IETF Logo Mail Archive

Chairs conclusions Re: SRH Mutability and AH

Bob Hinden <bob.hinden@gmail.com> Fri, 03 May 2019 14:10 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07493120170 for <ipv6@ietfa.amsl.com>; Fri, 3 May 2019 07:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cTrRTAU_bUYA for <ipv6@ietfa.amsl.com>; Fri, 3 May 2019 07:10:54 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51DE91200CD for <ipv6@ietf.org>; Fri, 3 May 2019 07:10:54 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id p21so7291532wmc.0 for <ipv6@ietf.org>; Fri, 03 May 2019 07:10:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=12eBzEAnElRz4eGaS9sf7X4Bjc54kbt+BKYj1LZuHaQ=; b=kUTDPat/gUInN+VkY0uNIzj3qEw2nZLmRW0a97+bH5LxH6WZYfrWDOvCWDja4q8+IO o986Lei4QNdZgkUTWIOONE14ya8n/QAeJpitB18YJHTZpmm1vCUut8atlgYspIjT5hEG 9EUa1L6yhkiz1UiBwZyxpNcLFryND1hFkUNhkMpL03+xOZYd56Kq93DxV2IqJGd3iVgT +e6jvj5CbYGxzFaTMsWVSYuzsF6P+iyk/u0ATXfSTYhwSazbcs9T1XWJ3hBOzbBJRwsE gtKkQdnW+dTtVW80PShD7IFpN0bXkxuWd8zg1KhVE2yNEBn1OsxJYXrvxKaHP95EHJA0 ffiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=12eBzEAnElRz4eGaS9sf7X4Bjc54kbt+BKYj1LZuHaQ=; b=q9uMnONQ760N/QUC0TPlE354DBKY/D2ICIKYbNIT01tupStXrE8zMd155f3Z9TifDw cOa6RqtLtI9Q3z5H4/XX074NNO/0fv8YvXirHEq8kNACwb5d0ZO1bscc5bs/It/jEO6s 5V5b8xwqEHxLXp5Cz1Q+Sbuz9qd2dGvw7c2wP4CoaHjRelbxyubsTWNXDcilXZenlrpD 4pR6Z9q10HKYAuP7uSfj4snI5shuAJeh5B7QhgfNa5a3T+QOSvhMMYg0kojmyvyG1ACS nTobGdA2tAXAiPdfcupabtLI6PW4JhNQdUW7ya9bqfNUG92q0Fdt3fFWcLJGSOmMdSE+ y0uA==
X-Gm-Message-State: APjAAAWNLMehCbNnu2/2+6QtWyrF/DlubC4KoQxFpdYaDiJs8Xapqm0t I88xIg0OtIQnN+gNsOOdFcQEZPnx
X-Google-Smtp-Source: APXvYqyfI5vtM/Dqzpz7czGD1RAbOVxE02KgZqu0juL+WODlIkAagiedE8GsoKDIWHzIFQ4xrqFjDg==
X-Received: by 2002:a1c:988d:: with SMTP id a135mr6134410wme.71.1556892652618; Fri, 03 May 2019 07:10:52 -0700 (PDT)
Received: from ?IPv6:2601:647:5a00:ef0b:d35:dba:fa85:9866? ([2601:647:5a00:ef0b:d35:dba:fa85:9866]) by smtp.gmail.com with ESMTPSA id o130sm2212406wmo.43.2019.05.03.07.10.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 May 2019 07:10:51 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Subject: Chairs conclusions Re: SRH Mutability and AH
From: Bob Hinden <bob.hinden@gmail.com>
In-Reply-To: <B6BE89CE-0158-4EA0-835D-FAC4C045515E@gmail.com>
Date: Fri, 03 May 2019 07:10:48 -0700
Cc: Ole Trøan <otroan@employees.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <73315181-3ECD-44DA-BAF5-FD29200B3D94@gmail.com>
References: <B6BE89CE-0158-4EA0-835D-FAC4C045515E@gmail.com>
To: IPv6 List <ipv6@ietf.org>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/jBpmjGZd77ZRHKOKUF6Hsbcc0is>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 14:10:56 -0000

Ole and I have reviewed the discussion in response to our question.  There isn’t an approach that everyone agrees too, but we came to several conclusions.

