IETF Logo Mail Archive

Re: [secdir] [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04

"MORTON JR., AL" <acmorton@att.com> Sun, 19 March 2023 21:08 UTC

Return-Path: <acmorton@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B825C14CE44; Sun, 19 Mar 2023 14:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.596
X-Spam-Level:
X-Spam-Status: No, score=-2.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EhQ6Fe4DVZ82; Sun, 19 Mar 2023 14:08:47 -0700 (PDT)
Received: from mx0b-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7665CC14CF09; Sun, 19 Mar 2023 14:08:44 -0700 (PDT)
Received: from pps.filterd (m0288868.ppops.net [127.0.0.1]) by m0288868.ppops.net-00191d01. (8.17.1.19/8.17.1.19) with ESMTP id 32JHeMPG024217; Sun, 19 Mar 2023 17:08:43 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0288868.ppops.net-00191d01. (PPS) with ESMTPS id 3pd95awdkt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 19 Mar 2023 17:08:42 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 32JL8f3I004572; Sun, 19 Mar 2023 17:08:42 -0400
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [135.47.91.93]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 32JL8d4D004541 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 19 Mar 2023 17:08:39 -0400
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [127.0.0.1]) by zlp30488.vci.att.com (Service) with ESMTP id BAF4140002BB; Sun, 19 Mar 2023 21:08:39 +0000 (GMT)
Received: from GAALPA1MSGEX1CB.ITServices.sbc.com (unknown [135.50.89.109]) by zlp30488.vci.att.com (Service) with ESMTP id 7B7B040002AB; Sun, 19 Mar 2023 21:08:39 +0000 (GMT)
Received: from GAALPA1MSGEX1CC.ITServices.sbc.com (135.50.89.110) by GAALPA1MSGEX1CB.ITServices.sbc.com (135.50.89.109) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Sun, 19 Mar 2023 17:08:39 -0400
Received: from GAALPA1MSGETA03.tmg.ad.att.com (144.160.249.125) by GAALPA1MSGEX1CC.ITServices.sbc.com (135.50.89.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Sun, 19 Mar 2023 17:08:33 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.170) by edgeal.exch.att.com (144.160.249.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Sun, 19 Mar 2023 17:08:28 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A3fL9dMqoZIVyTKokBfodfeRHTKHr0SGWR+1pX3+o27ktiaoO3VtaYwqpWbAYI7IbMxbnwozfGfcDtpYT1MFHgVU/wvL+/Q0YtCXZ503l6renlmSxKMamn8E3mhJoixmSnoQNkjHCG663tt9KdwLDlAYGHA7BYihrudCCiw/xNafVHltBwfn8gjInNlxYUkOOJPa7viJnkG3W9wI+UxEjmDPVlHZ51hp+/ThkGOS8yLAgSrp2YhbaUsNHFRWsDRK7O8Fl0TiX/2W/Wn5fyWJsOjfw1oBVAkkYQKJizpd3uCSBi62DqI7yNzrla1VhONkfQR8yxcNnyfUPzr1JicbzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zbGiSCXdNUJPUe7G8KOgnRBRuY96izVZuziV90gfXr8=; b=DdnPN3GF9TA9hVWvw0ZH/cEz8vy18RXWbFNXteDvG+CkfPQIJuWV6D9kin7GGgo+P0VHvpZEi2tf9mvcfCRZSNHBRupQ/dVSaeBSyZAvAGZCtkqEtxKE8OjfvdvQZ5X1WK+WX1rD2m71nzBKr/aKWm58Mx8A+W+J3zgySVdL7ceRrCXnX5TwBqUC0xxs5pJLbcQ6NbCYQR0HsLIVsh2OqPw9z4VwPx5xgMN5lMeuTGSmZaTGXW9uJ8CBLkAECpvWyi0wFGMH9Lu8Z+5I4ErTr4Ld+qkgh4/SaFHr/nkCOtVUS8/r4o7LxXKcjoM5Rv93ihnyx5/35TK9oPK/y+Iryw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zbGiSCXdNUJPUe7G8KOgnRBRuY96izVZuziV90gfXr8=; b=B7JvVhmHpHaKR2KxtX2/A71f6ieC3X7ZElbRm1CcwMVNLd8+nqzRfVJF/BalxslgUNsINNEAidktrwoo73U8JSUgx2Rdei/e39dMoGC5yPUqzOvEzPZh8+gDh/2zxHqsNhHIa2w+MM7uJ8rXKlvyOOsA0wRDpZr5MBz08ixWFpU=
Received: from CH0PR02MB7980.namprd02.prod.outlook.com (2603:10b6:610:105::17) by SA2PR02MB7706.namprd02.prod.outlook.com (2603:10b6:806:14c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.37; Sun, 19 Mar 2023 21:08:25 +0000
Received: from CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::d86f:705f:92d6:1434]) by CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::d86f:705f:92d6:1434%3]) with mapi id 15.20.6178.037; Sun, 19 Mar 2023 21:08:25 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: Brian Weis <bew.stds@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-ippm-capacity-protocol.all@ietf.org" <draft-ietf-ippm-capacity-protocol.all@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04
Thread-Index: AQHZTuzbYBLPZe9D0kiW5s+CN9dy268Crwag
Date: Sun, 19 Mar 2023 21:08:25 +0000
Message-ID: <CH0PR02MB79807F2F36C90E0C668CF04DD3839@CH0PR02MB7980.namprd02.prod.outlook.com>
References: <167797065961.46817.5654760092907121117@ietfa.amsl.com>
In-Reply-To: <167797065961.46817.5654760092907121117@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR02MB7980:EE_|SA2PR02MB7706:EE_
x-ms-office365-filtering-correlation-id: 64714e15-eedc-4487-a37e-08db28be1489
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YDyclUogm738w1KKEeRCR2q+Av59RV7Q7ER1LCjmAkWxSep6OBTe3mSF29DQrs1b4hZz2UVX3NXUtBKOA7MwW+zauvGEC8TzW3kb54Jg7vyN8cIGPdK0svz4EM/HxWd2vVncz4M5yqZpF5HsnH9QhRiwMKV2Q5MwotllFvO9lVgCaOxBwYSDEmcDE57+cwCx+1co2CgCRbcO7d7+dgC/3JRrB2teoA02Utsha9Zil7gSvs4FiBKvXzRgdyo3rarrfGXVs4wwjYkhFzrZfNkoz4XbwTh9nXBeOHMjOKSnTIiy3geVjyggAGP5H3UgFmo/I+/4rMoRFyLek2Ns6OP0bN6svOk1y+WMGip6P0KXSXsiR281EpBB8qTXP2DIAb4jO5jziRNGjxgCCZpieQ+gUI8ObfyzJhpL0RZXD+M4eTmsFXMP+crPju0cB8bJ4bHbASzq/v/bTifuXOK7TugJVdxyTQm3VLTjFi0AgTV2eJj5E0r1R5Huf/asr13xNE/9q94og1q/fZ4sDBnV63tyN1QL531nkOjNU1dSM7sVpnEhGzdVAiiFK2UwNcrSK3viMfJ54D8EWXGQwyr2o0hlvqtStWwH0Gtmvu5rvA5c/tebxHsxhVYqTIrHNZ+zPowjHjyzj8cXSA9QCh9HVeJ2LrR+jMRMk7GM77n6B1r3lHWbVhSN3xOjyFyeBC/qrgcE
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR02MB7980.