Re: [sfc] Opsdir last call review of draft-ietf-sfc-nsh-integrity-05
mohamed.boucadair@orange.com Fri, 02 July 2021 05:10 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 2F3893A0766;
Thu, 1 Jul 2021 22:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nSrD_-TV7t9G; Thu, 1 Jul 2021 22:10:13 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 72B023A0763;
Thu, 1 Jul 2021 22:10:13 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by opfednr22.francetelecom.fr (ESMTP service) with ESMTPS id 4GGNSM2S76z115h;
Fri, 2 Jul 2021 07:10:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com;
s=ORANGE001; t=1625202611;
bh=sLa4GBoaAuht4brsNJFjyaYf/y0l1forBl77UhUR+z0=;
h=From:To:Subject:Date:Message-ID:Content-Type:
Content-Transfer-Encoding:MIME-Version;
b=f9u07kYda310/MyxcO7rz1rotkteC8M8ZmuutVnV+OcKiyXoGRF2YoTN3ukB19pVR
bKSRBF+6C9Vp5oSMYrA7ohNhBl/b48VSpp5hqiGRUMjlpB8xD4YvkuUSqY++3GJrdx
xvvhUKAz2aNUrDEh97q49URO3ZXE3rJP07IdNQbvOYD2b1oWPvJkCdMUOOd5lrwLtk
fweVes33fx2ncVv/cavs/VL0J4+mxA2p9sR25iDv0ZBw/wFLWqlEsfoQvgj5HfxWX5
8GE+OLwyF624oN5wihnkd9orZafMOZXZWFu/3rJcty08CO+h6Du/nqJcF+ZNpRc4pC
grm8dsk4QLX/Q==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.92])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by opfednr01.francetelecom.fr (ESMTP service) with ESMTPS id 4GGNSM1GsQzDq80;
Fri, 2 Jul 2021 07:10:11 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: =?utf-8?B?SsO8cmdlbiBTY2jDtm53w6RsZGVy?=
<j.schoenwaelder@jacobs-university.de>, "ops-dir@ietf.org" <ops-dir@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity.all@ietf.org"
<draft-ietf-sfc-nsh-integrity.all@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: Opsdir last call review of draft-ietf-sfc-nsh-integrity-05
Thread-Index: AQHXaZqmmf8m3HMDQ0yGRnjG/jASQaskZ+mwgArFoKA=
Date: Fri, 2 Jul 2021 05:10:10 +0000
Message-ID: <24262_1625202611_60DE9FB3_24262_195_1_787AE7BB302AE849A7480A190F8B9330353B4F52@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162460909273.657.16151989326348143956@ietfa.amsl.com>
<9774_1624614936_60D5A818_9774_471_2_787AE7BB302AE849A7480A190F8B9330353B0E12@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <9774_1624614936_60D5A818_9774_471_2_787AE7BB302AE849A7480A190F8B9330353B0E12@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/4h8qsw0eGdvKCZroodSNdTSJlME>
Subject: Re: [sfc] Opsdir last call review of draft-ietf-sfc-nsh-integrity-05
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 05:10:19 -0000
Hi Jürgen, FYI, the changes are now implemented in the public version: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-integrity-06 Cheers, Med > -----Message d'origine----- > De : mohamed.boucadair@orange.com > [mailto:mohamed.boucadair@orange.com] > Envoyé : vendredi 25 juin 2021 11:56 > À : Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>de>; ops- > dir@ietf.org > Cc : draft-ietf-sfc-nsh-integrity.all@ietf.org; last-call@ietf.org; > sfc@ietf.org > Objet : RE: Opsdir last call review of draft-ietf-sfc-nsh-integrity- > 05 > > Hi Jürgen, > > Thank you for the review. You can track the changes at: > https://tinyurl.com/nsh-integrity-latest > > Please see inline. > > Cheers, > Med > > > -----Message d'origine----- > > De : Jürgen Schönwälder via Datatracker [mailto:noreply@ietf.org] > > Envoyé : vendredi 25 juin 2021 10:18 À : ops-dir@ietf.org Cc : > > draft-ietf-sfc-nsh-integrity.all@ietf.org; last-call@ietf.org; > > sfc@ietf.org Objet : Opsdir last call review of > > draft-ietf-sfc-nsh-integrity-05 > > > > Reviewer: Jürgen Schönwälder > > Review result: Has Issues > > > > The document is very well written and organized, thanks for that. > I > > have some comments and a few nits. The issues I have a minor, I > think > > the document overall is in a good shape. > > > > - From an operational perspective, I very much appreciate that > there > > is some text discussing error and failure reporting and that > there > > are some MTU configuration guidelines. > > > > - The document claims: > > > > As depicted in Table 1, SFFs are not involved in data > encryption. > > This document enforces this design approach by encrypting > Context > > Headers with keys that are not supplied to SFFs, thus > enforcing > > this > > limitation by protocol (rather than requirements language). > > > > I am a bit puzzled about this statement since a protocol > definition > > at the end is just some form of requirements language. > > [Med] FWIW, that sentence was drawn compared to