IETF Logo Mail Archive

Re: [sfc] SFC Security

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Wed, 27 May 2020 16:52 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71A133A0F41 for <sfc@ietfa.amsl.com>; Wed, 27 May 2020 09:52:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=W+lrsH1y; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=kkaL6vIz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GV0rQ9AhlGur for <sfc@ietfa.amsl.com>; Wed, 27 May 2020 09:52:08 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64C363A07D4 for <sfc@ietf.org>; Wed, 27 May 2020 09:52:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2476; q=dns/txt; s=iport; t=1590598328; x=1591807928; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=b9uA1xZwdpzQiCslQVPMgVkTlxmwGOcgI+s/he0veWY=; b=W+lrsH1yL5m+x1Rs4ls16Kj1w88Dngt+m0xzXFtDpM8W6MkmrLgpJfH7 3SklB/zNHtETO7GNnw7B2n+e+8j/JD1z3lQKpMTl5wt2V+CofKhpnSDng Tgm3VZrvYiadLx21839ffDUMcB8WhE3gjLyEDSL/Q1zNPsN9Quhvq6HOn 4=;
X-Files: signature.asc : 873
IronPort-PHdr: 9a23:pQDDOx0CAde4yW2IsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxWFu6dvi1LNXYzf8/9ejazdtKWzEWAD4JPUtncEfdQMUhIekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutZVrfpn276SYfABO5Pg1wdaz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0RDO5HBPfrdb
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CNBwBKms5e/5RdJa1mHAEBAQEBAQcBARIBAQQEAQGCCoFQKSkHb1gvLIQlg0YDjRklmEKCUgNVBAcBAQEJAwEBGAsKAgQBAYREAoIWAiQ4EwIDAQELAQEFAQEBAgEGBG2FVwyFcwEBAQIBAQEQER0BASwLAQQLAgEGAkICAicLJQIEDgUOFIMEAYJLAw4gAQ6TB5BnAoE5iGF2gTKDAQEBBYFGQUKCZBiCBwcDBoE4gVOBEYlCHhqBQT+BEScMEIJNPoJnAQEDAYR1M4ItmTyJVpAhCoJUhBqCUoE+kDYdngiaQpAwg0kCBAIEBQIOAQEFgWoigVZwFTsqAYI+PhIYDZBAgSYBB4JEhRSFQnQ3AgYBBwEBAwl8jDsBAQ
X-IronPort-AV: E=Sophos;i="5.73,442,1583193600"; d="asc'?scan'208";a="500340214"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 May 2020 16:52:07 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 04RGq7C5001047 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 May 2020 16:52:07 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 27 May 2020 11:52:07 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 27 May 2020 11:52:06 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 27 May 2020 11:52:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jnvYhwuYCUIwN6U65V4QpKnIj/UnNC3GOPJyiAn3WatzwTNAIua2bTsq5lbzg0zdFMqQoBnq358PeQ+NRzL8pc3u/sZvhJua+Wp50i1PzJEl4EELW2euZreMRpQwsUE7NkeNQigqVSgcZSpJuYF7xDj2H8xRVVMAxlgho1MoN2nm+vbFyYR68VBDodeQRx4agdqZDbSoUYxwzbUCsjS+dIx7yXpx183An8nhF9ZpNBodpVTBLkchuZF0vEIKIPQHY1f10XuDYL/iQELF/vaqVEng6SAwZHtYB/IYuxt/0MjSvyUycpwSsA6rtGTOFkqLfMoZM2nZ1DKMnxLLS5KiFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q5yERRvw1KHYHQi93TfG9qoIlxUVRemV3M2R6cLbo5c=; b=goB60+F6x1KZ7Z7avmmHu1+0cnv5vLayVYb5qzJiNrVKspOu7EwECewNfYUSsdZVxFsoddSBqhIJ/cF8hwP+SxccB5Xfmv5r3q3oUhwoqSujNKE3xGXqB0cNlti/HmVZmWA2Xzzez5mbxJu5F3+nzrvQDBXE/M8jQzktD0HGcmo3MPfRPGDSTxeszowjwKyJpAHey4gNGs1ZMwAi83i30QSRkofp79VKAIrAO9Axsx68+WSDdKDV/7cLwfVTZ/wXS/Rl6U9fyid3R9p2FoKo9+aF0I5h0XmddKCwr5k0dN0mf4dXipecdMRfT2n1FPbCAN1/tZqtiuhiix12oqvU6g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q5yERRvw1KHYHQi93TfG9qoIlxUVRemV3M2R6cLbo5c=; b=kkaL6vIz3ZOTVKDZk0zefVVefZRCVXv9KQUFCcW8Cc4sDrZizb8ISeXMxNPvwxy5si+QzX1qIqlUubPeqfsbCMPqZLeC0+ZcLZYye/ljhZXDd6DZeZNfM/OnvFwhnZPvAH/Pmg0eSvt3wNCL9jK+mnsTVdd5+sVYZmuxyYPY/7Q=
Received: from BN8PR11MB3635.namprd11.prod.outlook.com (2603:10b6:408:86::20) by BN8PR11MB3697.namprd11.prod.outlook.com (2603:10b6:408:8e::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.26; Wed, 27 May 2020 16:52:05 +0000
Received: from BN8PR11MB3635.namprd11.prod.outlook.com ([fe80::c0e8:9942:9972:5590]) by BN8PR11MB3635.namprd11.prod.outlook.com ([fe80::c0e8:9942:9972:5590%5]) with mapi id 15.20.3021.030; Wed, 27 May 2020 16:52:05 +0000
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
CC: "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: [sfc] SFC Security