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(376002)(366004)(136003)(396003)(346002)(39860400002)(451199018)(7696005)(33656002)(71200400001)(86362001)(478600001)(966005)(316002)(38070700005)(54906003)(110136005)(4326008)(66476007)(66446008)(64756008)(66946007)(76116006)(8676002)(66556008)(82202003)(186003)(26005)(6506007)(38100700002)(41300700001)(9686003)(82960400001)(53546011)(122000001)(5660300002)(52536014)(55016003)(8936002)(2906002)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: p0gy33gsfePbZovjWP1nREiYxGnDDgnwicxqUnot0n4IBE0nddxn0AnzpyvzlDOsrfvqn9ivQyhFHVAJj3RaxS+P2nT4Cu+3dtllv5aT7KXbyJN9C2argvxO/RqBLbpIBvLagW5oJuOy/gea/dYtuB/D9myvtA+YnoFyH4kQEGdSoeZrn4l7PVMVET1zafRhnP5Vnf6sFRrdhmBssr1XZ1Gwa7UU/VaSja7MsAF9xzfeQou5P7/PgPWTtf/wndk/w7NFUUCuJh4Pr1azl3fNddLZcf7SNVMiBsAyu0Ke9n7kKWa6F8FquVhVOCWeYJwaGx8Wy+3nz/BqaXUV58ztF2eXS63I+PIEyOQ9ob2MCt7Qs3ybVJvQNWOlYKG4JR0VGOl0Pw+UaKnI3uC8c49WxuNjglknd+m8UHy6zeoPnvYB8/RwjjzltEuHwRrbhUGNxssPQx7vhJefuDXkPNDN/OFe+oUmKVZfcIlNOTxFENZ2gz4lie/vItw69JLuym6fMmtCLGbp+dveRmwqtjdl4kzsTqVCoGmfH5DqHxnJ+L8vgprlaTHWgEryPTqLtS0cAJrveOU3fPYZaNrJHeis4gJTGnoU2BJKT28RItHqKDVlGurWDVherL1a3tBxWYbie0mSE5piwaaNExdFhTBeg2cwlYcLWknxxpUSf1v9tC2E4P/UtbGCzxQDPd7aJb/mKL89ScfuWbaL+fFJLi1eg1k2kpBUBmlfp1oZBdehcXVzlXEgc7AMqiB8OG1OPK94SpFkuanxeZVCmssL2xNmavuIERfWO+X3gbSxVSeargVanoMANRoDmVBw+uoOuXABiYgEJ68fvjiV4Jq76UwS9l3AZlpFB4cCS1zLqGLO+E1g/WL8KK9Kbeq1fwTKAMcE/CmZPh3A+eYAhtB8Wwz2IXZJJtAAxdZHrleOO8BQ4qUDi20fKTh/Ifi88TqZXueF63rzdrBDT26fL9b39iFq+bjJFNv8IfhGy97nq1MTA5HoDtkceX/0/OfrUSAd/El+Rb7SOWPS0Bh7IO4Tnyjx9UJ4zoPNan7xZ0TA3n0/5kGegwyWS6dAbk+hEF+SOP4slnq/h9WjQpCMg2cwAv7My93M3IwDFxqgpDO/wWxtQU6S6+nea1033WLhiPuKY/P9oXfy7srZXo7yUI7B2flOhvtPzpYheiZ6Cmy6MbUAZOkxIhnPoH+jta/4yGuqgoIeWsOE+RVZ74DiYEo8ngG5NTg4IN+3lFON78z18NHQJD4yIRQrVURcP9dBtcv2vXkVqKlRC8HrRsov/HBt4Lp01vA8+zK4JN1OgPogFyrz8KsoUHN5cNsC64Ow+JdENgCLEjHmbPL0yQXQxpjcw0S4Agnr1/QgM24NEwxCY+0g7qb8FFvv+n4eXKg2/QsicB/AMiKtaE9C0DODHvdKywbvzRryH0g8x+siALvs1nHtvgnO7gGvqrPJpUWlpksZAnpJJC/1dKLOPKZ9pLC+dZLbLKZRc7/OTmxvUfDuPMQuGwmBh0cn1Ljg6W5wLZ4xw/zqYsSLe/4H4BmL31l0osa+BBglq/3/pFZpVDBb06XAnME=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR02MB7980.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 64714e15-eedc-4487-a37e-08db28be1489
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2023 21:08:25.6362 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dzmi6r0Mf3gUjHlrejSZbJkww4Stxqo6pfr9+v70i0PQT8+O0iTdLQtWZU0yK0Rf
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR02MB7706
X-TM-SNTS-SMTP: 6D8D53BE5508E811A2D5EC95D7960BD9B0086CDA5C8BF97917B0EF07608102E72
X-Proofpoint-ORIG-GUID: fBbPyze-M16Wwk0-6ej8kooE5GcE2ocT
X-Proofpoint-GUID: fBbPyze-M16Wwk0-6ej8kooE5GcE2ocT
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-19_10,2023-03-16_02,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 malwarescore=0 adultscore=0 clxscore=1011 lowpriorityscore=0 phishscore=0 impostorscore=0 suspectscore=0 mlxlogscore=999 priorityscore=1501 mlxscore=0 bulkscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303150002 definitions=main-2303190180
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/kFL7-XkDwb8SdjLSjVhVuSkI8bM>
Subject: Re: [secdir] [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2023 21:08:51 -0000

