Re: [sfc] [Last-Call] Secdir last call review of draft-ietf-sfc-proof-of-transit-08
"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Fri, 24 September 2021 08:40 UTC
Return-Path: <fbrockne@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 051303A1ECC; Fri, 24 Sep 2021 01:40:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.596
X-Spam-Level:
X-Spam-Status: No, score=-4.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=XR+BNn5M; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=l8cjw1us
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IN3yajcLkdec; Fri, 24 Sep 2021 01:40:00 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A4843A1ECB; Fri, 24 Sep 2021 01:40:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11714; q=dns/txt; s=iport; t=1632472800; x=1633682400; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MQhIe2rBH11ItEkDcgT9995M1PC+vK+bkVNmKSMZ7ZU=; b=XR+BNn5MrOg28KcLPxZSlQUGpQenqp5NAhPtrH49nRpzPHQKkg+ndQqe oU5r37wwEEJ8guDnqJq4WR19e7ZDSAmCa911sGwJ220Z9TA52R7tV9lLO 5UrAY7KH4q+lSWSOB/sRIKwxhLwUd2rAIDtqlljvMrDcy+nnNv8KOqkID c=;
IronPort-PHdr: A9a23:t2SspxfxZObcxfrNnQcnzrYplGM/U4qcDmcuAtIPi69Pbqmm9tLkMVCMrflujVqcW4Ld5roEjufNqKnvVCQG5orJq3ENdpFAFnpnwcUblgAtGoiJXEv8KvO5bzE7AMlHXRlj8m3oeURQEdz1MlvVpHD65DUOGxL5YAxyIOm9GoPbg8mtke6o/JiGaARTjz37arR3f32L
IronPort-Data: A9a23:mCkekapftDkEZqsUJYFteZzVF0teBmJMZBIvgKrLsJaIsI4StFCztgarIBmHPP7fZzCmeY1+a4/k9hwF7J+Dztc1SwBlqXs3FXxEp+PIVI+TRqvS04x+DSFioHqKZKzyU/GYRCwPZiKa9krF3oTJ9yEmjPnZHOakUYYoBwgoLeNaYHZ54f5cs7ZRbr5A2bBVMivV0T/Ai5S31GyNg1aYBlkpB5er83uDihhdVAQw5TTSbdgT1LPXeuJ84Jg3fcldJFOgKmVY83LTegrN8F251juxExYFENiplPPwdVcHB+6UNgmVgX0QUK+n6vRAjnVtieBga7xNMgEO12nhc9NZkL2hsbS+Qx0uNa7KlcwWUgJTFGd1OqguFLrvcCHm7ZDKnhaYG5fr67A0ZK0sBqUb4OdsAWdHs+cRMzAEaBOriOe/wbb9Qe5p7uwvNsDlIMYet21uiCrXBrM+W5fETeDN65pExj42ncFSW//aY+IYZCZhKhPabHVnIVkcIJMzgOnugWPwGxVDtF+NpacxpXnU0QF11JDvKN/SYNODQ4NemUPwjmbP5Hi8CRgeMPSexCaLtHW2iYfnhiPkVZ4SHfuy9vdsjFSJx0QcDRQXUR2wpvzRolWzUN5eMWQV9zYg668o+ySDTsT8QxC9qVaEox8AVt9ZVes39GmwJgD8i+qCLnIPQjgEY9s8uYpmAzcrzVSO2djuAFRSXHSuYSr13t+pQfmaYED59VM/WBI=
IronPort-HdrOrdr: A9a23:RqxcFa5T8fLd2eoTRQPXwZCCI+orL9Y04lQ7vn2ZFiY1TiXIra6TdaoguiMc0AxhJ03Jmbi7Sc69qADnhOBICO4qTPeftWjdySqVxeRZjbcKrAeQYBEWmtQtsJuINpIOdOEYbmIKzvoSgjPIaerIqePvmMvD6IuurAYOcegpUdAc0+4TMHf8LqQCfng/OXNPLuvk2iMonUvFRV0nKuCAQlUVVenKoNPG0Lj8ZwQdOhIh4A6SyRu19b/TCXGjr1UjegIK5Y1n3XnOkgT/6Knmmeq80AXg22ja6IkTsMf9y+FEGNeHhqEuW3DRY0eTFcBcso+5zXYISdKUmQ8XeR730k8d1vFImjTsl6eO0EDQMkfboWwTAjTZuC6laDPY0LzErXQBepd8bUYzSGqH16Lm1+sMjJ6jlljpxKZ/HFfOmj/w6MPPUAwvnk2ooWA6mepWlHBHV5ACAYUh4LD30XklW6voJhiKorzP0dMee/309bJTaxeXfnrZtm5gzJilWWkyBA6PRgwHttaO2zZbkXhlxw9ArfZv0Uso5dY4Ud1J9u7EOqNnmPVHSdIXd7t0AKMETdGsAmLATBrQOCaZIEjhFqsAJ3XRwqSHrIkd9aWvYtgF3ZEykJPOXBdRsnMzYVvnDYmU0JhC4nn2MS2AtPTWu4hjDr1Cy/PBrZbQQFi+oWEV4r2dSq8kc7/mst6ISeZrP8M=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BoCABXjk1h/5BdJa1aHAEBAQEBAQcBARIBAQQEAQFAgVmBU1EHgVE3MYRHg0gDhTmFY4IlA4ETiVuFHopUgUKBEQNUCwEBAQ0BAUEEAQGEfQIXgi8CJTgTAQIEAQEBEgEBBQEBAQIBBgSBEROFaA2GQgEBAQECARIREQwBATcBCwQCAQgRBAEBAQICJgICAh8RFQgIAgQBDQUIEweFJQMOIQFQoncBgToCih96gTGBAYIIAQEGBASFCg0LgjUJgRAqgwCEFoRDgQ6BHwgfHIFJRIEVQ3mBNwcwPoIhgWZAFYMBN4IuiUZqAQMNDhQUMgklKQYGE2sMBAEMBwUyAQcRkTiDDwFGjR+aXF4Kgy2YeQSGABSDZ4tolzqWIIIejWSQAysjDIRXAgQCBAUCDgEBBoEwSCSBWXAVO4JpURkPjiCDcopedDgCBgsBAQMJkiwBAQ
