IETF Logo Mail Archive

Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 12 July 2021 20:24 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 385453A08F3; Mon, 12 Jul 2021 13:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wONf5XBQsYyh; Mon, 12 Jul 2021 13:24:02 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DC113A08E2; Mon, 12 Jul 2021 13:24:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4GNwG95hJ8z1nttV; Mon, 12 Jul 2021 13:24:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1626121441; bh=/Tl97KKfWdBq7js84ZHr+kauYitAZFUx5x0edWqv+i8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=aV7Qf3KLqjt/97zCR2CoRetvGgig/Sx9UUTkdtjxzE1HkJnQ8itIFMuR1+6U8ZDH0 3MgPDUj96nMsBTGjRkiq0YytotSbHdoo9c1QdfnIsi3FvUnMa/bYjMaLF4wx9dp+sK 0otXYk6Fgp0aD5zQ35LPL47HSd4c/GySToxVv+fw=
X-Quarantine-ID: <5EfaaaFbvNAH>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.64] (50-233-136-230-static.hfc.comcastbusiness.net [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4GNwG80MjKz1nsvf; Mon, 12 Jul 2021 13:23:59 -0700 (PDT)
To: Alvaro Retana <aretana.ietf@gmail.com>, The IESG <iesg@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: gregimirsky@gmail.com, draft-ietf-sfc-nsh-integrity@ietf.org, sfc@ietf.org
References: <162611498183.7775.3562397379733537345@ietfa.amsl.com> <f5961690-4496-7f85-74ca-f3705d5a1c2e@joelhalpern.com> <CAMMESszF+jc7WKkAwmzAFs0A7bsDqXJKA3p5+cyexdU3fvNnDQ@mail.gmail.com> <1a5ae768-bf12-6d94-819c-7923e1f816ee@joelhalpern.com> <CAMMESsxJ1F90ro=_Gjszys3E86f4YgRQ49ofGGOoAyDJ8EFL8w@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <4448fbc9-5f24-9995-ccf5-cd7c9035f69a@joelhalpern.com>
Date: Mon, 12 Jul 2021 16:23:57 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAMMESsxJ1F90ro=_Gjszys3E86f4YgRQ49ofGGOoAyDJ8EFL8w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/-EiUSkdvsCrVfWMIXdM-ASdTfjw>
Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 20:24:08 -0000

I am not at all sure I understand you.

If youa re not arguing that this is somehow mandatory, then maybe you 
are arguing that this changes the security considerations in 8300 about 
transport.  It doesn't.  If it did, then yes, it would indeed update 
8300.  But the working group did not try to modify the transport 
requirements from 8300.  Maybe someone will at some point.  But this 
document doesn't.

If you want it marked "updates" anyway, then I want a strong assurance 
from the IESG that some other AD won't turn around and tell us to remove 
the "updates" tag since the document makes no change to 8300.  With that 
assurance, sure, we can give you a useless "updates" tag.

