Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt
Shunsuke Homma <shunsuke.homma.fp@hco.ntt.co.jp> Mon, 11 November 2019 09:09 UTC
Return-Path: <shunsuke.homma.fp@hco.ntt.co.jp>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9680712004D for <sfc@ietfa.amsl.com>; Mon, 11 Nov 2019 01:09:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6B9b5cCcp9mS for <sfc@ietfa.amsl.com>; Mon, 11 Nov 2019 01:09:04 -0800 (PST)
Received: from dish-sg.nttdocomo.co.jp (dish-sg.nttdocomo.co.jp [202.19.227.74]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9C912085D for <sfc@ietf.org>; Mon, 11 Nov 2019 01:09:04 -0800 (PST)
X-dD-Source: Outbound
Received: from zssg-mailmd105.ddreams.local (zssg-mailmd900.ddreams.local [10.160.172.63]) by zssg-mailou103.ddreams.local (Postfix) with ESMTP id 05CD51200C8; Mon, 11 Nov 2019 18:09:04 +0900 (JST)
Received: from zssg-mailcc302.ddreams.local (zssg-mailcc302.ddreams.local [10.160.162.153]) by zssg-mailmd105.ddreams.local (dDREAMS) with ESMTP id <0Q0S001VKS33GT50@dDREAMS>; Mon, 11 Nov 2019 18:09:03 +0900 (JST)
Received: from zssg-mailcc302 (localhost [127.0.0.1]) by zssg-mailcc302.ddreams.local (unknown) with SMTP id xAB993J9032958; Mon, 11 Nov 2019 18:09:03 +0900
Received: from zssg-mailmf105.ddreams.local (unknown [127.0.0.1]) by zssg-mailmf105.ddreams.local (Postfix) with ESMTP id 99CF97E6034; Mon, 11 Nov 2019 18:08:54 +0900 (JST)
Received: from zssg-mailmf105.ddreams.local (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 97F178E605A; Mon, 11 Nov 2019 18:08:54 +0900 (JST)
Received: from localhost (unknown [127.0.0.1]) by IMSVA (Postfix) with SMTP id 955AD8E6060; Mon, 11 Nov 2019 18:08:54 +0900 (JST)
X-IMSS-HAND-OFF-DIRECTIVE: localhost:10026
Received: from zssg-mailmf105.ddreams.local (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 009908E605A; Mon, 11 Nov 2019 18:08:54 +0900 (JST)
Received: from zssg-mailua103.ddreams.local (unknown [10.160.172.62]) by zssg-mailmf105.ddreams.local (Postfix) with ESMTP; Mon, 11 Nov 2019 18:08:53 +0900 (JST)
Received: from RDSVVDI0392 (unknown [10.171.80.137]) by zssg-mailua103.ddreams.local (dDREAMS) with ESMTPA id <0Q0S00S42S2OZXB0@dDREAMS>; Mon, 11 Nov 2019 18:08:48 +0900 (JST)
From: Shunsuke Homma <shunsuke.homma.fp@hco.ntt.co.jp>
References: <157288238359.16503.4915397025250194299.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93303134D9F2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <3b5bf706-2676-db09-02da-2d2c314c0448@joelhalpern.com> <00e701d59630$abf4a030$03dde090$@hco.ntt.co.jp_1> <6a8f85c9-0822-e80f-ea6f-5198bbd512b6@joelhalpern.com>
In-reply-to: <6a8f85c9-0822-e80f-ea6f-5198bbd512b6@joelhalpern.com>
Date: Mon, 11 Nov 2019 18:08:48 +0900
Message-id: <00c401d5986f$a0bb9f20$e232dd60$@hco.ntt.co.jp_1>
MIME-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-index: AQItkg/QRNXaO7skuxxjGVqDDmFFqgEUm/5RAXbKMcwBJy0OYQIKhTYmpqfR2cA=
Content-language: ja
X-TM-AS-GCONF: 00
To: "'Joel M. Halpern'" <jmh@joelhalpern.com>, sfc@ietf.org, s.homma0718@gmail.com
X-CC-Mail-RelayStamp: CC/Mail Relayed
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/3-vZ1xr7YR6nJ509BAEqDKRvCc4>
Subject: Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2019 09:09:06 -0000
Hi Joel, I assume that bit errors and software errors may cause some problems. The current NSH allows to contain every type of metadata, and some types of metadata such as subscriber ID or upper-level SFP info (ref. RFC8459) may affect the following SFP or SFs' processes if it has some errors. Such metadata would be inserted by CF, in other words SFC component, and I thought that detection/prevention schemes of such accidental errors can be supported in SFC framework. However, as you pointed, the current specifications allow SFs and SFC components to modify metadata, and it may be implementation matter. Best regards, Shunsuke -----Original Message----- From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Joel M. Halpern Sent: Friday, November 08, 2019 11:02 PM To: Shunsuke Homma; sfc@ietf.org Subject: Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt Shunsuke. Thank you for your interest in this topic. As co-chair, I am trying to understand what kinds of additions you would be looking for to