an alternative > design we considered in the past (use of AEAD which relies upon a > single key for both encryption and integrity) and for which we > indicated the following at that time: > > In order to avoid the overhead of multiple authentication tags > and > multiple keys, and to prevent SFFs from acquiring the secret > key > to decrypt the metadata, the recommendation is not to > integrity > protect the base header. Such approach does not require to > recompute the MAC each time TTL is decremented by an SFF. As > a > reminder, an SFF is not supposed to act on the metadata or > look > into the content of the metadata. > > We were concerned with relying on the requirement language (mainly > the last sentence) for the correct protocol behavior. We changed the > design so that the limitation is imposed by the protocol: use > distinct keys for encryption (ENC_KEY) and integrity (MAC_KEY). > > We do have the following: > > The other advantage is > that SFFs do not have access to the ENC_KEY and cannot act on the > encrypted Context Headers and, only in case of the second level > of > assurance, SFFs do have access to the MAC_KEY. Similarly, an > NSH- > aware SF or SFC Proxy not allowed to decrypt the Context Headers > will > not have access to the ENC_KEY. > > but ... > > Well, > > putting > > that remark aside, I do not really see anything in the > specification > > that ensures that SFFs won't get the keys. We also read: > > > > [...] Encryption keying material is only provided to > > these SFC data plane elements. > > > > Well, the specification is actually silent about how keys are > > distributed. Section 4.4. says: > > > > The procedure for the allocation/provisioning of secret keys > (K) > > and > > authenticated encryption algorithm or MAC_KEY and HMAC > algorithm > > is > > outside the scope of this specification. As such, this > > specification > > does not mandate the support of any specific mechanism. > > > > To me, it seems the claims made in section 4.4. do not really > hold. > > [Med] ... I agree that we still depend on the provisioning. Removed > that sentence. > > > > > - In section 6, you picked as the epoch 1970-01-01T00:00Z while > NTP > > uses the epoch 1900-01-01T00:00Z. This leads to rollovers in the > > year 2106 for your timestamps while the NTP rollover would be in > > 2036. Given that you use an NTP compatible format and a > different > > epoch, I think this deserves to be spelled out explicitly so > that > > people understand that they have to do conversions. > > > > (Alternatively, you could adopt the epoch NTP is using and the > need > > for conversions goes away at the price of an earlier rollover.) > > > > Anyway, what I am saying is that if you pick a different epoch, > I > > suggest to spell this out explicitly and to not rely on > > implementers to discover this. > > > > [Med] Fair point. Added a note. > > > Minor nits: > > > > - In section 5.2, it should say: > > > > OLD > > > > In reference to Figure 5 > > > > NEW > > > > In reference to Figure 7 > > > > [Med] For both 5.1 and 5.2 we provide a reference to the figure with > the format of the context header (i.e., Figure 5). Figures 6/7 cover > the NSH header and so on. > > > - In section 7.3, I suggest this change to make it clear again to > the > > reader what K is: > > > > OLD > > > > Using K and > > > > NEW > > > > Using the secret key K and > > [Med] Fixed. Thanks. > > > ____________________________________________________________________ > _____________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc pas etre > diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler a l'expediteur et le > detruire ainsi que les pieces jointes. Les messages electroniques > etant susceptibles d'alteration, Orange decline toute responsabilite > si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or > privileged information that may be protected by law; they should not > be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender > and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that > have been modified, changed or falsified. > Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Opsdir last call review of draft-ietf-sfc-n… Jürgen Schönwälder via Datatracker
- Re: [sfc] Opsdir last call review of draft-ietf-s… mohamed.boucadair
- Re: [sfc] Opsdir last call review of draft-ietf-s… mohamed.boucadair
- Re: [sfc] Opsdir last call review of draft-ietf-s… Juergen Schoenwaelder