Thread-Index: AQHWNDyn+XTXKyI1SUGkSTCdmMFYsqi8JdIA
Date: Wed, 27 May 2020 16:52:05 +0000
Message-ID: <3F23E3C3-799D-4508-801C-138F8B168F45@cisco.com>
References: <9c712682-75ee-f6ea-3355-af2271fc0d75@joelhalpern.com>
In-Reply-To: <9c712682-75ee-f6ea-3355-af2271fc0d75@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
authentication-results: joelhalpern.com; dkim=none (message not signed) header.d=none;joelhalpern.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2600:1700:760:21aa:c87d:2340:b566:d531]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9843aab2-3760-49d8-b16c-08d8025e495b
x-ms-traffictypediagnostic: BN8PR11MB3697:
x-microsoft-antispam-prvs: <BN8PR11MB369704421716876D45747D0DC7B10@BN8PR11MB3697.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 04163EF38A
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qRM+gdPQQ4BOA4OTBsw7l2jlyq+GAt/j6XLw89Hsk0qGt1iOrP0IfsaT47ip/nbGfSBahdv25vuYt9PpEYWiJLR86bf+VbQ/sgHVjJ01kmclTIdwyCsg/84CLFWqmku8qHJecXEdDzHJ3U90L2AIAQSX5lUEok1Hj05KnHrB7POmb2FyLoNnzuJNFT+3UiT+snMpNgtCRYTjyLsRliLXGVFDV1EBBnR9pvVYOY9EIhkpUzVMcIQV6JCV3ytIqagHiP3bFF4ATo8Bwss9nwbSlzLUz88SBV1LUpt8GaoRcd8zqoV9dsl2MCA1aDMvaKRPhjbFSLYPnHqw1aIJXEpvbNSTmU+bQbHyTsjErQnLwFC+x5eIyBg5AS+Vy1bvz6dd7TfNPElnNitKKXwCOKBLhw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR11MB3635.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(396003)(346002)(39860400002)(136003)(376002)(6506007)(71200400001)(966005)(6916009)(478600001)(186003)(86362001)(6512007)(83380400001)(36756003)(66616009)(66556008)(99936003)(64756008)(66946007)(66476007)(15650500001)(2616005)(66446008)(76116006)(4326008)(6486002)(8676002)(5660300002)(8936002)(2906002)(33656002)(316002)(4744005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: hfjjndHyxovgmXxFCNCsqvobbANgD/cdhv4XIIEXQy3kAlhoWNSkUJ1dnBQu4wI8PYjB2NKSYY3qwnMDXYYKRpp0Ae+BkABg/nb/QtwleHi1v7eV+dV/nIFj0oKyu4xkSiXv0lpL01WdGELy9ouSSEFlvCQPqk1AgNYmIQSmoB3Dbl54i/nm3i5O1N/tf1QedM39+T5cj1DKvoGhD9IbenWbEUM8lwZqHck7zltdl/WXZo5R2T63kOl6vLdM/gY8LW/jZXxh2beUO3TqAJPVZxW2bVjMqwbUHOkZF63lcByqNj5iSetu1TEy64jM7ZInoiVc8LJvOB+FWT85XtFRgHL+CjAJXfZC6/juyfi5JUlKUctOIOVMKmTHJokTx9Soj8VHb5rbMVIXc2TNpLR03tyNUO5Gu3PLw6IE1x8gtFb7lCYCNi8PEy6pDSyuD6NEI2nsIeRv2M4FOD1tvGMS/rfdRRpOg2NVd/0LJ96ZAstcvXbMf5GdsuHf//eSwhxGchgF0rdjiJodZ13+VyCXw6lNufJ5DQpHs+OABKGFepTw83jOkAg58ClFpub4vgfV
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail=_76883E36-EA41-4E4A-90BF-5B56F629EC03"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9843aab2-3760-49d8-b16c-08d8025e495b
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2020 16:52:05.1723 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zhUFBpBfpqvje3dz5yFE6KGC3QnGuTcYGIW4iIglXBPqdJ1+597riCqi0EjmDwsg8VMzMAtKJsI+UD2XPJVYBg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3697
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/-Ke2x0q38-dcnWfGOaVKaX5cb-4>
Subject: Re: [sfc] SFC Security
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 16:52:10 -0000

Joel,

I agree this is both important and priority work, and I believe the document below is a great start!

It’s great to see.

One question — how specifically does it relate to draft-reddy-sfc-nsh-encrypt, with one common author?

Thanks!

Carlos.

> 2020/05/27 午前11:36、Joel M. Halpern <jmh@joelhalpern.com>のメール:
> 
> We as a working group hava milestone which the IESG felt was important, and which we agreed to work on, to provide security mechanisms for NSH.
> 
> We have one individual draft that suggests such mechansims:
> https://datatracker.ietf.org/doc/draft-rebo-sfc-nsh-integrity/
> 
> Do folks think this is a good start?  A bad start?
> 
> For those folks who would like to be working on other things, the chairs note that we are very reluctant to engage in new work items until we can prove we can complete out commitments.
> 
> Yours,
> Joel
> 
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc

v2.23.0 | Report a Bug | By Email