Re: [sfc] [Last-Call] Secdir last call review of draft-ietf-sfc-proof-of-transit-08
"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Fri, 24 September 2021 08:40 UTC
Return-Path: <fbrockne@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 051303A1ECC;
Fri, 24 Sep 2021 01:40:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.596
X-Spam-Level:
X-Spam-Status: No, score=-4.596 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001,
URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5]
autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=cisco.com header.b=XR+BNn5M;
dkim=pass (1024-bit key)
header.d=cisco.onmicrosoft.com header.b=l8cjw1us
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IN3yajcLkdec; Fri, 24 Sep 2021 01:40:00 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74])
(using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 3A4843A1ECB;
Fri, 24 Sep 2021 01:40:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=cisco.com; i=@cisco.com; l=11714; q=dns/txt;
s=iport; t=1632472800; x=1633682400;
h=from:to:cc:subject:date:message-id:references:
in-reply-to:content-transfer-encoding:mime-version;
bh=MQhIe2rBH11ItEkDcgT9995M1PC+vK+bkVNmKSMZ7ZU=;
b=XR+BNn5MrOg28KcLPxZSlQUGpQenqp5NAhPtrH49nRpzPHQKkg+ndQqe
oU5r37wwEEJ8guDnqJq4WR19e7ZDSAmCa911sGwJ220Z9TA52R7tV9lLO
5UrAY7KH4q+lSWSOB/sRIKwxhLwUd2rAIDtqlljvMrDcy+nnNv8KOqkID c=;
IronPort-PHdr: =?us-ascii?q?A9a23=3At2SspxfxZObcxfrNnQcnzrYplGM/U4qcDmcuA?=
=?us-ascii?q?tIPi69Pbqmm9tLkMVCMrflujVqcW4Ld5roEjufNqKnvVCQG5orJq3ENdpFAF?=
=?us-ascii?q?npnwcUblgAtGoiJXEv8KvO5bzE7AMlHXRlj8m3oeURQEdz1MlvVpHD65DUOG?=
=?us-ascii?q?xL5YAxyIOm9GoPbg8mtke6o/JiGaARTjz37arR3f32L?=
IronPort-Data: =?us-ascii?q?A9a23=3AmCkekapftDkEZqsUJYFteZzVF0teBmJMZBIvg?=
=?us-ascii?q?KrLsJaIsI4StFCztgarIBmHPP7fZzCmeY1+a4/k9hwF7J+Dztc1SwBlqXs3F?=
=?us-ascii?q?XxEp+PIVI+TRqvS04x+DSFioHqKZKzyU/GYRCwPZiKa9krF3oTJ9yEmjPnZH?=
=?us-ascii?q?OakUYYoBwgoLeNaYHZ54f5cs7ZRbr5A2bBVMivV0T/Ai5S31GyNg1aYBlkpB?=
=?us-ascii?q?5er83uDihhdVAQw5TTSbdgT1LPXeuJ84Jg3fcldJFOgKmVY83LTegrN8F251?=
=?us-ascii?q?juxExYFENiplPPwdVcHB+6UNgmVgX0QUK+n6vRAjnVtieBga7xNMgEO12nhc?=
=?us-ascii?q?9NZkL2hsbS+Qx0uNa7KlcwWUgJTFGd1OqguFLrvcCHm7ZDKnhaYG5fr67A0Z?=
=?us-ascii?q?K0sBqUb4OdsAWdHs+cRMzAEaBOriOe/wbb9Qe5p7uwvNsDlIMYet21uiCrXB?=
=?us-ascii?q?rM+W5fETeDN65pExj42ncFSW//aY+IYZCZhKhPabHVnIVkcIJMzgOnugWPwG?=
=?us-ascii?q?xVDtF+NpacxpXnU0QF11JDvKN/SYNODQ4NemUPwjmbP5Hi8CRgeMPSexCaLt?=
=?us-ascii?q?HW2iYfnhiPkVZ4SHfuy9vdsjFSJx0QcDRQXUR2wpvzRolWzUN5eMWQV9zYg6?=
=?us-ascii?q?68o+ySDTsT8QxC9qVaEox8AVt9ZVes39GmwJgD8i+qCLnIPQjgEY9s8uYpmA?=
=?us-ascii?q?zcrzVSO2djuAFRSXHSuYSr13t+pQfmaYED59VM/WBI=3D?=