X-IronPort-AV: E=Sophos;i="5.85,319,1624320000"; d="scan'208";a="911441936"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Sep 2021 08:39:58 +0000
Received: from mail.cisco.com (xbe-rcd-007.cisco.com [173.37.102.22]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 18O8dwF9028361 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 24 Sep 2021 08:39:58 GMT
Received: from xfe-aln-002.cisco.com (173.37.135.122) by xbe-rcd-007.cisco.com (173.37.102.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 24 Sep 2021 03:39:57 -0500
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 24 Sep 2021 03:39:57 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Fri, 24 Sep 2021 04:39:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aF8vP7Y0x9yQ/frJsnEKFKAo9M8IS57RW6LjshBDH+iYULn47zXAOR4rzAI0pJ9sCuzf8E4xD5USLmjveajOjnSnrbaAXlEKupwR5azCwp7tciEH5FmvHcTzTjxJTN/lSFqBRdx5jvCsoIs6FjabNn3RKGYqrbyPB1OAWIBe5sFCewUUp5XLpcXTnMPmkpf7VsOnno78rBLKDyxeak1T0tychFaxvo02gKBAAdoumrMK9c+YMUKfYfqAJQ5X0m2hgma9yv7QEwLReoyx9F8g8u6am+bUEnNQE6DCaiQanhMO3Ui9aziX2vL5Shaqtejckt4aEeU/i81T+GXvP60q+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MQhIe2rBH11ItEkDcgT9995M1PC+vK+bkVNmKSMZ7ZU=; b=OfEln7CJofOWeDqrtDTe+i9gl4wBnNMZVMF8GAtjYTbizCjBd9G+43IBvuCLF+DCCPxN/UiphjWUHOo9T+Ws3MImN1BUgUgul3Jh1DZFX/JiME83Iw5M8f3TOa//Ok3CcUDFk2AkPxq+/buO9iYEsIs9pwr98Z7V7Ed1b5fntNvxTDT8roj6lhO7lKN9OF3Pja9gd2anfHFpwziFcdiejvo8hcMWtH8tiQyLQHB+8Vd83Ui+zPnv/e6FpWckA18zF9j8qFQRO+sMlD3oHFM0Smqn7m95mg5wypOjgawSUIkqu0mewqXnDxb6uGWhPSDhVT64GnSe0YoI2kwh0Scegg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MQhIe2rBH11ItEkDcgT9995M1PC+vK+bkVNmKSMZ7ZU=; b=l8cjw1uss7BVGOzxvrnvQ/AGsHcrR7QGaoFRP/J1H4pwV9NnNyc/oS1GOYgV47sfsQssR2GlCHBOLu5yMQaSONAn0PFqD1eku4aDLPD4oNWM376aj/eYK28Bb3PDxGrWLUfa4niwov2z0LQVZVQfkQmzJzKNJ8cJAFGcqeCmra0=
Received: from DM8PR11MB5606.namprd11.prod.outlook.com (2603:10b6:8:3c::23) by DM8PR11MB5592.namprd11.prod.outlook.com (2603:10b6:8:35::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Fri, 24 Sep 2021 08:39:55 +0000
Received: from DM8PR11MB5606.namprd11.prod.outlook.com ([fe80::2544:292:4ad5:dd65]) by DM8PR11MB5606.namprd11.prod.outlook.com ([fe80::2544:292:4ad5:dd65%3]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021 08:39:55 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: Christian Huitema <huitema@huitema.net>, "secdir@ietf.org" <secdir@ietf.org>
CC: "shwetha.bhandari@gmail.com" <shwetha.bhandari@gmail.com>, "last-call@ietf.org" <last-call@ietf.org>, "Youell, Stephen" <stephen.youell@jpmorgan.com>, "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-proof-of-transit.all@ietf.org" <draft-ietf-sfc-proof-of-transit.all@ietf.org>, "krishna.sashank@gmail.com" <krishna.sashank@gmail.com>
Thread-Topic: [Last-Call] Secdir last call review of draft-ietf-sfc-proof-of-transit-08
Thread-Index: AQHXrdJnjOHuO4fhnU+wPCtBTLa6aaux/B8wgAAXGgCAAMvnUA==
Date: Fri, 24 Sep 2021 08:39:55 +0000
Message-ID: <DM8PR11MB56061C0D02BC169F39D41407DAA49@DM8PR11MB5606.namprd11.prod.outlook.com>
