IETF Logo Mail Archive

[Lake] SEC-DIR review of AP-ND:

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 03 February 2020 13:29 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A38A120059; Mon, 3 Feb 2020 05:29:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.498
X-Spam-Level:
X-Spam-Status: No, score=-14.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PmR3lQ5z; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=W84yqR0Q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uH3B27snARSY; Mon, 3 Feb 2020 05:29:28 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 952B012004E; Mon, 3 Feb 2020 05:29:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6976; q=dns/txt; s=iport; t=1580736567; x=1581946167; h=from:to:cc:subject:date:message-id:mime-version; bh=Noj0oQaRxq0eR3c/5STUTHbezqMSQ15ykxQZzITd1PI=; b=PmR3lQ5zeSKxMMBz4TkfzsMDZIU6NDFCzJ/eL4F++AMaCN9wL1Fa9Vzy 6cQuCkrT0d8+QxLOE25oKhIqr8Mh/oZLEJ8EKY0QDseyU+ilTz67S74np whG4e1iPPEM0LlPCgy1/7WD/yuBu0TUGgj/E40694ftEhht8DvJPYaIwC E=;
IronPort-PHdr: 9a23:8fXUeRPay2axKXrxTe0l6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjjMP73ZSEgAOxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DhFAAaHzhe/4sNJK1lgkGBJS9QBWwPSSAECyqHWgOKdZMAgwkDhGKBQoEQA1QJAQEBDAEBLQIBAYRAAoI0JDcGDgIDDQEBBAEBAQIBBQRthTcBC4VoAQMTGxMBATcBBA0BgQAmAQQODRqDBYF9TQMOIAECoEYCgTmIYoIngn8BAQWFERiCDAmBOIpdgUMagUE/gRBIgwqEETyDQIIskByGG5kvCoI7jzOHKJsIjmGbGgIEAgQFAg4BAQWBaCOBWHAVgydQGA2SEIpTdIEpjWABAQ
X-IronPort-AV: E=Sophos;i="5.70,398,1574121600"; d="scan'208,217";a="715684051"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Feb 2020 13:29:26 +0000
Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 013DTQdB010586 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 3 Feb 2020 13:29:26 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 3 Feb 2020 07:29:25 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 3 Feb 2020 07:29:24 -0600
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 3 Feb 2020 08:29:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=heC6sg9FeGNKERMqBCAi/fZxtvktI1JdDYBqpcUoShMPo7VfG3da2MySr7e8pwYgfL9xE4f8dtYzaszidmaflZzu48cgdYmIVojiRqoiSfUUU5hUuKa7PwGJzDEIMfh+V5k1dp8jp0jtZKIeP9vBom3CscDfyXxuGHFcgFZEOcNWB6oD2pLK+IwaZJg1WJlPC7ILlO26u2mHV8/7Y6Dph+6R0DpkRwA/A1kjQGjfpizA/EeJlPyJKg0OhLcUCvIfbLRTy6JBNz2y6ttajQSP7wndYGzSud8IysAftriBisjLj2eFWS0vSee3lzNELaiUPq+IHIjADOtngwB5KKWMtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5rDRYsCWPk62JFZdWTrbN0dWVuN+g9xJnyZ46/wNfWA=; b=oJwBJ5mJ1e1RYPnglQJXt4WQry0nSOySh0xNPeuD1ZyTPMxAsMSILhpHRdc6e1czN12Lk/7CJdORD0njClPBjrocNpsfk8fzVX+koFp8sDpQQwOIgIsyY/fI+i9DUuYiViTKA3iLwQhIu6TQd1tIhCmXQDG6vRJtzZugRQKPaTpSFlZrY49xPshFISLRQ4mlBDe050b+O/XhTtxx5j3tkFw0BoL3ePUSDKq9Qw31Z+x5ri+JErbTnotSykVSUBq2rttCUgJm26SHA0MsS6YTnQ8ccMMzNXNXmfDuaxso1BDfBngD2wCtb2Dv7Xq6/s7VhlNp1NTDHy3+Y/zd5XWB0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5rDRYsCWPk62JFZdWTrbN0dWVuN+g9xJnyZ46/wNfWA=; b=W84yqR0Q7couXOpwG+I++4uy1zDSkF0CWcNbZFFXZxRUzQ+kpC44G4hON4q/juCAKKYJWh9Bu/BJySXRwBeG1W4qwOLSrLfHvS0mWby8EPLm2HuAzKSAewRsV4jf9EdXHBTDLPYdUY8WioqloH4Cvvf5k6qeZjYYtNXLpEi1A4E=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4400.namprd11.prod.outlook.com (52.135.37.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32; Mon, 3 Feb 2020 13:29:24 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a%3]) with mapi id 15.20.2686.031; Mon, 3 Feb 2020 13:29:24 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>