IronPort-HdrOrdr: =?us-ascii?q?A9a23=3ARqxcFa5T8fLd2eoTRQPXwZCCI+orL9Y04l?=
=?us-ascii?q?Q7vn2ZFiY1TiXIra6TdaoguiMc0AxhJ03Jmbi7Sc69qADnhOBICO4qTPeftW?=
=?us-ascii?q?jdySqVxeRZjbcKrAeQYBEWmtQtsJuINpIOdOEYbmIKzvoSgjPIaerIqePvmM?=
=?us-ascii?q?vD6IuurAYOcegpUdAc0+4TMHf8LqQCfng/OXNPLuvk2iMonUvFRV0nKuCAQl?=
=?us-ascii?q?UVVenKoNPG0Lj8ZwQdOhIh4A6SyRu19b/TCXGjr1UjegIK5Y1n3XnOkgT/6K?=
=?us-ascii?q?nmmeq80AXg22ja6IkTsMf9y+FEGNeHhqEuW3DRY0eTFcBcso+5zXYISdKUmQ?=
=?us-ascii?q?8XeR730k8d1vFImjTsl6eO0EDQMkfboWwTAjTZuC6laDPY0LzErXQBepd8bU?=
=?us-ascii?q?YzSGqH16Lm1+sMjJ6jlljpxKZ/HFfOmj/w6MPPUAwvnk2ooWA6mepWlHBHV5?=
=?us-ascii?q?ACAYUh4LD30XklW6voJhiKorzP0dMee/309bJTaxeXfnrZtm5gzJilWWkyBA?=
=?us-ascii?q?6PRgwHttaO2zZbkXhlxw9ArfZv0Uso5dY4Ud1J9u7EOqNnmPVHSdIXd7t0AK?=
=?us-ascii?q?METdGsAmLATBrQOCaZIEjhFqsAJ3XRwqSHrIkd9aWvYtgF3ZEykJPOXBdRsn?=
=?us-ascii?q?MzYVvnDYmU0JhC4nn2MS2AtPTWu4hjDr1Cy/PBrZbQQFi+oWEV4r2dSq8kc7?=
=?us-ascii?q?/mst6ISeZrP8M=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BoCABXjk1h/5BdJa1aHAEBAQEBAQc?=
=?us-ascii?q?BARIBAQQEAQFAgVmBU1EHgVE3MYRHg0gDhTmFY4IlA4ETiVuFHopUgUKBEQN?=
=?us-ascii?q?UCwEBAQ0BAUEEAQGEfQIXgi8CJTgTAQIEAQEBEgEBBQEBAQIBBgSBEROFaA2?=
=?us-ascii?q?GQgEBAQECARIREQwBATcBCwQCAQgRBAEBAQICJgICAh8RFQgIAgQBDQUIEwe?=
=?us-ascii?q?FJQMOIQFQoncBgToCih96gTGBAYIIAQEGBASFCg0LgjUJgRAqgwCEFoRDgQ6?=
=?us-ascii?q?BHwgfHIFJRIEVQ3mBNwcwPoIhgWZAFYMBN4IuiUZqAQMNDhQUMgklKQYGE2s?=
=?us-ascii?q?MBAEMBwUyAQcRkTiDDwFGjR+aXF4Kgy2YeQSGABSDZ4tolzqWIIIejWSQAys?=
=?us-ascii?q?jDIRXAgQCBAUCDgEBBoEwSCSBWXAVO4JpURkPjiCDcopedDgCBgsBAQMJkiw?=
=?us-ascii?q?BAQ?=
X-IronPort-AV: E=Sophos;i="5.85,319,1624320000"; d="scan'208";a="911441936"
Received: from rcdn-core-8.cisco.com ([173.37.93.144])
by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA;
24 Sep 2021 08:39:58 +0000
Received: from mail.cisco.com (xbe-rcd-007.cisco.com [173.37.102.22])
by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 18O8dwF9028361
(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK);
Fri, 24 Sep 2021 08:39:58 GMT
Received: from xfe-aln-002.cisco.com (173.37.135.122) by xbe-rcd-007.cisco.com
(173.37.102.22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 24 Sep
2021 03:39:57 -0500
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xfe-aln-002.cisco.com
(173.37.135.122) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 24 Sep
2021 03:39:57 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by
xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15