Yours,
Joel


On 7/12/2021 4:08 PM, Alvaro Retana wrote:
> Hi!
> 
> I meant the discussion about this draft formally Updating rfc8300 — 
> which I would have hopped happened when processing/discussing this 
> document (not before).
> 
> I’m assuming that discussion never happened.
> 
> 
> BTW, I’m not asking for the new mechanism to be MTI — the current text 
> (at least to me) reads as if it is not.  I’m ok with that.  [IOW, an 
> Update to rfc8300 would “inherit” that characteristic.]
> 
> Alvaro.
> 
> On July 12, 2021 at 3:37:51 PM, Joel M. Halpern (jmh@joelhalpern.com 
> <mailto:jmh@joelhalpern.com>) wrote:
> 
>> Depending upon what you mean, either
>>
>> 1) The discussion never happened, because the action was not suggested.
>>
>> or, with a longer view
>>
>> 2) The discussion happened when 8300 was being approved. We agreed with
>> the IESG that we would not define a mandatory-to-implement NSH security
>> mechanism, but that we would add an optional NSH security mechanism.
>> Which this draft does.
>>
>> Yours,
>> Joel
>>
>> On 7/12/2021 3:29 PM, Alvaro Retana wrote:
>> > Joel:
>> >  
>> > Hi!
>> >  
>> > I guess I missed where that discussion happened — probably buried in one  
>> > of the threads.  Can you please point me to it?
>> >  
>> > Thanks!
>> >  
>> > Alvaro.
>> >  
>> > On July 12, 2021 at 3:23:28 PM, Joel M. Halpern (jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>
>> > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>) wrote:
>> >  
>> >> I find your description of this as a "required update to 8300" rather
>> >> odd. The working group did not agree to make implementation of this
>> >> mandatory for 8300. That would, indeed, be an update to 8300. This is
>> >> just another feature that can be used with NSH. A useful feature.
>> >>
>> >> The security considerations do give lots of reasons to do this. But that
>> >> is not the same as making it "required" for all implementations of 8300.
>> >>
>> >> Yours,
>> >> Joel
>> >>
>> >> On 7/12/2021 2:36 PM, Alvaro Retana via Datatracker wrote:
>> >> > Alvaro Retana has entered the following ballot position for
>> >> > draft-ietf-sfc-nsh-integrity-06: No Objection
>> >> >   
>> >> > When responding, please keep the subject line intact and reply to all
>> >> > email addresses included in the To and CC lines. (Feel free to cut this
>> >> > introductory paragraph, however.)
>> >> >   
>> >> >   
>> >> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html 
>> <https://www.ietf.org/iesg/statement/discuss-criteria.html>
>> >> <https://www.ietf.org/iesg/statement/discuss-criteria.html 
>> <https://www.ietf.org/iesg/statement/discuss-criteria.html>>
>> >> > for more information about DISCUSS and COMMENT positions.
>> >> >   
>> >> >   
>> >> > The document, along with other ballot positions, can be found here:
>> >> > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ 
>> <https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/>
>> >> <https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ 
>> <https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/>>
>> >> >   
>> >> >   
>> >> >   
>> >> > ----------------------------------------------------------------------
>> >> > COMMENT:
>> >> > ----------------------------------------------------------------------
>> >> >   
>> >> >   
>> >> > (1) Given the required behavior specified in the Security Considerations
>> >> > section...
>> >> >   
>> >> >     NSH data are exposed to several threats:
>> >> >   
>> >> >     o  A man-in-the-middle attacker modifying the NSH data.
>> >> >   
>> >> >     o  Attacker spoofing the NSH data.
>> >> >   
>> >> >     o  Attacker capturing and replaying the NSH data.
>> >> >   
>> >> >     o  Data carried in Context Headers revealing privacy-sensitive
>> >> >        information to attackers.
>> >> >   
>> >> >     o  Attacker replacing the packet on which the NSH is imposed with a
>> >> >        bogus packet.
>> >> >   
>> >> >     In an SFC-enabled domain where the above attacks are possible, (1)
>> >> >     NSH data MUST be integrity-protected and replay-protected, and (2)
>> >> >     privacy-sensitive NSH metadata MUST be encrypted for confidentiality
>> >> >     preservation purposes.  The Base and Service Path headers are not
>> >> >     encrypted.
>> >> >   
>> >> > Why doesn't this document formally update rfc8300?  Concerns that eventually
>> >> > led to this solution have been expressed for several other documents, including
>> >> > rfc8459 and rfc8979.
>> >> >   
>> >> > It looks like the WG didn't consider the question of Updating the base NSH
>> >> > specification.  I believe that this document specifies a required update to
>> >> > NSH, and would like the WG to consider formally Updating rfc8300.  [My search
>> >> > of the archive didn't find any related discussion -- did I miss it?]
>> >> >   
>> >> > [Even though I consider this omission a serious oversight, I don't think this
>> >> > issue raises to the level of a DISCUSS.]
>> >> >   
>> >> > (2) §3: I find the use of normative language to describe requirements (that are
>> >> > met in this same document) not the best use of rfc2119 language because any
>> >> > interoperability concerns would result from the specification itself and not
>> >> > the requirements.
>> >> >   
>> >> > The use of rfc2119 keywords to describe requirements may result in confusion.
>> >> > For example, "The solution MAY provide integrity protection for the Base
>> >> > Header." -- as described later, protecting the Base Header is optional, but the
>> >> > solution *does* provide integrity protection for it.  IOW, the specification is
>> >> > what is reflected in the requirement, but referring to the solution, not the
>> >> > protection: providing integrity protection is not optional, using it is.  A
>> >> > better working would be: "The solution must provide optional integrity
>> >> > protection for the Base Header."
>> >> >   
>> >> >   
>> >> >   
>> >> > _______________________________________________
>> >> > sfc mailing list
>> >> > sfc@ietf.org <mailto:sfc@ietf.org> <mailto:sfc@ietf.org 
>> <mailto:sfc@ietf.org>>
>> >> > https://www.ietf.org/mailman/listinfo/sfc 
>> <https://www.ietf.org/mailman/listinfo/sfc>
>> >> <https://www.ietf.org/mailman/listinfo/sfc 
>> <https://www.ietf.org/mailman/listinfo/sfc>>
>> >> >   
>> >  
>> > _______________________________________________
>> > sfc mailing list
>> > sfc@ietf.org <mailto:sfc@ietf.org>
>> > https://www.ietf.org/mailman/listinfo/sfc 
>> <https://www.ietf.org/mailman/listinfo/sfc>
>> >  
> 
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc
>

v2.23.0 | Report a Bug | By Email