IETF Logo Mail Archive

Re: [Pals] Stephen Farrell's No Objection on draft-ietf-pwe3-iccp-stp-04: (with COMMENT)

Mick Seaman <mickseaman@sbcglobal.net> Tue, 27 October 2015 16:23 UTC

Return-Path: <mickseaman@sbcglobal.net>
X-Original-To: pals@ietfa.amsl.com
Delivered-To: pals@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A09A1A92E7 for <pals@ietfa.amsl.com>; Tue, 27 Oct 2015 09:23:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qg8LSslPHY1t for <pals@ietfa.amsl.com>; Tue, 27 Oct 2015 09:23:16 -0700 (PDT)
Received: from nm26-vm6.access.bullet.mail.gq1.yahoo.com (nm26-vm6.access.bullet.mail.gq1.yahoo.com [216.39.63.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 939561A92FD for <pals@ietf.org>; Tue, 27 Oct 2015 09:23:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s2048; t=1445962990; bh=ef7mTHriBtqVPbcBKaFZj5JkRl1Q5psbixnkaLB9CcM=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=a91xxRDsSdyd4J7cNiUEXMlxXLH4Y9Kb58Oizds0iJMClTbPkdN0rLRjfS0oH0MGBrLXSrt0rjNg1gJvEb9mb5DIPboFLudw2svFvJRn9Wb7qujZr/HczMPTHgfmBYQvlDgCKu71J2/cFgtjHAjVSLBjGQy09n9+iYs5fmn8C+Bzqf1XxQxXuQzE2JWBeDYu3vPqovDaaPkVKrS7xg70apFzhkfWHtR14bWPyGu+lEnxYSeJsl9eiFwM0ugkB6RlD/+Ixhwss2X82ijI1bPddelFL4q4ulA4fpzOytEaG1Ui59DucupkwXBCfJxE24ljDE83Vev0nE0X84Z1jKFm4Q==
Received: from [216.39.60.170] by nm26.access.bullet.mail.gq1.yahoo.com with NNFMP; 27 Oct 2015 16:23:10 -0000
Received: from [67.195.22.113] by tm6.access.bullet.mail.gq1.yahoo.com with NNFMP; 27 Oct 2015 16:23:10 -0000
Received: from [127.0.0.1] by smtp115.sbc.mail.gq1.yahoo.com with NNFMP; 27 Oct 2015 16:23:10 -0000
X-Yahoo-Newman-Id: 899170.43629.bm@smtp115.sbc.mail.gq1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: K7y4GRAVM1nUKafw13MjZKwoRvMUwsdb93EX0LXLAo6TFrj mIF7rmUtSnqTIFtvMRjdJOctcpO_lT.ZRauiR3OFp2UkLN5_OfRVpOtdvftv w8O_MWjTX4izwIGjm9sf8HS3nEtKw7lPDcht4Q8pH6kKH.Ebh.J_jv2iHOsS 4eHqdax76SYrJe4yfKoaFLTsMLH4N1rOQKeFFOwqba0hDbgMH7l0Dg62C2iG WFWbftjxNOIS.JSmQkmBUR.A_9K7QlezTYFMYIDAbD1x2KqD_sZiwGjuLxRx 9G7kOhcwYUe4Nvd.3jvDvielw2XAdpo_u1hgVquM.5e78ZKlUAd41KVa03rS MqS26TK4_aRfPfVVTfXU1arOgQmVqCdM9e6JsM5PQBqpyPhgybkblRIJhfHF CRGzApvoGjHUjCsM0LO1KI.kmQL8Po9L_70c79LS2Q6f76jRwmGJLiigPiCJ 305_39a_HVQxI8IbF3e_Zj1b1qI5s8OcLQ0xxGaXVXJaXooxCLYMEEqDVUhY 9gZY.SY8UB8fkcZ2SxHlFoXqfO9VN8nIc9doCZpCp8Hrg91yk_W5yj_w-
X-Yahoo-SMTP: AR5_vwuswBBBxttajAdmA6MrHv2fOmL0PL2m9ko1TKipiHmVNQ--
To: "Andrew G. Malis" <agmalis@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20150930131025.18397.72483.idtracker@ietfa.amsl.com> <4552F0907735844E9204A62BBDD325E78720B6E3@nkgeml512-mbx.china.huawei.com> <56179249.6040108@cs.tcd.ie> <4552F0907735844E9204A62BBDD325E78720BCF6@nkgeml512-mbx.china.huawei.com> <4552F0907735844E9204A62BBDD325E78720FDC7@nkgeml512-mbx.china.huawei.com> <562F9204.5000303@cs.tcd.ie> <CAA=duU1e4hnr=D6ptCHNQHBmELYvodwXEL326hcYrXAmhKB-TQ@mail.gmail.com>
From: Mick Seaman <mickseaman@sbcglobal.net>
Message-ID: <562FA4EC.3060501@sbcglobal.net>
Date: Tue, 27 Oct 2015 09:23:08 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CAA=duU1e4hnr=D6ptCHNQHBmELYvodwXEL326hcYrXAmhKB-TQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------050305050100000103050304"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pals/bKp8TdQywtehPb800S4UG1W4aI0>
Cc: Mingui Zhang <zhangmingui@huawei.com>, "pals-chairs@ietf.org" <pals-chairs@ietf.org>, The IESG <iesg@ietf.org>, "pals@ietf.org" <pals@ietf.org>
Subject: Re: [Pals] Stephen Farrell's No Objection on draft-ietf-pwe3-iccp-stp-04: (with COMMENT)
X-BeenThere: pals@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Pseudowire And LDP-enabled Services dicussion list." <pals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pals>, <mailto:pals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pals/>
List-Post: <mailto:pals@ietf.org>
List-Help: <mailto:pals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pals>, <mailto:pals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 16:23:19 -0000

