Re: Benjamin Kaduk's No Objection on draft-ietf-6man-segment-routing-header-25: (with COMMENT)
"Darren Dukes (ddukes)" <ddukes@cisco.com> Tue, 22 October 2019 16:53 UTC
Return-Path: <ddukes@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A869C12009C; Tue, 22 Oct 2019 09:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Gc4qOFro; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=e7KdkMS/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYD5Kdm06_Ez; Tue, 22 Oct 2019 09:53:32 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36855120099; Tue, 22 Oct 2019 09:53:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6766; q=dns/txt; s=iport; t=1571763212; x=1572972812; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=MK8N4jGfIT0NILD3PRgd7JFe6SuMjRwbCCIM/168cew=; b=Gc4qOFrofeQ5vudT0OPKtn9KCgNkh6S8oQ8KJBZTP5DyWrtSdgrg+5pm V0svvm/MGC5Ay4lQ2HnPAPFhWFgsGLCvnLrjXsDcxLO0BvEsmnPTdXTnW FtIQM2Nm6sK3KrHV8wmtBeQT7RtHdVTQQY+s/1f+TXD2d56iXyOso+Wjb Y=;
IronPort-PHdr: 9a23:bP9IIhJlgb5Kn8P6XNmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeCtKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXEH3Mf3ndAQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AqAAB/M69d/5pdJa1lDgwBAQEBAQEBAQEDAQEBAREBAQECAgEBAQGBagIBAQEBCwGBSlAFgUMgBAsqCoQcg0cDiliCNyWYA4JSA1QJAQEBDAEBLQIBAYRAAheDEyQ3Bg4CAwkBAQQBAQECAQUEbYU3DIVLAQEBAwESEREMAQE3AQQLAgEIGAICJgICAjAVEAIEDgUigwCCRwMOIAECpyICgTiIYXWBMoJ+AQEFhQkYghcJgQ4oAYwOGIFAP4ERJwwTgkw+hH+CVjKCLI0Sgi83nWoKgiSRH4QHFAeCO4dTj0CPdZgIAgQCBAUCDgEBBYFoI4FYcBU7KgGCQVAQFIMGDBcVgzuKGDt0gSmNWAGBIwEB
X-IronPort-AV: E=Sophos;i="5.68,216,1569283200"; d="scan'208";a="348179675"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Oct 2019 16:53:31 +0000
Received: from XCH-ALN-016.cisco.com (xch-aln-016.cisco.com [173.36.7.26]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x9MGrVTP001387 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 22 Oct 2019 16:53:31 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-016.cisco.com (173.36.7.26) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Oct 2019 11:53:30 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Oct 2019 11:53:13 -0500
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 22 Oct 2019 11:53:13 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZjVbddaOQ4S/N5mdAzAV2BN5mAUMVmx5n/3/zm3wra+NeT0ED1WTn3m4eqPT9zpPn1WFrC7O0IFU5puOjsQSSuZeiOxwlRA2tlJeom7M1raJhEUaiMcfL6mpjE5STXKFfHGV3CDIX/BI7YcaKkPERg4uuSyfkkVoY6TwRlgOThFWPpKxnhN+akefX6R5FxfhoACjpS0EAThsRx/kcUAIRW6AaxcAxF+WzKwuyYG5lfR1YH9aAuMQEmTzmHR+1DvGIz/aqlofjwhWKcTbztVKXpH2z99J6pyDdTXz8uKkyKQ8OvG70WJMe/wwnLCqZlM2WVReckOmRTTixIe/ktUbLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MK8N4jGfIT0NILD3PRgd7JFe6SuMjRwbCCIM/168cew=; b=ZQ4VA3A4Py7gwhtXtbS9j54KN5vUs55VgvxEfI2+Pv3DTvsAKHdAYNft1U5JqDPaYhOgPJzGaSD7j4gY+gaTpMqS2Pmzo3TgpXS07gn1eWMwCdPZbqXUFH1kBObRtv+cQGsIK20ZwW5OtfRHn36nbhhF1x8az6+KD8CG4T8gIysE2TEe17hYDBaIoGA7flIYNyuMmQh0Y2VWUp8HoUszs6Zvq3vb9SIldkXgzORD7i/rqAIcFXYrcuIQ3Qrgf+ylnU1wybMOtbbPoAe7FbOqAmc0JIoo2qwH4j+p+n4pWYuiexJ2svPGwnkDUyCWs/Of/Q05FmJUFcMhZ/uhFIsCNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MK8N4jGfIT0NILD3PRgd7JFe6SuMjRwbCCIM/168cew=; b=e7KdkMS/Bo4hTMSk+OxTG00yZ0uJ1m/cr/OCkMX6nvobThKtD7E57aYyiZ85v6PNEj+aE2Ky9JxRAZnDQw+0/ztqGh1PfGsHzPIKSbIX0RODmRtvK7J/Wbfzwq4wNcm/IQWIX8AJG7iZ9/4bwf3LtZhQ5Taw14keqynKwOBjmpQ=
Received: from BN7PR11MB2594.namprd11.prod.outlook.com (52.135.246.159) by BN7PR11MB2868.namprd11.prod.outlook.com (52.135.252.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.20; Tue, 22 Oct 2019 16:53:12 +0000
Received: from BN7PR11MB2594.namprd11.prod.outlook.com ([fe80::a569:a74f:9bf4:81a0]) by BN7PR11MB2594.namprd11.prod.outlook.com ([fe80::a569:a74f:9bf4:81a0%6]) with mapi id 15.20.2367.022; Tue, 22 Oct 2019 16:53:12 +0000