Hi Brian,

Thanks for your reply on the second SEC-DIR early review!

We have summarized the topics for reply, below. Your review is appended.

Al and Len


# Key comments and replies for discussion:

> — The use of AES-GCM with a long-lived symmetric key (such as one
> on an RFC 7210 key chain) is not safe. ... (suggests a CBC mode) ...
and 
> — Unauthenticated encryption is generally seen as risky, so when...

Ok. We were attracted to the "authenticated encryption" aspect of GCM, but we can get that with AES-CCM too. The Initialization Vector (IV) will be generated by a pseudo-random generator with unique seed for each session, and have sufficient size to avoid duplication over the life of a long-lived key. The IV can be communicated in the clear, so we will.

> — Also, there are some additional parameters that need to determined
> to guarantee interoperability. For example, which octets are
> encrypted, if a partial block needs to be encrypted how is it padded
> out before encryption to make a full block, and requirements on IV
> generation (e.g., that is must be from a good quality random number
> generator).

We need to check if padding is needed for any of our PDUs, but the PDUs will be fixed size so it's a static fix.
We'll specify the IV generation method.



# Tension between Security and Measurement operation:

> — Section 5.1.1 doesn’t say the network addresses and headers are
> included in the digest. It’s generally good practice to include (them)...

Our test scope includes ISP Subscribers, so NAPT transversal is critical and precludes including the addresses.

> ... a valid message
> (e.g., Setup Request) can be extracted and placed in a different
> measurement flow that is not intended by the original sender. This is
> a substitution attack.

All of the IPPM test protocols are susceptible to the substitution attack, and there is no thorough mitigation that we know-of (including time in the digest is a partial mitigation).

Packet De-duplication, in DTLS and IPsec:
> This is generally seen as a feature for network
> encryption methods.
Right, but measurement systems expect to observe packet duplication when it occurs. A trade-off is required, and the primary goal is measurement.


# Edits and Nits:
We will take care of other requests for clarifications requested
- digest coverage
- MBZ definition
-  “Support for client-server authentication ….”.
- four Security modes, but encrypted tunnel makes five - becomes a paragraph
- mismatch

