IETF Logo Mail Archive

Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity

mohamed.boucadair@orange.com Thu, 04 February 2021 07:18 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF4C3A134F; Wed, 3 Feb 2021 23:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.116
X-Spam-Level:
X-Spam-Status: No, score=-2.116 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id da6ZqYUNbnWh; Wed, 3 Feb 2021 23:18:13 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47CB93A134E; Wed, 3 Feb 2021 23:18:13 -0800 (PST)
Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id 4DWVJM5N3mz1y4Y; Thu, 4 Feb 2021 08:18:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1612423091; bh=BqXXm29ytz7wtZIYy0uljgrbfQzQpPGKw/f0in6KsH4=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=OIl1vMliq3qTrPsrG6F5aa9BPiCasJiyjR+Jm09w3JRqi9I/UjPFv7tvzPnel4k6e WsHpd+GhHGfj32mwbnPVgU1UlNCvqxbmW3xJFamq89bLgg10t2yU9aEtDhtNi7Y7Qu 5+/nOz7WiXosZh18AOwbOx8/9bmMan0oWpASUv8T5rcw59dj2TYv0bslal7iQd3MaZ B2GOhecjc3O7wJF3x2kxkdus8yGKLiEixDR6frygrDCRkvSnr/FSW1eUUjxEfBhDKh aBm3CWKPDzDx86/tI/a/cvWHHPNdH8Q2jZ6fwbLl+1t6yrbH1pQev82oEUC2pb/ijm tFM/VGA9/t6IQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.92]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id 4DWVJM49DyzDq8f; Thu, 4 Feb 2021 08:18:11 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Greg Mirsky <gregimirsky@gmail.com>
CC: "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
Thread-Topic: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
Thread-Index: AQHW9mtafLSXynP7SSCWRxa8bcUgZqpGO1jggAFi6NA=
Date: Thu, 04 Feb 2021 07:18:11 +0000
Message-ID: <13626_1612423091_601B9FB3_13626_224_1_787AE7BB302AE849A7480A190F8B9330315C6BE6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <161184769798.6893.13499187160157088449@ietfa.amsl.com> <48b9f1db-38cb-7703-3c1e-7d2e75f93d19@joelhalpern.com> <CA+RyBmWmPgEiBapRFKbqGcoe9deGwMdZBUnBRHwO9hjqoG82GA@mail.gmail.com> <11269_1612347099_601A76DB_11269_227_2_787AE7BB302AE849A7480A190F8B9330315C6440@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <11269_1612347099_601A76DB_11269_227_2_787AE7BB302AE849A7480A190F8B9330315C6440@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B9330315C6BE6OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/3UDxRfR-8AFFqc9qnfSlvBdFa0I>
Subject: Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 07:18:16 -0000

Hi Greg,

We made some changes to avoid the confusion raised in the message below. The changes can be tracked at:
https://tinyurl.com/nsh-integrity-latest

Hope this is better.

Cheers,
Med

De : mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com]
Envoyé : mercredi 3 février 2021 11:12
À : Greg Mirsky <gregimirsky@gmail.com>
Cc : sfc@ietf.org; draft-ietf-sfc-nsh-integrity@ietf.org; Joel M. Halpern <jmh@joelhalpern.com>
Objet : RE: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity

Hi Greg,

Thank you for the comment.

As explained in Section 7.2, if no encryption is used the IV Length field will be followed by the MAC:

   The NSH imposer computes the message integrity for the target NSH
   data (depending on the integrity protection scope discussed in
   Section 5<https://tools.ietf.org/html/draft-ietf-sfc-nsh-integrity-03#section-5>) using MAC_KEY and HMAC algorithm.  It inserts the MAC in
   the "MAC and Encrypted Metadata" Context Header.  The length of the
   MAC is decided by the HMAC algorithm adopted for the particular key
   identifier.


I guess you were confused by figures 6 and 7 where we put “Context Headers to encrypt (opt.)” right after Initialization Vector. Will fix that to avoid confusion.

Cheers,
Med

De : Greg Mirsky [mailto:gregimirsky@gmail.com]
Envoyé : vendredi 29 janvier 2021 19:20
À : Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>>; draft-ietf-sfc-nsh-integrity@ietf.org<mailto:draft-ietf-sfc-nsh-integrity@ietf.org>
Cc : sfc@ietf.org<mailto:sfc@ietf.org>
Objet : Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity

Dear Authors,
I appreciate your kind consideration of my comments on the draft. I've reviewed the updates. It all looks good. I might have a small question about the case of IV Length = 0. The updated text suggests:
       If encryption is not used, IV length is set to zero
       (that is, no "Initialization Vector" is included).
As I understand it, that means that the IV Length field is immediately followed by the padding as explained in the last paragraph in Section 5:
   The "MAC and Encrypted Metadata" Context Headers are padded out to a
    multiple of 4 bytes as per Section 2.2 of [RFC8300].
Is that correct?

And yes, I support progressing this document to publication.

Regards,
Greg

Regards,
Greg

On Thu, Jan 28, 2021 at 7:33 AM Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>> wrote:
As you can see below, the SFC Chairs have started the WG last Call for
the nsh-integrity draft.  Please respond.
Thank you,
Joel


-------- Forwarded Message -------


The IETF WG state of draft-ietf-sfc-nsh-integrity has been changed to "In WG
Last Call" from "WG Document" by Joel Halpern:

https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/

Comment:
This starts the SFC Working Group last call for the NSH integrity protection
document.  This will run through the end of the day February 11, 2021.
(Don't worry about time zone.  If it is still Feb 11 2021 somewhere in the
world, you can send in comments.)  Please respond.  Silence is not consent,
and when (if, but we hope when) we send this to the AD, we need to be
able to
describe meaningful WG support for the publication.  And if possible, more
than just +1.

Thank you,
Joel (and Jim)

_______________________________________________
sfc mailing list
sfc@ietf.org<mailto:sfc@ietf.org>
https://www.ietf.org/mailman/listinfo/sfc

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email