via Frontend Transport; Fri, 24 Sep 2021 04:39:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=aF8vP7Y0x9yQ/frJsnEKFKAo9M8IS57RW6LjshBDH+iYULn47zXAOR4rzAI0pJ9sCuzf8E4xD5USLmjveajOjnSnrbaAXlEKupwR5azCwp7tciEH5FmvHcTzTjxJTN/lSFqBRdx5jvCsoIs6FjabNn3RKGYqrbyPB1OAWIBe5sFCewUUp5XLpcXTnMPmkpf7VsOnno78rBLKDyxeak1T0tychFaxvo02gKBAAdoumrMK9c+YMUKfYfqAJQ5X0m2hgma9yv7QEwLReoyx9F8g8u6am+bUEnNQE6DCaiQanhMO3Ui9aziX2vL5Shaqtejckt4aEeU/i81T+GXvP60q+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=MQhIe2rBH11ItEkDcgT9995M1PC+vK+bkVNmKSMZ7ZU=;
b=OfEln7CJofOWeDqrtDTe+i9gl4wBnNMZVMF8GAtjYTbizCjBd9G+43IBvuCLF+DCCPxN/UiphjWUHOo9T+Ws3MImN1BUgUgul3Jh1DZFX/JiME83Iw5M8f3TOa//Ok3CcUDFk2AkPxq+/buO9iYEsIs9pwr98Z7V7Ed1b5fntNvxTDT8roj6lhO7lKN9OF3Pja9gd2anfHFpwziFcdiejvo8hcMWtH8tiQyLQHB+8Vd83Ui+zPnv/e6FpWckA18zF9j8qFQRO+sMlD3oHFM0Smqn7m95mg5wypOjgawSUIkqu0mewqXnDxb6uGWhPSDhVT64GnSe0YoI2kwh0Scegg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com;
dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com;
s=selector2-cisco-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=MQhIe2rBH11ItEkDcgT9995M1PC+vK+bkVNmKSMZ7ZU=;
b=l8cjw1uss7BVGOzxvrnvQ/AGsHcrR7QGaoFRP/J1H4pwV9NnNyc/oS1GOYgV47sfsQssR2GlCHBOLu5yMQaSONAn0PFqD1eku4aDLPD4oNWM376aj/eYK28Bb3PDxGrWLUfa4niwov2z0LQVZVQfkQmzJzKNJ8cJAFGcqeCmra0=
Received: from DM8PR11MB5606.namprd11.prod.outlook.com (2603:10b6:8:3c::23) by
DM8PR11MB5592.namprd11.prod.outlook.com (2603:10b6:8:35::6) with
Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4544.13; Fri, 24 Sep 2021 08:39:55 +0000
Received: from DM8PR11MB5606.namprd11.prod.outlook.com
([fe80::2544:292:4ad5:dd65]) by DM8PR11MB5606.namprd11.prod.outlook.com
([fe80::2544:292:4ad5:dd65%3]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021
08:39:55 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: Christian Huitema <huitema@huitema.net>, "secdir@ietf.org"
<secdir@ietf.org>
CC: "shwetha.bhandari@gmail.com" <shwetha.bhandari@gmail.com>,
"last-call@ietf.org" <last-call@ietf.org>, "Youell, Stephen"
<stephen.youell@jpmorgan.com>, "sfc@ietf.org" <sfc@ietf.org>,
"draft-ietf-sfc-proof-of-transit.all@ietf.org"
<draft-ietf-sfc-proof-of-transit.all@ietf.org>, "krishna.sashank@gmail.com"
<krishna.sashank@gmail.com>
Thread-Topic: [Last-Call] Secdir last call review of
draft-ietf-sfc-proof-of-transit-08
Thread-Index: AQHXrdJnjOHuO4fhnU+wPCtBTLa6aaux/B8wgAAXGgCAAMvnUA==
Date: Fri, 24 Sep 2021 08:39:55 +0000
Message-ID: <DM8PR11MB56061C0D02BC169F39D41407DAA49@DM8PR11MB5606.namprd11.prod.outlook.com>
References: <163210969860.31323.5718880916818308072@ietfa.amsl.com>
<DM8PR11MB5606222AA0739CE8093A6777DAA39@DM8PR11MB5606.namprd11.prod.outlook.com>
<7329d9eb-3597-0006-dbc5-892a4ada74ab@huitema.net>
In-Reply-To: <7329d9eb-3597-0006-dbc5-892a4ada74ab@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huitema.net; dkim=none (message not signed)