I (personal opinion) agree with Andy with regard to has function change 
probability. The use of HMAC-MD5 in 802.1Q is as a hash/digest of data 
to confirm (to an acceptable level of probability that the input data 
that two parties hold is the same, without any view as to the presence 
of malicious parties - security is handled quite separately from this). 
To be honest in retrospect we might just as well have used a CRC: 
security functions aren't magic dust. It's a common misconception that a 
hashing function that has desirable security properties (an attacker 
don't know how to change hash if data is changed, doesn't know how to 
change data to match a different hash value)  necessarily has better 
hash properties in the sense it distributes the results of input data 
more evenly over the set of output hash data values. I have no reason to 
suppose that SHA-256 would be 'better'/significantly different in terms 
of the use of HMAC-MD5 in 802.1Q-2014.

Mick Seaman

On 10/27/2015 8:41 AM, Andrew G. Malis wrote:
> Stephen,
>
> As WG co-chair, I view this as a low-probability event that can be 
> fixed by a revision to the RFC if it becomes necessary.
>
> Thanks,
> Andy
>
> On Tue, Oct 27, 2015 at 11:02 AM, Stephen Farrell 
> <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote:
>
>
>     Hi,
>
>     Sorry for the very slow response.
>
>     On 16/10/15 02:26, Mingui Zhang wrote:
>     > Hi Stephen,
>     >
>     > We haven't heard from you. Could you confirm whether the explanation is acceptable?
>
>     I guess its acceptable, but maybe brittle, if the IEEE folks
>     revise their stuff to use a different hash function. From their
>     point of view that's a much smaller change than changing the
>     size of MAC addresses. I'd say best would be if we did not
>     have a fixed length, but rather said the length depends on
>     the hash function being used. (I forget if that means you'd
>     need a length field or algorithm identifier in your protocol.)
>
>     S.
>
>
>
>     >
>     > Thanks,
>     > Mingui
>     >
>     >> -----Original Message-----
>     >> From: Pals [mailto:pals-bounces@ietf.org
>     <mailto:pals-bounces@ietf.org>] On Behalf Of Mingui Zhang
>     >> Sent: Saturday, October 10, 2015 9:32 AM
>     >> To: Stephen Farrell; The IESG
>     >> Cc: pals-chairs@ietf.org <mailto:pals-chairs@ietf.org>;
>     agmalis@gmail.com <mailto:agmalis@gmail.com>; pals@ietf.org
>     <mailto:pals@ietf.org>
>     >> Subject: Re: [Pals] Stephen Farrell's No Objection on
>     draft-ietf-pwe3-iccp-stp-04:
>     >> (with COMMENT)
>     >>
>     >> Hi Stephen,
>     >>
>     >> Yes, it assumes a certainly length.
>     >> I think this issue is similar as the EUI-64 issue: currently,
>     the document
>     >> assumes a traditional 48-bit MAC addresses are used, which is
>     in consistence
>     >> with RFC 7275.
>     >>
>     >> When I compared 802.1q-2005 and 802.1q-2014. I found all
>     references related
>     >> to 802.1q in the document are not changed. If such kind of
>     changes do happen
>     >> in the future, they could be and should be handled in the next
>     protocol version
>     >> of the STP-ICCP application, I think.
>     >>
>     >> Does it make sense?
>     >>
>     >> Thanks,
>     >> Mingui
>     >>
>     >>> -----Original Message-----
>     >>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie
>     <mailto:stephen.farrell@cs.tcd.ie>]