References: <163210969860.31323.5718880916818308072@ietfa.amsl.com> <DM8PR11MB5606222AA0739CE8093A6777DAA39@DM8PR11MB5606.namprd11.prod.outlook.com> <7329d9eb-3597-0006-dbc5-892a4ada74ab@huitema.net>
In-Reply-To: <7329d9eb-3597-0006-dbc5-892a4ada74ab@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huitema.net; dkim=none (message not signed) header.d=none;huitema.net; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 820f2b3d-68a5-4510-071b-08d97f36e2a2
x-ms-traffictypediagnostic: DM8PR11MB5592:
x-microsoft-antispam-prvs: <DM8PR11MB5592B1304F8A6C4A4AEF8358DAA49@DM8PR11MB5592.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: J3HOazatDpyNtXCZcNdkC0n4bzzRSKR7kweEYYGQT2oqW+aBNr1PlO1UV5j/AeIyAzAq4AEfCYkoHWEHKZcpOJSgDIZNidh85axd46/WDn/inVrQIiX6lT1eSooS6giZDUuCD5Qj8fvveqdLy3uqzy4GCLzc5YlzSlOkVTVfrwlv7nd/1b9qwRtxgA5Ycx8Xm+FFIZp2ykVgJmig6bYfRh/RcHIZx7KXE580h608FLx+cTsm3q9oKaRAKoqd1CCMqVBfgPnpZrq0+wZAZs2PR/w4KUUX7akrAGyVLOqx8k1A2yrTgynFdICIqzWuTdLT6L7ZsqZ6ctjRx1p0Eh1msAZeFLIeNGgocD0YR81e3xy5y4gx1F9sVOQke/ABMCfr5ZORy5i/jLWLvZFmJXZpCGL6CEyAN7YIyYbTaJp5dpp49+3GuasjUpv5zVTC/DS4K0dhzYTPnRwdU4pBqCyXX3jaOgoyLlWod13Ak+8z6kViAi6OpUjRfkzza44mHIbecexHQDFfZRVhjdKoaAmgJKgmaoc1wfzkNLfsfhQqpGLxmrxeRoWlPnDMmZp+M77Ky08x8YssZWynE82HyKU57hVPoqT22ITawNFxR81jSYqhoVQ5LjZKhYgAXr1ZmBTCTvRskRC4vd8M11l1RpNtZaEk38RdNvoJMDpn4JEFqOfmNQKeEUxBGpRlzuTZ6IxcjYsmAP2Sz54FU05ncKliLw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM8PR11MB5606.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(54906003)(71200400001)(8936002)(66946007)(33656002)(83380400001)(66476007)(64756008)(86362001)(5660300002)(66446008)(76116006)(4326008)(2906002)(66556008)(7696005)(9686003)(316002)(52536014)(6506007)(508600001)(8676002)(110136005)(26005)(53546011)(38100700002)(55016002)(186003)(122000001)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BqjNrfZHydF70fWG8mre34A5tlZDXgGdE+cOvG9ZtkVw2fDEOssAHOLb4ZxxWlPFwEWJq12H3qmMDh/g4lqbyTufk++vv9HW1SIJSXfsD+Zek4gcRpyb2hYowWGLzjUQfwVFZhww2rI+dxO/HDLDfwY5Yi91cndreLKMbCnc8bslzal7FZo8UKZNIfR3BKL3tGO1za7s86fWAumGw8LML3cTSm56C2rhrGI0HEgLEelFs4utkHrK3sB4JBqEpPJ/gxKqyHMVVJs2AWwBXkIQhHwknOjfNwkrs54zQRrOTVs5LDjs3Lm5ShovKrfP7NH4IpieCNpFIBqhZCSw7iSKhydrLaeNBBH4cR4brQJhwQlUbyiPH5QHb+lKiqHL1U9lmqQGaaJdQwX/pObbj/vd3TBthpmd2A8I7ibof/BaacnWnTCvn1UPP29LyImHrjjeO8NOXyUsOvz5jcUtEhkvoF18W++4dbB5I9UvHF1TjwednaTJdd20qleoVvRP/OU3k7+MEebjF+U9hptYKr3pt4VQ56f6Jzduzg/FCCcR2suaQUGmNOE2oO2LcvjED3B8Yqz9qTCSur/pR6tit6jN6gRuB+jnwmTvjGcH8Lo57QJdUbybP8bNY/i6XUbr3oTq0GG3ygrtZiLjeuGp6cQwNMl1jZAyR1gvtJT0Q7jOZ1jK19ZfPnW+Ac+6kGY9ING9zb4ypcasNpN0SrAWZH7Cqhx3dAYISnrUibhSI1yhWCDv/JGb+GlWySuN+ui8S65de807huaL1BvZJlzHjZM2GzswiSguATudeHPuRbTq12E+I1M4ruTKG+YmTwH5FsT14sbhFproQH6lXqH3YSSJMyEIC+95waNKerjnRiH+fQvk97w5wYc6L9Kjm3Km+PiFesW8Lpke5sIYE+1RCu46j5wrcEEipf9xTI6k3pq6U01cL3zrnJa2U01YavT0wgo94zeQ74nqdR1x56SPBEZ49L1kJfcAcz6QyDmweS/yWnuHuj6oND62AtPxmUORgJ7cifKfbvZ6EdStFyANwWsJ2uUAMwlsAqyMsFT8Wo0bmfvBIOQFtaF+Lg1anHrkLsJUXmVj0xExge3u2VPF48Ne55Ap1/XxibMwvUaSmbH0B+6ZYocpjuHIscFT9rGEc/hYWJPrANGSqMlf6EYDyTuPV7ih1BibGTm9p0rMXGkaDTK8A2eNnB2+amzc7hZs4PZhuJenF7OFwTt1FBbRrMHpn5BPRrmie1KmUrCfwmnn209DeJx0J6L5W/EusmEmo40+tgmB4IsSJaoYEJkOvf8qjh6pxdDFHMExbeJ/Oc0AwOZ6pBTHf1A8tsS4qT75p6Jj
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR11MB5606.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 820f2b3d-68a5-4510-071b-08d97f36e2a2
