Re: [ippm] Secdir last call review of draft-ietf-ippm-encrypted-pdmv2-05
Tommaso Pecorella <tommaso.pecorella@unifi.it> Wed, 17 January 2024 02:58 UTC
Return-Path: <tommaso.pecorella@unifi.it>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2237CC151099 for <ippm@ietfa.amsl.com>; Tue, 16 Jan 2024 18:58:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=unifi.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ObGWggHmjD6 for <ippm@ietfa.amsl.com>; Tue, 16 Jan 2024 18:58:13 -0800 (PST)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C974AC151557 for <ippm@ietf.org>; Tue, 16 Jan 2024 18:58:13 -0800 (PST)
Received: by mail-lj1-x236.google.com with SMTP id 38308e7fff4ca-2cd1a1c5addso123039591fa.1 for <ippm@ietf.org>; Tue, 16 Jan 2024 18:58:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unifi.it; s=google; t=1705460291; x=1706065091; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=5LeNBjA5mwsPgifBFCdLQErGhEssfD40Qord8Uhq8wg=; b=IF6vMfm4ajazU4d3mdIPWJmYXRSzOVPcTaR482V7iS/9gHmcAlPwkHN7AuA0Rly89O 1Gh/rb9evklwmUUzoIyLZf5/8gpUrKHa3DD8lL+SYWlcuxJ4EsT5LG57VPvGTP8Cv9Yg vXuEByf0E6jvSSeLtEwlyZVbSQ7OSmW82/O8QilJHhGD6FkLmD+nE0pjYgiph8kv+Cbd A7xzdclSSSc27rxCv//gjw3NucUDBFy1YMX4/Yt0dsU80IgOTRe37WGSngLNsqMb/FXZ b/7kCj6tGwlQ54ElgFyEBY/ZtniGUg4jgoXL7ZifbPMoMZQ+QN3xjYp2DuKER3U85NRj K/Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705460291; x=1706065091; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5LeNBjA5mwsPgifBFCdLQErGhEssfD40Qord8Uhq8wg=; b=AvUqfSqCMqk7VOhg7vtcswkYI/dE2Eztx0JDwn4VXM3TzaKdGRpSwlV7cq+pSg2iw/ dPOJK8m/8yVguAU3JhH3IxLKTYDElsjkN/ijDkMAX4dXUXRj3bX+GyvhB6muuUYquFQA gxCCh8Qa/1q945xHvGwbpg6fNZh9Ev0ZvAOppB0yr48vnit0ND7faPoWQd9tAQcyjvkD f48PMoWeI+bR8LsL9ig8CZfi719aCDVUPGY08j6wEyqR1uK58b/dK1svmB/nfDKYKFzF 5FRmRLet4UL3+2hzhUA7TmWNIrImXG1yxItdiWGJLgXRhNEuPUMgFW0k0k73AwyM69MJ ziZg==
X-Gm-Message-State: AOJu0YynRnox2/CNzvtBFhD2hnYNEW4yp976oZBGnLYUs7ngK4blbjD5 +uVV/R55sgzUAoMHAdW16IvUnYtOaPb04A==
X-Google-Smtp-Source: AGHT+IGbdUvXFrMNtSQW1b2Jb26sh3RLZpSmpBozXWyli222Q2+6zLzh7pzb+RugU4+jrzmacQqrsQ==
X-Received: by 2002:a2e:8007:0:b0:2cd:63e4:75ff with SMTP id j7-20020a2e8007000000b002cd63e475ffmr3925411ljg.35.1705460291272; Tue, 16 Jan 2024 18:58:11 -0800 (PST)
Received: from smtpclient.apple (2600-6c40-1200-1d6e-69e2-11b5-8e60-3656.inf6.spectrum.com. [2600:6c40:1200:1d6e:69e2:11b5:8e60:3656]) by smtp.gmail.com with ESMTPSA id pa39-20020a05620a832700b0078353332599sm2729868qkn.21.2024.01.16.18.58.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Jan 2024 18:58:10 -0800 (PST)
From: Tommaso Pecorella <tommaso.pecorella@unifi.it>
Message-Id: <62861C2C-561B-4008-88FC-495BE0851F21@unifi.it>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CF5FC61A-6668-4146-A058-6F55E2CB258C"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\))
Date: Tue, 16 Jan 2024 20:57:58 -0600
In-Reply-To: <170535671970.49108.2375384616689861939@ietfa.amsl.com>
Cc: secdir@ietf.org, draft-ietf-ippm-encrypted-pdmv2.all@ietf.org, ippm@ietf.org, last-call@ietf.org
To: Chris Lonvick <lonvick.ietf@gmail.com>
References: <170535671970.49108.2375384616689861939@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3774.300.61.1.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/3CKMqDi4uOPwCrf8rRJHgeAl_RA>
Subject: Re: [ippm] Secdir last call review of draft-ietf-ippm-encrypted-pdmv2-05
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2024 02:58:19 -0000