> -----Original Message-----
> From: ippm <ippm-bounces@ietf.org> On Behalf Of Brian Weis via Datatracker
> Sent: Saturday, March 4, 2023 5:58 PM
> To: secdir@ietf.org
> Cc: draft-ietf-ippm-capacity-protocol.all@ietf.org; ippm@ietf.org
> Subject: [ippm] Secdir early review of draft-ietf-ippm-capacity-protocol-04
> 
> Reviewer: Brian Weis
> Review result: Has Issues
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> General comments
> 
> (1) The guidance of what bytes are included in the SHA-256 calculation
> and result placed in the authDigest field might need some enhancement.
> 
> — Some places say that the authDigest field is zeroed (e.g., Section
> 4.2.2 ) and some says “The SHA-256 calculation SHALL cover all the
> preceding fields.”, which seems to omit the auhDigest field. I guess
> these aren't mutually exclusive statements, but it would be cleaner
> to have all of the description in one place so it is clear.
> 
> — Section 5.1.1 doesn’t say the network addresses and headers are
> included in the digest. It’s generally good practice to include
> more context into the digest calculation so that a valid message
> (e.g., Setup Request) can’t be extracted and placed in a different
> measurement flow that is not intended by the original sender. This is
> a substitution attack.
> 
> — If network addresses and headers aren’t included in the digest,
> then it will be important to describe why the substitution attack
> isn’t a threat. I understand that if NAT on the client that including
> it's network address is not possible, but there's still an issue.
> 
> — Note that the inclusion of authUnixTime with the receiver
> checking “acceptable immediacy” is only a partial mitigation for a
> substitution attack, since the receiver’s notion of “acceptable
> immediacy” is apparently quite long from an attacker's perspective
> “(+/- 2.5 minutes)” and any other message including this PDU sent
> fron an attacker (e.g., with different network headers) during this
> period will be acceptable to the receiver.  Reducing the window
> size won’t completely mitigate this attack either.
> 
> (2) There doesn’t seem to be a definition for the MBZ octets and
> remainder bits, or a description of their purpose. (I’m guessing
> it’s “must be zero” but even that should be defined for the reader.)
> 
> Specific comments
> 
> Section 4.2.4.
> 
> — The use of AES-GCM with a long-lived symmetric key (such as one
> on an RFC 7210 key chain) is not safe. The IV used by GCM is not a
> random IV such as used by some other modes of which you might be
> aware (e.g., CBC), but rather it is a counter that must NEVER
> repeat with that key. Ensuring no repeats is not operationally
> feasible for a key kept on a key chain. I.e., The counter must keep
> incrementing between packets, reliably stored over a reboot so that
> it isn't used again, and when the counter reaches the maximum value
> the key is not longer usable. I would recommend specifying CBC mode
> and a randomly chosen IV.
> 
> — Also, there are some additional parameters that need to determined
> to guarantee interoperability. For example, which octets are
> encrypted, if a partial block needs to be encrypted how is it padded
> out before encryption to make a full block, and requirements on IV
> generation (e.g., that is must be from a good quality random number
> generator).
> 
> — Unauthenticated encryption is generally seen as risky, so when
> encryption is included the the authDigest should also be used as
> it is in the other modes. Figure 2 should have both authDigest AND
> IV fields.
> 
> Section 4.2.5. This section mentions that DTLS is not useful because
> “The replay protection would remove duplicated packets and prevent
> transparent measurement of this impairment.”. IPsec will also
> transparently remove duplicate packets, and since TLS is based on
> TCP, which has duplicate segment protection, I would expect that
> the application would also never see duplicate measurement PDUs
> from TLS either. This is generally seen as a feature for network
> encryption methods.
> 
> Section 10. “Client-server authentication and integrity protection
> for feedback messages conveying measurements is REQUIRED.” Since
> one of the methods allows “unauthenticated mode for all messages”,
> I think this is meant to start with “Support for client-server
> authentication ….”. That is, the REQUIRED language means
> it must be implemented, but not used.
> 
> Nits
> 
> — Section 4.2 says “There are four security modes of operation”,
> which is also stated elsewhere, but there seems to actually be five.
> I understand that the fifth one is actually an external security
> mode that can be combined with one of the four modes (e.g.,
> “unauthenticated mode for all messages”) in the PDU. It might be
> clearer to take the fifth one out of the list and just make it a
> paragraph.
> 
> — Section 4.2.1 s/miss-match/mismatch/
> 
> 
> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ippm__;!!Bhd
> T!lLiKK4svDahYLFenpa6d7FQa-qA1f4ltd7wjaRx1S-YZCr9cEveGl5UOAc3B7KuEPYEWE3uif4c$

v2.23.0 | Report a Bug | By Email