[Rift] draft update after today's interim (last nonce corner case discussions) ...

Tony Przygienda <tonysietf@gmail.com> Thu, 06 June 2019 18:26 UTC

Return-Path: <tonysietf@gmail.com>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5217412011B for <rift@ietfa.amsl.com>; Thu, 6 Jun 2019 11:26:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id DsbZqB03Hlve for <rift@ietfa.amsl.com>; Thu, 6 Jun 2019 11:26:27 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 430561200B9 for <rift@ietf.org>; Thu, 6 Jun 2019 11:26:27 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id a8so4706852edx.3 for <rift@ietf.org>; Thu, 06 Jun 2019 11:26:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=skb3KZeVl5o+tZg9VXG8bIgpWsgPmqDKdkay4olyzSM=; b=hf2hGu3uPgphHaxVLVTXPW4artPLdqwZLglHPG8k2Ni5ufPzIo5lG/mpjzaLovnRby ccKVYsx9ZJ8AI2Ikcm6Xemksqw3YTOMx6J5ME/UPWAwS6pHlOV16DYwngPZi7K2jOed2 o1yBSowOIEd2NjTLlRH1mY0b15nYRAblD/WodObh2dm6bBkGmADa3vTlnPmQy4rmsGIG W3TPtnPv1cZ5b2g5I/v386U2N2TRIado2EmSKRGEB1tpfAqtZ3SPbYPQBS1OXqq/j/5k jrrEokOz3gQnuJI0SwTwdCrjiE4GhoRuOCDQwpaWfecUXyh2nLul2h/gqR6cizvNb76Y 5F0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=skb3KZeVl5o+tZg9VXG8bIgpWsgPmqDKdkay4olyzSM=; b=WXc4NH66vEdCFjlYw0vnND9GwWN9axRYAKTHuqB/WLHf4CkJcxG9Kgack0yJ9u5ZcS e6Zcd44eY37XCCopztwkqKzmXLh9MVf9/MKcmuZxfF0jrslURpcLPpECR/4dBJ3AvIuf FdSylEH83UtG/D9oPLZX3+dsc8qqumFk8t3MFLod/ZeEsjUU+DUS7h4kQTU4yDujxN+9 ktotFc7Tas0rOt5kA7WtHZSXLaiHLkqHb1A5x4lO7O0MKYx128bfke8zy4BNdsBRjOUz eQa1OJ8zZ/tcxSCnaT4iBaYj+W3lHshYMtaAn9IXeUgQILE+x7+jbx+6VVzw+HGbKthB QO7A==
X-Gm-Message-State: APjAAAVsLRX5fyqpEQpPdzuKr0WeFpR8DTXmgrr4rXEDWp1yQj5LBmzc /BZSSZNaU8z+osUHg04vKN9/r7P9krYXclzpIY9x3wijxlY=
X-Google-Smtp-Source: APXvYqwQxb6a+e0KBnUjpa4ROXbepHvzrGPF+pAL+aa6f6S2fXo6WYsa43cuIFWeZnSW03vCb6la7czrNuuivhcFZmE=
X-Received: by 2002:a50:b87c:: with SMTP id k57mr12894949ede.226.1559845585791; Thu, 06 Jun 2019 11:26:25 -0700 (PDT)
MIME-Version: 1.0
From: Tony Przygienda <tonysietf@gmail.com>
Date: Thu, 6 Jun 2019 11:25:49 -0700
Message-ID: <CA+wi2hPOoLDPy2k6KX=5cOvGKHei=sN7eUPfu+Qeqwiy8qXrdg@mail.gmail.com>
To: rift@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000bad7d058aabdac1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/elbx7dNLo9jZMM69wwdacqsr3Gs>
Subject: [Rift] draft update after today's interim (last nonce corner case discussions) ...
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 18:26:29 -0000

After today's discussion in the interim (and Bruno's detailed thread on
security) here's the update to draft that should resolve all outstaning
comments and insight from implementation

5.4.3.  Security Envelope

   RIFT MUST be carried in a mandatory secure envelope illustrated in
   Figure 31.  *Any value in the packet following a security fingerprint
   MUST be used only after the according fingerprint has been validated.*

   Local configuration can *MAY* allow to skip the checking of the envelope's

*This should address the outstanding issue of whether nonces can be
used before security envelope is validated*
Any implementation including RIFT security MUST generate and wrap
   around local nonces properly.  *When a nonce increment leads to
   `undefined_nonce` value the value SHOULD be incremented again

*That should resolve the comment on nonce rollback. *

   As a necessary exception, an implementation MUST advertise
   `undefined_nonce` for remote nonce value when the FSM is not in 2-way
   or 3-way state and accept an `undefined_nonce` for its local nonce
   value on packets in any other state than 3-way.

   *As optional optimization, an implemenation MAY send one LIE with
   previously negotiated neighbor's nonce to try to speed up a
   neighbor's transition from 3-way to 1-way and MUST revert to sending
   `undefined_nonce` after that.*

5.4.5.  Lifetime

   Protecting lifetime on flooding can *may* lead to excessive number of
   security fingerprint computation and hence an application generating
   such fingerprints on TIEs SHOULD *MAY* round the value down to the next
   `rounddown_lifetime_interval` defined in the schema when sending
   TIEs. *TIEs
   albeit such optimization in presence of security hashes over
   advancing weak nonces may not be feasible.*

*This describes optimization to shut down neighbor faster (helpful in
ZTP) and the other text is a consideration how much recomputation of
security envelopes can we really save on rounding up lifetimes and
having 'weak nonces'*

*I also looked @ the expired OSPF karp, it's clever but it's a new
protocol to negotiate and I didn't see any treatement of
losses/reordering which IMO will force it towards equivalent of 'weak
nonces' and with that make*

*it equivalent of what we have in RIFT already *

*So, please comments ...*

*--- tony *