Hi Chris, Thanks you very much for your valuable comments, I agree with them. We’ll incorporate them asap, with only one minor change - RFC 9250 is "DNS over Dedicated QUIC Connections”, so I guess you meant 8250 :) Cheers, T. > On 15 Jan 2024, at 16:11, Chris Lonvick via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Chris Lonvick > Review result: Ready > > Hi, > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These comments > were written primarily for the benefit of the security area directors. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > The summary of the review is Ready. > > The document explains the use of a lightweight handshake and encryption > protocol for the PDM destination option. I found it to be readable and to > explain how to use the protocol. > > I found a few nits that the authors may wish to review. > > Second paragraph in Section 1 > Current: a timing attack MAY be launched against > Proposed: a timing attack may be launched against > (This isn't a directive in the protocol so doesn't fall under BCP 14.) > > Second paragraph of Section 5.4 > Current: > Our choice is to use the HPKE framework that incorporates key > encapsulation mechanism (KEM), key derivation function (KDF) and > authenticated encryption with associated data (AEAD). These multiple > schemes are more robust and significantly efficient than the > traditional schemes and thus lead to our choice of this framework. > We recommend default encryption algorithm for HPKE AEAD as AES- > 128-GCM, however this is an implementation choice and can be > negotiated between the communicating parties. > Proposed: > It is RECOMMENDED to use the HPKE framework that incorporates key > encapsulation mechanism (KEM), key derivation function (KDF) and > authenticated encryption with associated data (AEAD). These multiple > schemes are more robust and significantly more efficient than other > schemes. While the schemes may be negotiated between communicating > parties, it is RECOMMENDED to use default encryption algorithm for > HPKE AEAD as AES-128-GCM. > > Somewhere in Section 6.3 > Current: > This field is also used in the Encrypted PDMv2 as the encryption > nonce. > Proposed: > This field is also used in the Encrypted PDMv2 as the encryption > nonce. The nonce MUST NOT be reused in different sessions. > > New paragraph in the Security Considerations section > Proposed: > Security considerations about HPKE are addressed in RFC 9180. Security > considerations about PDM are addressed in RFC 9250. Security considerations > about destination objects are addressed in RFC 8200. > > -------------------------------------------------------------- ``... anyone can do any amount of work, provided it isn't the work he is supposed to be doing at that moment.'' -- Robert Benchley, in Chips off the Old Benchley, 1949 -------------------------------------------------------------- Tommaso Pecorella - Ph.D. Associate professor Dpt. Ingegneria dell'Informazione Università di Firenze CNIT - Università di Firenze Unit via di S. Marta 3 50139, Firenze ITALY email: tommaso.pecorella@unifi.it tommaso.pecorella@cnit.it phone : +39-055-2758540 mobile: +39-320-4379803 fax : +39-055-2758570
- Re: [ippm] Secdir last call review of draft-ietf-… Tommaso Pecorella
- [ippm] Secdir last call review of draft-ietf-ippm… Chris Lonvick via Datatracker