Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
mohamed.boucadair@orange.com Thu, 04 February 2021 07:18 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF4C3A134F; Wed, 3 Feb 2021 23:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.116
X-Spam-Level:
X-Spam-Status: No, score=-2.116 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id da6ZqYUNbnWh; Wed, 3 Feb 2021 23:18:13 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47CB93A134E; Wed, 3 Feb 2021 23:18:13 -0800 (PST)
Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id 4DWVJM5N3mz1y4Y; Thu, 4 Feb 2021 08:18:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1612423091; bh=BqXXm29ytz7wtZIYy0uljgrbfQzQpPGKw/f0in6KsH4=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=OIl1vMliq3qTrPsrG6F5aa9BPiCasJiyjR+Jm09w3JRqi9I/UjPFv7tvzPnel4k6e WsHpd+GhHGfj32mwbnPVgU1UlNCvqxbmW3xJFamq89bLgg10t2yU9aEtDhtNi7Y7Qu 5+/nOz7WiXosZh18AOwbOx8/9bmMan0oWpASUv8T5rcw59dj2TYv0bslal7iQd3MaZ B2GOhecjc3O7wJF3x2kxkdus8yGKLiEixDR6frygrDCRkvSnr/FSW1eUUjxEfBhDKh aBm3CWKPDzDx86/tI/a/cvWHHPNdH8Q2jZ6fwbLl+1t6yrbH1pQev82oEUC2pb/ijm tFM/VGA9/t6IQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.92]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id 4DWVJM49DyzDq8f; Thu, 4 Feb 2021 08:18:11 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Greg Mirsky <gregimirsky@gmail.com>
CC: "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
Thread-Topic: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
Thread-Index: AQHW9mtafLSXynP7SSCWRxa8bcUgZqpGO1jggAFi6NA=
Date: Thu, 04 Feb 2021 07:18:11 +0000
Message-ID: <13626_1612423091_601B9FB3_13626_224_1_787AE7BB302AE849A7480A190F8B9330315C6BE6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <161184769798.6893.13499187160157088449@ietfa.amsl.com> <48b9f1db-38cb-7703-3c1e-7d2e75f93d19@joelhalpern.com> <CA+RyBmWmPgEiBapRFKbqGcoe9deGwMdZBUnBRHwO9hjqoG82GA@mail.gmail.com> <11269_1612347099_601A76DB_11269_227_2_787AE7BB302AE849A7480A190F8B9330315C6440@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <11269_1612347099_601A76DB_11269_227_2_787AE7BB302AE849A7480A190F8B9330315C6440@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B9330315C6BE6OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/3UDxRfR-8AFFqc9qnfSlvBdFa0I>
Subject: Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 07:18:16 -0000
Hi Greg, We made some changes to avoid the confusion raised in the message below. The changes can be tracked at: https://tinyurl.com/nsh-integrity-latest Hope this is better. Cheers, Med De : mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] Envoyé : mercredi 3 février 2021 11:12 À : Greg Mirsky <gregimirsky@gmail.com> Cc : sfc@ietf.org; draft-ietf-sfc-nsh-integrity@ietf.org; Joel M. Halpern <jmh@joelhalpern.com> Objet : RE: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity Hi Greg, Thank you for the comment. As explained in Section 7.2, if no encryption is used the IV Length field will be followed by the MAC: The NSH imposer computes the message integrity for the target NSH data (depending on the integrity protection scope discussed in Section 5<https://tools.ietf.org/html/draft-ietf-sfc-nsh-integrity-03#section-5>) using MAC_KEY and HMAC algorithm. It inserts the MAC in the "MAC and Encrypted Metadata" Context Header. The length of the MAC is decided by the HMAC algorithm adopted for the particular key identifier. I guess you were confused by figures 6 and 7 where we put “Context Headers to encrypt (opt.)” right after Initialization Vector. Will fix that to avoid confusion. Cheers, Med De : Greg Mirsky [mailto:gregimirsky@gmail.com] Envoyé : vendredi 29 janvier 2021 19:20 À : Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>>; draft-ietf-sfc-nsh-integrity@ietf.org<mailto:draft-ietf-sfc-nsh-integrity@ietf.org> Cc : sfc@ietf.org<mailto:sfc@ietf.org> Objet : Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity Dear Authors, I appreciate your kind consideration of my comments on the draft. I've reviewed the updates. It all looks good. I might have a small question about the case of IV Length = 0. The updated text suggests: If encryption is not used, IV length is set to zero (that is, no "Initialization Vector" is included). As I understand it, that means that the IV Length field is immediately followed by the padding as explained in the last paragraph in Section 5: The "MAC and Encrypted Metadata" Context Headers are padded out to a multiple of 4 bytes as per Section 2.2 of [RFC8300]. Is that correct? And yes, I support progressing this document to publication. Regards, Greg Regards, Greg On Thu, Jan 28, 2021 at 7:33 AM Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>> wrote: As you can see below, the SFC Chairs have started the WG last Call for the nsh-integrity draft. Please respond. Thank you, Joel -------- Forwarded Message ------- The IETF WG state of draft-ietf-sfc-nsh-integrity has been changed to "In WG Last Call" from "WG Document" by Joel Halpern: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ Comment: This starts the SFC Working Group last call for the NSH integrity protection document. This will run through the end of the day February 11, 2021. (Don't worry about time zone. If it is still Feb 11 2021 somewhere in the world, you can send in comments.) Please respond. Silence is not consent, and when (if, but we hope when) we send this to the AD, we need to be able to describe meaningful WG support for the publication. And if possible, more than just +1. Thank you, Joel (and Jim) _______________________________________________ sfc mailing list sfc@ietf.org<mailto:sfc@ietf.org> https://www.ietf.org/mailman/listinfo/sfc _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Fwd: IETF WG state changed for draft-ietf-s… Joel M. Halpern
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Greg Mirsky
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Dirk.von-Hugo
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… wei.yuehua
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Dirk.von-Hugo
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Greg Mirsky
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Dhruv Dhody
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- [sfc] Fwd: IETF WG state changed for draft-ietf-s… Joel M. Halpern
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Greg Mirsky
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Dan Wing
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Konda, Tirumaleswar Reddy
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Greg Mirsky
- Re: [sfc] IETF WG state changed for draft-ietf-sf… mohamed.boucadair
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Greg Mirsky
- Re: [sfc] IETF WG state changed for draft-ietf-sf… mohamed.boucadair