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 08:39:55.4696 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IBqQ7/s8HSg6+WsLMNjsNBLqrX7dotoN+jEwqpiKLOMVCYogbFNdSXgA/I6lWI4nexq1lWThUKLX4Q9T3lKIlg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR11MB5592
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.22, xbe-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/9I8qiFga2BryMXl6V4btAszkgi4>
Subject: Re: [sfc] [Last-Call] Secdir last call review of draft-ietf-sfc-proof-of-transit-08
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2021 08:40:05 -0000
Hi Christian, Thanks a lot for the detailed follow-up. Please see inline. > -----Original Message----- > From: Christian Huitema <huitema@huitema.net> > Sent: Thursday, 23 September 2021 22:13 > To: Frank Brockners (fbrockne) <fbrockne@cisco.com>; secdir@ietf.org > Cc: shwetha.bhandari@gmail.com; last-call@ietf.org; Youell, Stephen > <stephen.youell@jpmorgan.com>; sfc@ietf.org; draft-ietf-sfc-proof-of- > transit.all@ietf.org > Subject: Re: [Last-Call] Secdir last call review of draft-ietf-sfc-proof-of-transit- > 08 > > > On 9/23/2021 12:31 PM, Frank Brockners (fbrockne) wrote: > > Hi Christian, > > > > Thanks a lot for your detailed review. Please see inline. > > > >> -----Original Message----- > >> From: Christian Huitema via Datatracker <noreply@ietf.org> > >> Sent: Monday, 20 September 2021 05:48 > >> To: secdir@ietf.org > >> Cc: draft-ietf-sfc-proof-of-transit.all@ietf.org; last-call@ietf.org; > >> sfc@ietf.org > >> Subject: Secdir last call review of > >> draft-ietf-sfc-proof-of-transit-08 > >> > >> Reviewer: Christian Huitema > >> Review result: Serious Issues > >> > >> I have reviewed this document as part of the security directorate's > >> ongoing effort to review all IETF documents being processed by the > >> IESG. These comments were written primarily for the benefit of the security > area directors. > >> Document editors and WG chairs should treat these comments just like > >> any other last call comments. > >> > >> This document proposes a security mechanism to prove that traffic > >> transited through all specified nodes in a path. The mechanism works > >> by adding a short option to each packet for which transit shall be > >> verified. The option consists of a random number set by the > >> originator of the packet, and a sum field to which each transit node > >> adds a value depending on public parameters, on the random number and > >> on secrets held by the node. The destination has access to all the > >> secrets held by the nodes on the path, and can verify whether or not > >> the final sum corresponds to the sum of expected values. The proposed size > of the random number and the sum field is 64 bits. > >> > >> In the paragraph above, I described the mechanism without mentioning > >> the algorithm used to compute these 64 bit numbers. The 64 bit size > >> is obviously a > >> concern: for cryptographic applications, 64 bits is not a large > >> number, and that might be a weakness whatever the proposed algorithm. > >> The actual algorithm appears to be a bespoke derivation of Shamir's > >> Secret Sharing algorithm (SSS). In