having to do with addressing is source-address valdiation and which CurveCP do not support as particular relevant. I don't see how it is going to affect or impact that future work in TAPS WG.. Why do you think an aspect of a protocol that isn't discussed being relevant to mention? If you have a good reason fine then a disclaimer could be added. But I don't see how it would not result in a unconnected comment on a specific protocol which has no connection to the purpose of the document. Cheers Magnus On Thu, 2020-04-09 at 03:01 -0700, Éric Vyncke via Datatracker wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-taps-transport-security-11: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-taps-transport-security/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the work put into this document. It is really easy to read. > > Nevertheless, I am balloting a DISCUSS (see below), I sincerely hope that I am > wrongly asserting the lack of IPv6 support for CurveCP else the easy way to > clear my DISCUSS would be to mention this limitation in section 3 even if the > focus of this I-D is on the API. > > Please find below some non-blocking COMMENTs. An answer will be appreciated. > > I hope that this helps to improve the document, > > Regards, > > -éric > > == DISCUSS == > > I question the inclusion of CurveCP in the mix as per > https://protect2.fireeye.com/v1/url?k=c6d9b121-9a0dbd7f-c6d9f1ba-8691959ed9b7-6efcfea6e017deb9&q=1&e=d62bfe3e-4eac-4ef1-877e-ac1f40b4418d&u=https%3A%2F%2Fcurvecp.org%2Faddressing.html > it does not seem to support IPv6. At the > bare minimum, the I-D should mention this restriction in section 3. (and I > hope > to be corrected about CurveCP IPv6 support). > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Please respond to the IoT-directorate review by Mohit: > https://mailarchive.ietf.org/arch/msg/iot-directorate/xTVOvQ7kI78sDPZQuVsTvGB2x0s > Please respond to the INT-DIR review by Brian: > https://mailarchive.ietf.org/arch/msg/int-dir/2IHPgukaAAMvMjO7TXvo_ujcI_I + > Gorry Fairhurst's about GRE > > Generic comment about the intended transport: all protocols analyzed in this > document are point to point (no multicast), this should probably be mentioned > in the introduction. > > -- Section 1 -- > Is there any reason why the integrity property of IPsec AH is not mentioned ? > Same also applies in section 2 when "security protocol" is defined. > > -- Section 3 -- > Use the wording of "record protocol" generically while the term "record > protocol" is defined in section 2 as a blocked data transport (like in TLS). > Suggest the use of "data transfer protocol" ? > > An important property of such protocols is to be able to traverse a NAPT box > (that I hate)... I suggest to mention whether the analyzed protocols support > NAT-traversal in this description section or even in the analysis parts as > having a different view (application and network layers seeing possibly > different IP addresses so a potential impact on the API). > > > -- Cheers Magnus Westerlund ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [Int-dir] Éric Vyncke's Discuss on draft-ietf-tap… Éric Vyncke via Datatracker
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Magnus Westerlund
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Magnus Westerlund
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Barry Leiba
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Kyle Rose
- Re: [Int-dir] Éric Vyncke's Discuss on draft-ietf… Magnus Westerlund
- Re: [Int-dir] [Taps] Éric Vyncke's Discuss on dra… Tommy Pauly