1) The SRH draft should clearly specific which SRH fields are mutable, non-mutable, and/or predictable to be consistent with RFC8200.   We don’t think the current draft is clear, some of the changes introduced -18 made the problem worse (for example, removing the change flag from the TLV definition in Section 2.1, and the new AH text).   Having this part of the specification be clear is good practice to achieve interoperability.   We don’t see any downside to doing this.

2) We don’t think the document needs to specify how AH should work with SRH.  Once 1) is resolved, it should be possible to have AH work with SRH, but that is out of scope for this document.   The SRH draft can say that defining how AH works with SRH is out of scope and may be define elsewhere.   If there are people who would like to define this, they can write a separate draft.

We would like to see a -19 published with these changes.   Once this is out, we will start a two week working group last call on the new draft.   There are two open issues in the tracker, we think the #69 will be resolved by 1), the other (#67) can be raised during the w.g. last call if still appropriate.

There is not a solution here that makes everyone happy, but we think this is a reasonable position that should allow the document to advance.

Thanks,
Bob & Ole



> On Apr 13, 2019, at 9:14 AM, Bob Hinden <bob.hinden@gmail.com> wrote:
> 
> Reading the email thread and looking the new draft <draft-ietf-6man-segment-routing-header-18> as compared the previous version <draft-ietf-6man-segment-routing-header-17>, we would like the working group view on AH and mutability of SRH and its TLVs.
> 
> In the context of AH and ICV calculation, there are essentially 3 options:
> 
> 1) Say nothing at all. Similar to the RFC6554 approach.
>   While unstated, an AH ICV implementation would likely have considered it mutable but
>   predictable as RH0
> 
>  Consequence for the draft:
>   - Remove section 7.5 in -18.
> 
> 2) Whole header content mutable
>   Current revision -18. AH ICV zeroes out the full content of the SRH.
>   Neither SID list nor TLVs are protected.
>   See section 7.5 in -18.
> 
> 3) Predictable and mutable
>   Very close to revision -17.
>   TLVs have a flag like HBH/Dest option stating if the option can change en route.
>   Both SID list and immutable TLVs are protected by AH.
> 
>   Aligned with RFC8200, RH0, RFC4302
> 
>   Implications for the draft:
>   Put back the following text from -17:
> 
> ------------
> Section 2.1 SRH TLVs
> 
> TLVs may change en route at each segment.  To identify when a TLV
> type may change en route the most significant bit of the Type has the
> following significance:
> 
>    0: TLV data does not change en route
> 
>    1: TLV data does change en route
> 
> Identifying which TLVs change en route, without having to understand
> the Type, is required for Authentication Header Integrity Check Value
> (ICV) computation.  Any TLV that changes en route is considered
> mutable for the purpose of ICV computation, the Type Length and
> Variable Length Data is ignored for the purpose of ICV Computation as
> defined in [RFC4302].
> 
> Section 5.4.  AH ICV
> 
> Within the domain, an SR source node which includes SRH and AH
> extension headers can predict the content of the SRH and calculate
> the ICV at the SR source node, ensuring it can be confirmed at the
> destination.
> ----------------
> 
> We have questions about these changes in -18. Given the limited domain applicability of this option, it might be unlikely that AH will ever be used. But even so, there might be value in explicit signaling of which parts of SRH and TLVs are changeable en route and which ones aren’t.
> 
> What is the working groups view? Is it important to specify integrity protection for the SID list and TLVs? Or given the controlled domain expectations can it be left without?
> 
> Thanks,
> Bob & Ole
> 
>

v2.23.0 | Report a Bug | By Email