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: The IESG <iesg@ietf.org>, "draft-ietf-6man-segment-routing-header@ietf.org" <draft-ietf-6man-segment-routing-header@ietf.org>, Robert Hinden <bob.hinden@gmail.com>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: Benjamin Kaduk's No Objection on draft-ietf-6man-segment-routing-header-25: (with COMMENT)
Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-6man-segment-routing-header-25: (with COMMENT)
Thread-Index: AQHVhdszOirxUYci1UyQq9ezSUVbj6dm5qoA
Date: Tue, 22 Oct 2019 16:53:12 +0000
Message-ID: <ECC88C0A-C84A-4815-99F8-7FA231ABED85@cisco.com>
References: <157142045331.3952.11715503142660645987.idtracker@ietfa.amsl.com>
In-Reply-To: <157142045331.3952.11715503142660645987.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ddukes@cisco.com;
x-originating-ip: [161.44.213.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3541ea4f-1117-447f-8b69-08d757105391
x-ms-traffictypediagnostic: BN7PR11MB2868:
x-microsoft-antispam-prvs: <BN7PR11MB286816D3102E3F845082BE77C8680@BN7PR11MB2868.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01986AE76B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(136003)(39860400002)(346002)(396003)(199004)(189003)(36756003)(64756008)(66446008)(476003)(8936002)(86362001)(486006)(446003)(6436002)(6246003)(102836004)(14454004)(186003)(229853002)(54906003)(76176011)(66476007)(66946007)(3846002)(99286004)(6512007)(6116002)(8676002)(6486002)(66556008)(316002)(66066001)(478600001)(76116006)(305945005)(2906002)(91956017)(7736002)(33656002)(71190400001)(6506007)(71200400001)(256004)(5660300002)(81156014)(2616005)(14444005)(25786009)(53546011)(4326008)(26005)(81166006)(2171002)(11346002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2868; H:BN7PR11MB2594.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2+g3vu3/QVqgyK2PyripoeyuYwm2LHIyjS5FzN4aNr4tuXFiZQIcOa9hKLBC68dkKKFYB0+zOynuil42GsxPlimohmpDkij9E8Npv7jEsKzj2Ajihy6eeSNCtTlKrwm1pr86QgAai9BNtvUfSnhKNBDFnqyiotz1tNjweXR5OGtSb7CcybOayCXWS+n0iA6KW+ljuITLSVwxS7sJEQ1hMyYJSSfK3ZSB04ybb/++2uPdFbwoz0ou3aX4uiI8zdT+XMAn8eashtH0OtAdhq+Q3pdvfYkSMKBVgBBIvsbncrNadtP6w+O0V/3BD+4cDBXmcPkMSArj3L/A8gHH04pjHNpZ2oJgBnGy/hLjKhRrlaJxWnlLMJneak96Ea/D5OxMhDfYxawDalpvMJx/DSgjXpMkVAirr+RyuE9bZWTc/BCLeC8XXIMPw2/0BqBgc+BK
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <09493523485CBA41B273F2C98700DC91@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3541ea4f-1117-447f-8b69-08d757105391
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2019 16:53:12.8405 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Qi4//E0Jqbbox6ElD7itU4Vu2S8xbFjlQrf4n0t0GQpJwpmK0Xr480es7JjdrYhfd9nQuAxw2v7CQjxASGxowA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2868
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.26, xch-aln-016.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/oiESjYCfxCp3Wc6jHs4nQgk7QBA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 16:53:35 -0000
Thanks Ben, please see inline. Revision 26 (to be published shortly) contains the changes to close your comments. > On Oct 18, 2019, at 1:40 PM, Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote: > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-6man-segment-routing-header-25: No Objection > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for addressing my Discuss points (including by having a discussion to > clarify that some of them are in fact non-issues)! > > Please also consider the following comments on the -25, none of which quite > rise to Discuss-level, but some of which are significant. > > I wonder whether we will ever want to have the HMAC protect (some of) > the other TLVs associated with the SRH; the current formulation is quite > rigid about what the HMAC input is (and trying to change that later, > e.g., by the presence of some other TLV, seems like a bad