address metadata errors. All SF are already allowed to modify metadata. Any process for detecting and correcting erroneous metadata would seem on the one end to be permitted by current rules, and on the other hand to be highly specific to the precise metadata being dealt with. Did you have something more general, and needing documentation, to be added? Yours, Joel Halpern On 11/8/2019 7:33 AM, Shunsuke Homma wrote: > Hi, > > I agree that integrity protection is important, and I'd like to support this work. > > In addition to encryption of metadata, I assume that a mechanism to prevent accidentally errors on metadata would be also needed. For example, it may be realized by integrating some error correction mechanism into NSH scheme, or defining a rule for a case that an SF/SF proxy detects metadata error is detected (e.g., delete the errored metadata, discard whole of packet). > > Best regards, > > Shunsuke > > -----Original Message----- > From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Joel M. Halpern > Sent: Tuesday, November 05, 2019 1:04 AM > To: sfc@ietf.org > Subject: Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt > > Thank you for your work on this Med and Tiru. > Working Group, this is a topic we have in the charter, and explicitly > told the IESG we would work on. Please review and comment on the > approach described here. > > Thank you, > Joel (as co-chair) > > On 11/4/2019 10:56 AM, mohamed.boucadair@orange.com wrote: >> Hi all, >> >> This new version integrates the comments we received offline. The main changes are: >> >> * Clarify why we don't encrypt the base and service path headers >> * Clarify that all metadata is integrity protected >> * Clarify that the Base header may (or not) be covered by integrity protection. Both schemes are discussed with trade-offs called out. >> * Updated the solution overview to provide a big picture view. >> >> A detailed diff can be found at: https://www.ietf.org/rfcdiff?url2=draft-rebo-sfc-nsh-integrity-01 >> >> Please review and share your comments. >> >> Cheers, >> Tiru & Med >> >>> -----Message d'origine----- >>> De : internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] >>> Envoyé : lundi 4 novembre 2019 16:46 >>> À : Reddy K; Tirumaleswar Reddy; BOUCADAIR Mohamed TGI/OLN >>> Objet : New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt >>> >>> >>> A new version of I-D, draft-rebo-sfc-nsh-integrity-01.txt >>> has been successfully submitted by Mohamed Boucadair and posted to the >>> IETF repository. >>> >>> Name: draft-rebo-sfc-nsh-integrity >>> Revision: 01 >>> Title: Integrity Protection for Network Service Header (NSH) and >>> Encryption of Sensitive Metadata >>> Document date: 2019-11-04 >>> Group: Individual Submission >>> Pages: 21 >>> URL: https://www.ietf.org/internet-drafts/draft-rebo-sfc-nsh- >>> integrity-01.txt >>> Status: https://datatracker.ietf.org/doc/draft-rebo-sfc-nsh- >>> integrity/ >>> Htmlized: https://tools.ietf.org/html/draft-rebo-sfc-nsh-integrity-01 >>> Htmlized: https://datatracker.ietf.org/doc/html/draft-rebo-sfc-nsh- >>> integrity >>> Diff: https://www.ietf.org/rfcdiff?url2=draft-rebo-sfc-nsh- >>> integrity-01 >>> >>> Abstract: >>> This specification adds integrity protection and optional encryption >>> directly to Network Service Headers (NSH) used for Service Function >>> Chaining (SFC). >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> The IETF Secretariat >> >> _______________________________________________ >> sfc mailing list >> sfc@ietf.org >> https://www.ietf.org/mailman/listinfo/sfc >> > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > _______________________________________________ sfc mailing list sfc@ietf.org https://www.ietf.org/mailman/listinfo/sfc
- [sfc] TR: New Version Notification for draft-rebo… mohamed.boucadair
- Re: [sfc] TR: New Version Notification for draft-… Joel M. Halpern
- [sfc] FW: TR: New Version Notification for draft-… Dirk.von-Hugo
- Re: [sfc] TR: New Version Notification for draft-… Dirk.von-Hugo
- Re: [sfc] TR: New Version Notification for draft-… Shunsuke Homma
- Re: [sfc] TR: New Version Notification for draft-… Joel M. Halpern
- Re: [sfc] TR: New Version Notification for draft-… Shunsuke Homma