>     >>> Sent: Friday, October 09, 2015 6:09 PM
>     >>> To: Mingui Zhang; The IESG
>     >>> Cc: pals-chairs@ietf.org <mailto:pals-chairs@ietf.org>;
>     agmalis@gmail.com <mailto:agmalis@gmail.com>; pals@ietf.org
>     <mailto:pals@ietf.org>
>     >>> Subject: Re: [Pals] Stephen Farrell's No Objection on
>     >> draft-ietf-pwe3-iccp-stp-04:
>     >>> (with COMMENT)
>     >>>
>     >>>
>     >>>
>     >>> On 09/10/15 03:54, Mingui Zhang wrote:
>     >>>> Hi Stephen,
>     >>>>
>     >>>> 802.1q uses hmac-md5. This still holds in the latest version of
>     >>>> 802.1q.
>     >>>>
>     >>>> I agree that sha256 could be used to enhance the security.
>     However,
>     >>>> I think that kind of enhancement is out the scope of this
>     document
>     >>>> and should be discussed in 802.1q.
>     >>>
>     >>> Of course. But if they do that, and make a change what is the
>     impact
>     >>> here is my question. (I didn't re-read the doc, but was this
>     one where
>     >>> it assumes a certainly length or something?)
>     >>>
>     >>> S
>     >>>
>     >>>>
>     >>>> Thanks, Mingui
>     >>>>
>     >>>>> -----Original Message----- From: Pals
>     >>>>> [mailto:pals-bounces@ietf.org
>     <mailto:pals-bounces@ietf.org>] On Behalf Of Stephen Farrell Sent:
>     >>>>> Wednesday, September 30, 2015 9:10 PM To: The IESG Cc:
>     >>>>> pals-chairs@ietf.org <mailto:pals-chairs@ietf.org>;
>     agmalis@gmail.com <mailto:agmalis@gmail.com>; pals@ietf.org
>     <mailto:pals@ietf.org> Subject:
>     >>>>> [Pals] Stephen Farrell's No Objection on
>     >>>>> draft-ietf-pwe3-iccp-stp-04: (with COMMENT)
>     >>>>>
>     >>>>> Stephen Farrell has entered the following ballot position for
>     >>>>> draft-ietf-pwe3-iccp-stp-04: No Objection
>     >>>>>
>     >>>>> When responding, please keep the subject line intact and
>     reply to
>     >>>>> all email addresses included in the To and CC lines. (Feel
>     free to
>     >>>>> cut this introductory paragraph, however.)
>     >>>>>
>     >>>>>
>     >>>>> Please refer to
>     >>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>     for more
>     >>>>> information about IESG DISCUSS and COMMENT positions.
>     >>>>>
>     >>>>>
>     >>>>> The document, along with other ballot positions, can be found
>     >>>>> here: https://datatracker.ietf.org/doc/draft-ietf-pwe3-iccp-stp/
>     >>>>>
>     >>>>>
>     >>>>>
>     >>>>>
>     -------------------------------------------------------------------
>     >>>>> --
>     >>>>> -
>     >>>>>
>     >>>>>
>     >>> COMMENT:
>     >>>>>
>     -------------------------------------------------------------------
>     >>>>> --
>     >>>>> -
>     >>>>>
>     >>>>>
>     >>>>>
>     >>>>>
>     >>> - 3.3.5: is that a hard-coded sha1 or md5? if so, why is that
>     ok? what
>     >>> if 802.1q
>     >>>>> is fixed/improved e.g. to use sha256?
>     >>>>>
>     >>>>>
>     >>>>> _______________________________________________ Pals mailing
>     list
>     >>>>> Pals@ietf.org <mailto:Pals@ietf.org>
>     https://www.ietf.org/mailman/listinfo/pals
>     >> _______________________________________________
>     >> Pals mailing list
>     >> Pals@ietf.org <mailto:Pals@ietf.org>
>     >> https://www.ietf.org/mailman/listinfo/pals
>     >
>
>
>
>
> _______________________________________________
> Pals mailing list
> Pals@ietf.org
> https://www.ietf.org/mailman/listinfo/pals

v2.23.0 | Report a Bug | By Email