[Lwip] Roman Danyliw's Discuss on draft-ietf-lwig-minimal-esp-09: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 07 April 2022 02:42 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: lwip@ietf.org
Delivered-To: lwip@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1282A3A076E; Wed, 6 Apr 2022 19:42:18 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lwig-minimal-esp@ietf.org, lwig-chairs@ietf.org, lwip@ietf.org, mohit.m.sethi@ericsson.com, mohit.m.sethi@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.46.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <164929933803.4445.13988841938366883990@ietfa.amsl.com>
Date: Wed, 06 Apr 2022 19:42:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/uz0LXsAsFuVkPEb_uAhXZbNeEOo>
Subject: [Lwip] Roman Danyliw's Discuss on draft-ietf-lwig-minimal-esp-09: (with DISCUSS and COMMENT)
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2022 02:42:18 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-lwig-minimal-esp-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lwig-minimal-esp/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 5. The paragraph starting with “As the generation of dummy packets …” would benefit from refinement. It starts with saying dummy packets “may be avoided”, but the second half of the paragraph argues the opposite. The use cases of constrained devices concerned about device lifetimes (first half of the paragraph) doesn’t seem mutually exclusive from those with dedicated applications (second half). I recommend being cleared on the assumptions guiding the use of dummy packets. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to David Mandelberg for the SECDIR review. I support Paul Wouter’s DISCUSS position. ** IDnits reports: == Unused Reference: 'RFC2119' is defined on line 553, but no explicit reference was found in the text == Unused Reference: 'RFC8174' is defined on line 581, but no explicit reference was found in the text ** Please add a privacy consideration section (or merge it into the Security Considerations) to say that the practices suggested in Section 2.1 will reduce privacy/security by enabling device fingerprinting. ** Section 2. For nodes supporting only unicast communications, this document recommends to index SA with the SPI only. I don’t follow how this is new guidance. Section 4.1 of RFC4301 only seems to already suggest that: For an SA used to carry unicast traffic, the Security Parameters Index (SPI) by itself suffices to specify an SA. ... However, as a local matter, an implementation may choose to use the SPI in conjunction with the IPsec protocol type (AH or ESP) for SA identification. ** Section 2 Typically, temperature sensors, wind sensors, used outdoors may not leak privacy sensitive information and most of its traffic is expected to be outbound traffic. When used indoors, a sensor that reports every minute an encrypted status of the door (closed or opened) may leak truly little privacy sensitive information outside the local network. In both cases, if the state of the sensor doesn't leak privacy info, a randomized SPI is not necessary. Is this temperature/wind sensor example assuming that potentially leaking model and version information is not privacy sensitive (as established as possible in the previous paragraph)? Is the door sensor example assuming that it is communicating on a local network? This is a design decision that this class of sensor could never be integrated otherwise? ** Section 3. For inbound traffic, this document recommends that any receiver provides anti-replay protection, What is the intent of this guidance – is it that “this document recommends that all receivers provide anti-replay protection”? I’m having difficulty parsing the “any receiver”. ** Section 4. Per the paragraph starting with “As a result, TFC cannot be enabled …”, I don’t understand why this text is needed. The previous paragraph established that TFC is not recommended for this profile. Why comment on an extension which is not part of the profile? ** Section 4. Per the paragraph starting with “some constrained nodes …”, is this paragraph also needed? What minimal ESP guidance is the implementer intended to take from this text? ** Section 7. This section lists some of the criteria that may be considered. Considered in support of what decision? ** Section 7. As a result, the list is provided as informational: How should the reader use an informational list in an information document which doesn’t use any RFC2119 normative language? ** Section 7. In the latter case, authenticated encryption must always be considered [RFC8221]. What does it mean to “consider” authenticated encryption? Should it be used as a first choice, unless use is not possible? ** Section 7. When the key is likely to be re-used across reboots, this document recommends to consider algorithms that are nonce misuse resistant such as, What does it mean to “recommend to consider”? ** Section 7. Bullet 3, Interoperability. The guidance being given to implementers isn’t clear to me. Editorial -- Section 3. Typo. s/know whereas the received/know whether the received/ -- Section 3. Editorial. s/sending a temperature/sending a temperature measurement/ -- Section 3. s/sending a temperature/sending a temperature measurement/ -- Section 4. Typo. s/TFC has not yet being/TFC has not been/ -- Section 5. Typo. s/More especially, in constrained /Specifically, in a constrained/ -- Section 5. Typo. s/and so may be avoided/a should be avoided/. -- Section 7. s/overtime/over time/ -- Section 7. Typo. s/not be known vulnerable or weak/must not use ciphers known to be vulnerable or weak/ -- Section 9. Editorial. s/for each field/for each ESP field/.
- [Lwip] Roman Danyliw's Discuss on draft-ietf-lwig… Roman Danyliw via Datatracker
- Re: [Lwip] Roman Danyliw's Discuss on draft-ietf-… Daniel Migault
- Re: [Lwip] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Lwip] Roman Danyliw's Discuss on draft-ietf-… Daniel Migault