idea). What > we have here is fine for now, though, and we could always define a new > "HMACplus" TLV with richer semantics if a need arises. > With respect to the "changing that later seems like a bad idea" point, I > do see this text in Section 2: > > New SIDs defined in the future MUST specify the mutability properties > of the Flags, Tag, and Segment List and indicate how the HMAC TLV > (Section 2.1.2) verification works. Note, that in effect these > fields are mutable. > > I'm coming at this from a perspective of the operational considerations > when an HMAC verification node might implement only [this document] and > thus anything attempting to generate an HMAC according to a modified > procedure specified in some future document would produce an HMAC value > that would fail to verify. > > > Section 2.1.2 has: > > o RESERVED: 15 bits. MUST be 0 on transmission and ignored on > receipt. > > yet those bits are used as input to the HMAC calculation, which seems to > defy the "ignored" portion. > Ah, lets fix that: <UPDATE> o RESERVED: 15 bits. MUST be 0 on transmission. </UPDATE> > > Section 2.1.2.1 has: > > An implementation that supports the generation and verification of > the HMAC SHOULD support the following default behavior as defined in > the remainder of this section. > > which seems like it might have some vestiges of the previous model where > most of the HMAC verification procedure was up to local configuration; I > think we are now at a place where the following behavior is the only > behavior (not "default") and there's no need to qualify it with > "SHOULD”. Deleting SHOULD <UPDATE> An implementation that supports the generation and verification of the HMAC supports the following default behavior, as defined in the remainder of this section. </UPDATE> > > Also, it might be possible to spend some thought and convince ourselves > that the 'D' bit is not strictly needed, since an entity creating an SRH > for which the 'D' bit might be needed could just choose to not use the > reduced SRH in cases where verification of the first segment would be > needed. This would render the reduced option unusable with HMAC. The D bit keeps the choice up to the generating node. > But I did not spend the time to reason through this, so I'm not > advocating for removing the 'D' bit at this time. > > Section 2.1.2.2 has: > > At the HMAC TLV generating node, the Text for the HMAC computation is > set to the IPv6 header fields and SRH fields as they would appear at > the verification node, not necessarily the same as the source node > sending a packet with the HMAC TLV. > > Pre-shared key roll-over is supported by having two key IDs in use > while the HMAC TLV generating node and verifying node converge to a > new key. > > which implies a single verification node (my recollection is that we > settled on multiple verification nodes being possible). (Section > 2.1.2.1 also has "as it would be reeived at the node verifying the > HMAC", in a similar vein.) > This could be misunderstood: let's change "at the verification node” to "at the verification node(s)". > > Section 4.3.1.1.1 has: > > Example 2: > For any packet received from interface I1 > If first TLV is HMAC { > Process the HMAC TLV > } > Else { > Discard the packet > } > > This shows the location of the HMAC TLV as being up to local policy. > This is ... probably okay from a security point of view, but I mention > it in case our previous discussions have caused us to not want to > endorse this being a part of local policy. Thanks Ben, this example still fits within section 2.1.2.1 definition of when to check for an HMAC. Darren > >
- Benjamin Kaduk's No Objection on draft-ietf-6man-… Benjamin Kaduk via Datatracker
- Re: Benjamin Kaduk's No Objection on draft-ietf-6… Darren Dukes (ddukes)