Re: [netconf] Securing UDP-notif messages with DTLS

Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de> Mon, 02 August 2021 09:40 UTC

Date: Mon, 02 Aug 2021 11:40:24 +0200
From: Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
To: Zmail <alex.huang-feng@insa-lyon.fr>
Cc: netconf@ietf.org, "<Marco.Tollini1@swisscom.com>" <Marco.Tollini1@swisscom.com>, pierre francois <pierre.francois@insa-lyon.fr>
Message-ID: <20210802094024.e2hhsnbtwop4ihmj@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Zmail <alex.huang-feng@insa-lyon.fr>, netconf@ietf.org, "<Marco.Tollini1@swisscom.com>" <Marco.Tollini1@swisscom.com>, pierre francois <pierre.francois@insa-lyon.fr>
References: <51A0785B-F9B3-4644-92E5-06820835291C@insa-lyon.fr>
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <51A0785B-F9B3-4644-92E5-06820835291C@insa-lyon.fr>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (212.201.44.244) by AM0PR01CA0087.eurprd01.prod.exchangelabs.com (2603:10a6:208:10e::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18 via Frontend Transport; Mon, 2 Aug 2021 09:40:24 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ff559d87-27bf-4665-83a0-08d955998dc8
X-MS-TrafficTypeDiagnostic: AM4P190MB0115:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM4P190MB0115CBF8C8DC8C10B5FD06E5DEEF9@AM4P190MB0115.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: xYk0iOcWH3hqcBfAtkLK9rLhwGlfflIref1aGoweiiRSBisHEEL0L7jwPYo3gK03tiDHeAU6tp3g3OWcfmFy8E8JpptV2tRmbssjbAYYVOVsDTHridkBjqDlHvA13XThmbQosaulNzX4KNjN/Kz6Y4sI9pxqZx3rN/PxX0zqfpvFTap4u7L/EbRCN0Fy546llpstb0PN/snBAIvlJc+VdN7sHplotLtQkcx1A6Jo4IkAlCGQur1Nsipva4LbrG0Sz7YuJBQV4DhmChHvTlExBs3nwXBJ70IWg54+aCe7etUY0DY5btyrIKRmt40fEL2m3U6VvNmH5TNj4u8rttS8HBHaMUGBX4K3mdjxpKs73D+Cwe1BFe/4xpFf7tDtiPJ06zkIiUuHo8vg9h9sqX0AcGIT0y9mS9cfFQj5XJOoYW3gyvC/K8UcjwzeQjT6rZFtSlUED2/iW8ILEzxSnFzw+svVqTKAJ8ulQNN2RM9FstLzf7mGlcCgEmvzPjmQqgV2xseFa+ocZBos/3t4wJpZm2wSLWYFEvtlrznTP8NrJ9ejLFGX+/4Od+E8y5YPpoGY4PuDwXqtb03XAGFsvyOLXgEQudRION+Ny+UjD5+hiK16hDMW0OAAa8IpHUC5uPn/7wFpcilgLbCIKxmJtN/CaPFyVVW0BB1HR4rNw4RijbU0PpFjN5X1LltqusIzn6tCpUlB+tbB/xPvqWxNrIinlVOn7mhot4bhJo8XQA1zQFcgA/50/htcqqOj1nQ5yA1IIg7InAWdZLizIkuIquHtyaYsg5doTzRns+5ePjHsPHhFDdGV1VdRArWxAPjn2NBH
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P190MB0641.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(376002)(396003)(366004)(346002)(39850400004)(136003)(26005)(52116002)(478600001)(6496006)(8936002)(6916009)(186003)(66946007)(66476007)(66556008)(6486002)(15650500001)(4326008)(966005)(8676002)(38100700002)(85202003)(38350700002)(5660300002)(3450700001)(86362001)(2906002)(786003)(316002)(85182001)(83380400001)(956004)(1076003); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 5sJEUD2oRt1cfFh3vic/y1Det41Ek38rABYQmNSPDsnyJCNQixFcRSOce5enuMHney9NTv4vmQMyoAWVdOUC1tYfBanctk/ohs4vDe4rvfC1NIrObaxxFYhm5Ul0zGTxFAAGGrygJbNhGcGE5uF5OKHfW+hUXjhMCq2+gd9xEJ4HqG0zn3xqACuxW3wxc9z8jFxVy0c09kzcIHPIN5ZxircGexC4nmdLBKEEsM/lO4wlDaCD/fuv9+bXnuhUVNHg2THPQ6pz7Dz5ucvcEvV4hXbS/xRrvYD3kKS8nXjTFPvCEbSOiLWAKWaCAbQNgdoxukPGs99vy/WRIPsdflfcbRypur6QmeLBVHBhgrcDHQdNlCo7Ba3dSnZvSrElKD+ZjmZxkhzCcURL9UObR8XBFefpat6/SKNB62Z/2AA916nNfexVRpCPxJ+R9I1AFbru/csvQlJM8+zw6p7dwRMUXpUq5f7WfTl0Lpwf1YTQbeGpm9rJF63cRIHVwaCl0grYXFDho+9uBeZopWUKb5HEw4PnCXK8s2IMg5y4aS0myNiz+jrcY8LNDrBAy6oDemFLuVT0Pwym9LxuJ4sTKI3A5Q+Xo5jAQUtYPXwFTUT8EBKDK1GO4/apqhrLZEbNwkO+vNPJpOZZNnW265B53/UjgqPG5+PBNu0kAbg3Zu3qmuqXrjNNfGRLjJ5o04wMsQpUWgDlsspDG5UAkKk1AyjB4/VvnGXBj7pWF/NYzIS4Qjqp66iRp9DhTQyzL7vmjBwi1/Gz6ns8q3s1QbSDd93P+jQQJnyCc3gvKJL65w624pcco2eHWBghH1w2il8zmJ5aUxe44kAYXCSGq6I6DNeg9wKi41ZV/I33t4lFJl9eU2eIGrdqdvQu5gDB2C8cqFTdhoRVgPyZi4uyqOwGcsvlu6W5CFIhe3Jrvn6j3kvpUO9DPO6OuHaYNF4X/ouWwFaseP7zaVHTRLj4oN4hwAxJyr2JcFncAJEHhaqR9WWDe4ssMcIJEvF97SRZmbenPPk6rJHl6qhh+1Fqr3TnH+i3QdpZ/rFg38I+ir7vxlPMv7MWJJa8so7Ql/As7G5zG0jag84xy0oZgx6UajPYUe24cNdjZ++678Mpcjig0GwgQAHzVqQ0x78Pd+0qIlfDk/zPxdFu/4MHfclMM8qfZKH6sbMrU0E45FWjZKVu/HqvuJJHK414b9DcqJCfPlzYCfzvGcKgLRrxzwNzT/mflb0C1qDmUmK+76bFYSvsTo5Pqt4su3zSRV9WfLoGva4Kpi/tz9UK8tY53zulh1BhsNAa1kormAJl3ZOrkOECLDOwRpquCeCeLvgMn4BWG2G8xEdM
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: ff559d87-27bf-4665-83a0-08d955998dc8
X-MS-Exchange-CrossTenant-AuthSource: AM0P190MB0641.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Aug 2021 09:40:24.9887 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Ukkp6vVRGpOnJyJMs9MJOWygw8PozByq65mpoiP5EqHGCmIS2x9GsKQtfHPY34/nOUAhmTlgEOA85m32QLTG+XuxEtUGOJiV78qvWqCqoMw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0115
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/kmAfxlRzrtWhcn_yNlzB5MrwTLo>
Subject: Re: [netconf] Securing UDP-notif messages with DTLS
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 09:40:33 -0000