other word, it is a case of "inventing your > own crypto". > > ...FB: SSS is a well know algorithm and draft-ietf-sfc-proof-of-transit does not > modify it. > > All draft-ietf-sfc-proof-of-transit does is to operationalize the SSS algorithm > for the proof of transit use case. > > > > Also note that the draft does not require the use of 64 bit numbers. > > Nor does draft require a minimum time between changing the secrets. > > What particular attack are you concerned about where 64 bit numbers are a > concern? > > > >> SSS relies on the representation of polynomials as a sum of Lagrange > >> Basis Polynomials. Each of the participating nodes holds a share of > >> the secret represented by a point on the polynomial curve. A > >> polynomial of degree K on the field of integers modulo a prime number > >> N can only be revealed if at list K+1 participants reveal the value > >> of their point. The safety of the algorithm relies on the size of the > >> number N and on the fact that the secret shall be revealed only once. > >> But the algorithm does not use SSS directly, so it deserves its own security > analysis instead of relying simply on Shamir's work. > >> > >> The proposed algorithm uses two polynomials of degree K for a path > >> containing > >> K+1 nodes, on a field defined by a prime number N of 64 bits. One of > >> K+the > >> polynomial, POLY-1, is secret, and only fully known by the verifying node. > >> The other, POLY-2 is public, with the constant coefficient set at a > >> random value RND for each packet. > >> > >> For each packet, the goal is compute the value of POLY-1 plus POLY-2 > >> at the point 0 -- that is, the constant coefficient of POLY-3 = POLY-1 + POLY- > 2. > >> > >> Without going in too much details, one can observe that the constant > >> coefficient of POLY-3 is equal to the sum of the constant > >> coefficients of POLY-1 and POLY-2, and that the constant coefficient > >> of POLY-2 is the value RND present in each packet. In the example > >> given in section 3.3.2, the numbers are computed modulo 53, the > >> constant coefficient of POLY-1 is 10, and the value RND is 45. The > >> final sum CML is indeed > >> 10 + 45 = 2 mod 53. > >> > >> To me, this appears as a serious weakness in the algorithm. If an > >> adversary can observe the value RND and CML for a first packet, it > >> can retrieve the constant coefficient of POLY-1, and thus can predict > >> the value of CML for any other packet. That does not seem very secure. > > ...FB: There seems to be a bit of confusion or misreading of how the method > works. In the above statement you seem to assume that the verifier would not > be part of the proof-chain, so that the final CML value would be somehow > exposed to an external entity along with RND. This is not the case. The verifier is > the last node (k+1) in the proof-chain. > > > > At concept level, the method reconstructs the polynomial hop by hop, picking > up a point on the curve at every hop. Only final node in the proof-chain, which is > also the verifier, acts on the information of all the k+1 points and as such is able > to reconstruct the polynomial. > > > > In section 3.2.1, the draft explicitly states that the