CC: "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: SEC-DIR review of AP-ND:
Thread-Index: AdXalM3NpZbL6F5jTX6yHr16i5CVCA==
Date: Mon, 03 Feb 2020 13:29:06 +0000
Deferred-Delivery: Mon, 3 Feb 2020 13:28:14 +0000
Message-ID: <MN2PR11MB3565A885E27E86C53205825BD8000@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:ed17:c260:2457:4fd3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 31ca0f06-ec17-4bea-0c70-08d7a8ad15a4
x-ms-traffictypediagnostic: MN2PR11MB4400:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB4400AB9DF4A33A02C7CE4E75D8000@MN2PR11MB4400.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0302D4F392
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(39860400002)(396003)(376002)(136003)(346002)(189003)(199004)(4743002)(55016002)(478600001)(9686003)(86362001)(2906002)(6916009)(4326008)(6666004)(71200400001)(52536014)(7696005)(5660300002)(4744005)(54906003)(316002)(33656002)(8936002)(81166006)(66946007)(8676002)(81156014)(66446008)(6506007)(186003)(66556008)(64756008)(76116006)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4400; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0+B0C0lAm17k7N59+tzUfvXStSSEga8EUXKtaS3IddbgqhsSP7lGkfe6pPVpxcUr73clxBh/hroEIjfPmQnQq+6UKQ4Dt4uu8VE5yzoJljv4ge/vD7hKIKt5vlI02chsYAxGDNq1jnZxQaa3aBSFB7AD434BKPzJhrs3hiZyr94ZcHyBDWnBdtn/RIcGE2luwE0rb1FA6p4WyajM3SUfbaTA9Ioj3NJcWfakSD3aiYGTKwCId615OZ6MBXPDTb1VOCOSV7X+9O3aMMaC06viTcXMvqmsbubxBum5CCXgDxSFFfjBz34qhYWyToySruVxa9f5oOp0OAMV0ROgq7ZsakOWaipcKyjuIodglnzI3jsj9xcl4woz7jBkpmhiRv5Ax44MxEOWHbIm+Eu8A4YUJbsGaHdBTIvW9e0NHMK1VrCq8/2iHPvyPqPYENViMmn7
x-ms-exchange-antispam-messagedata: +IzNQBK5tPfeN2os28A2CBQhhvSnhrzT+SD+ftJ0LMCYVTYSRGZjnK8l0LE/JExOAEK9ZyOun6EhIe8kI0aLKlR3QKiSnrkwguUxb9pi8aPdb//VmO7HGIzEHy1Mpn9zXrAnnGHhl99YmKJ5loW9FEQXXHPf48ZpGyehpKsobkr7tx87lF3zrfb2P0BFJGydY6kWnwkUSog0bDyCv/Vo3Q==
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565A885E27E86C53205825BD8000MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 31ca0f06-ec17-4bea-0c70-08d7a8ad15a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2020 13:29:24.1206 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2DXlh9rtNjKvpnrUvcQQWpg4XmDp4YJPtMi4ZQ6dWHUO+oEFrzIzO0VS9vG7n0Gg5PeawYD2XBrt9Mrade62hA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4400
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.17, xch-aln-007.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/zqPy5fM6JsSVsYVUxhxspcpRdCo>
Subject: [Lake] SEC-DIR review of AP-ND:
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 13:29:30 -0000

Dear all

During SEC-DIR review, Benjamin pointed out:


> Why do we need to allow ambiguity/flexibility as to the point representation

> within a given Crypto-Type value (as opposed to fixing the representation as a

> parameter of the Crypto-Type)?  Alternately, what does "(un)compressed"

> mean, as it's not really clarified directly?  Furthermore, Table 2 lists an

> "(un)compressed" representation for type 0 (over P-256), but RFC 7518 notes

> that the compressed representation is not supported for P-256 (Section

> 6.2.1.1).  I also am not finding the needed codepoints registered in the JOSE

> registries to use ECDSA25519 (crypto-type 2) -- do we need to register

> anything there?


Any idea how we can address this?
In particular does anyone know why RFC 7518 does not support the compressed representation for P-256? Cc'ing LAKE on the impact of this


Pascal

v2.23.0 | Report a Bug | By Email