Since I doubt that a protocol not providing security will receive
IESG approval, I suggest that this work is getting integrated into
draft-ietf-netconf-udp-notif-03.txt.

I have not read the content but the I-D seems fairly small so
integration into the WG document should be fairly trivial. Given past
experience, it might be that the DTLS/UDP transport will become the
mandatory to implement transport.

/js

On Mon, Aug 02, 2021 at 10:59:07AM +0200, Zmail wrote:
> Hello to everyone,
> 
> We would like to present a new draft we didn’t have time to show on the last IETF meeting.
> 
> https://datatracker.ietf.org/doc/draft-unyte-netconf-udp-notif-dtls/ <https://datatracker.ietf.org/doc/draft-unyte-netconf-udp-notif-dtls/>
> 
> This draft defines a mechanism to secure UDP-notif protocol messages using DTLS 1.3. 
> It defines the different layers involved, the DTLS session lifecycle and the mandatory cipher suites to use. It also explicits that no extensions of DTLS are needed and that IP fragmentation should be avoided.
> We would like to have some feedback for this draft.
> 
> We will present the draft to the WG on the next IETF meeting.
> 
> Looking forward to hearing from you,
> 
> Alex Huang Feng

> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

[netconf] Securing UDP-notif messages with DTLS Zmail
Re: [netconf] Securing UDP-notif messages with DT… Jürgen Schönwälder
Re: [netconf] Securing UDP-notif messages with DT… Zmail
Re: [netconf] Securing UDP-notif messages with DT… Kent Watsen
Re: [netconf] Securing UDP-notif messages with DT… Pierre Francois
Re: [netconf] Securing UDP-notif messages with DT… Jürgen Schönwälder
Re: [netconf] Securing UDP-notif messages with DT… Pierre Francois
Re: [netconf] Securing UDP-notif messages with DT… Benoit Claise
Re: [netconf] Securing UDP-notif messages with DT… Pierre Francois