verifier *is* part of the > proof-chain: "Each of the k+1 nodes (including verifier) are assigned a point on > the polynomial i.e., shares of the SECRET." The fact that the verifier, i.e., the last > node in the proof-chain ("k+1"), can retrieve the secret, is desired and > intentional, because the verifier needs to compare the result of the iterative > construction of the secret with the secret value it received from the controller. > This is how the system is designed, and the calculation of (10+45) mod 53 = 2 is > part of the verification. > > OK. That's slightly less bad. But it is still very bad crypto, because you are > effectively doing a linear combination. > > You are evaluating POLY-3 = POLY-1 + POLY-2 > > POLY-2 can be written as POLY-2 = RND + POLY-2-NC, in which POLY2-NC only > contains the non constant terms -- that is, POLY-2-NC(0) = 0 > > Then for any point X, we get POLY-3(X) = POLY-1(X) + POLY2-NC(X) + RND For a > given value Xj of X, this means we can express : POLY-3(Xj) = Vj + RND In which Vj > is a constant term = POLY-1(Xj) + POLY2-NC(Xj) > > Each node will increment the cumul by the value LPCj * POLY-3(Xj) = LPCj > * (Vj + RND) > > Suppose that an adversary can observe the value of CML before and after being > incremented by node Xj. Suppose that it could do that twice. Then it has the > values: > > CML1-before-j = C1b > CML1-after-j = C1a > D1 = C1a - C1b = LPCj * (Vj + RND1) > > CML1-before-j = C2b > CML1-after-j = C2a > D2 = C2a - C2b = LPCj * (Vj + RND2) > > D2-D1 = LPCj*(RND2-RND1) > > LPCj = (RND2-RND1)/(D2-D1) > Vj = D2/LPCj - RND2 > > The inverse of numbers modulo a prime P is easily computed -- see Fermat's > little theorem. > > Once the input and output of a node have been observed twice, it becomes easy > to update the cumulative sum CML while bypassing these nodes. ...FB: This is great. Thanks for spelling out the details. You raise a good point: For the solution to make sense, we need to ensure that an attacker cannot observe the input and output of a node. To ensure this does not happen, we must require the communication to/from the node to be encrypted, e.g., through link layer encryption of at least the proof-of-transit data fields. We'll add this requirement to the draft - and also detail the threat you describe above in detail in the security considerations section. Thanks again, Frank > > The scheme described in the draft is definitely not equivalent to SSS. > It boils down to linear combinations of coefficients, and it is not secure. > > -- Christian Huitema > > > > >
- [sfc] Secdir last call review of draft-ietf-sfc-p… Christian Huitema via Datatracker
- Re: [sfc] Secdir last call review of draft-ietf-s… Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Christian Huitema
- Re: [sfc] [Last-Call] Secdir last call review of … Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Christian Huitema
- Re: [sfc] [Last-Call] Secdir last call review of … Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Christian Huitema
- Re: [sfc] [Last-Call] Secdir last call review of … Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Joel M. Halpern
- Re: [sfc] [Last-Call] Secdir last call review of … Martin Vigoureux