header.d=none;huitema.net; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 820f2b3d-68a5-4510-071b-08d97f36e2a2
x-ms-traffictypediagnostic: DM8PR11MB5592:
x-microsoft-antispam-prvs: <DM8PR11MB5592B1304F8A6C4A4AEF8358DAA49@DM8PR11MB5592.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: J3HOazatDpyNtXCZcNdkC0n4bzzRSKR7kweEYYGQT2oqW+aBNr1PlO1UV5j/AeIyAzAq4AEfCYkoHWEHKZcpOJSgDIZNidh85axd46/WDn/inVrQIiX6lT1eSooS6giZDUuCD5Qj8fvveqdLy3uqzy4GCLzc5YlzSlOkVTVfrwlv7nd/1b9qwRtxgA5Ycx8Xm+FFIZp2ykVgJmig6bYfRh/RcHIZx7KXE580h608FLx+cTsm3q9oKaRAKoqd1CCMqVBfgPnpZrq0+wZAZs2PR/w4KUUX7akrAGyVLOqx8k1A2yrTgynFdICIqzWuTdLT6L7ZsqZ6ctjRx1p0Eh1msAZeFLIeNGgocD0YR81e3xy5y4gx1F9sVOQke/ABMCfr5ZORy5i/jLWLvZFmJXZpCGL6CEyAN7YIyYbTaJp5dpp49+3GuasjUpv5zVTC/DS4K0dhzYTPnRwdU4pBqCyXX3jaOgoyLlWod13Ak+8z6kViAi6OpUjRfkzza44mHIbecexHQDFfZRVhjdKoaAmgJKgmaoc1wfzkNLfsfhQqpGLxmrxeRoWlPnDMmZp+M77Ky08x8YssZWynE82HyKU57hVPoqT22ITawNFxR81jSYqhoVQ5LjZKhYgAXr1ZmBTCTvRskRC4vd8M11l1RpNtZaEk38RdNvoJMDpn4JEFqOfmNQKeEUxBGpRlzuTZ6IxcjYsmAP2Sz54FU05ncKliLw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:DM8PR11MB5606.namprd11.prod.outlook.com; PTR:; CAT:NONE;
SFS:(366004)(54906003)(71200400001)(8936002)(66946007)(33656002)(83380400001)(66476007)(64756008)(86362001)(5660300002)(66446008)(76116006)(4326008)(2906002)(66556008)(7696005)(9686003)(316002)(52536014)(6506007)(508600001)(8676002)(110136005)(26005)(53546011)(38100700002)(55016002)(186003)(122000001)(38070700005);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?QnFqTnJmWkh5ZEY3MGZXRzhtcmUzNEE1dGxaRFhnR2RFK2NPdkc5WnRrVncy?=
=?utf-8?B?ZkRFT3NzQUhPTGI0Wnh4V2xQRndFV0pxMTJIM3FtTURoL2c0bHFieVR1Zmsr?=
=?utf-8?B?K3Z2OUhXMVNJSlNYZnNEK1plazRnY1JweWIyaFlvd1dHTHpqVVFmd1ZGWmh3?=
=?utf-8?B?dzJySStkeE8vSERMRGZ3WTVZaTkxY25kcmVMS01iQ25jOGJzbHphbDdGWm84?=
=?utf-8?B?VUtaTklmUjNCS0wzdEdPMXphN3M4NmZXQXVtR3c4TE1MM2NUU201NkMycmhy?=
=?utf-8?B?R0kwSEVnTEVlbEZzNHV0a0hySzNzQjRKQnFFcFBKL2d4S3F5SE1WVkpzMkFX?=
=?utf-8?B?d0JYa0lRaEh3a25PamZOd2tyczU0elFSck9UVnM1TERqczNMbTVTaG92S3Jm?=
=?utf-8?B?UDdOSDRJcGllQ05wRklCcWhaQ1N3N2lTS2h5ZHJMYWVOQkJINGNSNGJyUUpo?=
=?utf-8?B?d1FsVWJ5aVBINVFIYitsS2lxSEwxVTlsbXFRR2FhSmRRd1gvcE9iYmovdmQz?=
=?utf-8?B?VEJ0aHBtZDJBOEk3aWJvZi9CYWFjblduVEN2bjFVUFAyOUx5SW1IcmpqZU84?=
=?utf-8?B?Tk9YeVVzT3Z6NWpjVXRFaGt2b0YxOFcrKzRkYkI1STlVdkhGMVRqd2VkbmFU?=
=?utf-8?B?SmRkMjBxbGVvVnZSUC9PVTNrNytNRWViakYrVTlocHRZS3IzcHQ0VlE1NmY2?=
=?utf-8?B?SnpkdXpnL0ZDQ2NSMnN1YVFVR21OT0Uyb08yTGN2akVEM0I4WXF6OXFUQ1N1?=
=?utf-8?B?ci9wUjZ0aXQ2ak42Z1J1QitqbndtVHZqR2NIOExvNTdRSmRVYnliUDhiTlkv?=
=?utf-8?B?aTZYVWJyM29UcTBHRzN5Z3J0WmlMamV1R3A2Y1F3Tk1sMWpaQXlSMWd2dEpU?=
=?utf-8?B?MFE3ak9aMWpLMTlaZlBuVytBYys2a0dZOUlORzl6YjR5cGNhc05wTjBTckFX?=
=?utf-8?B?Wkg3Q3FoeDNkQVlJU25yVWliaFNJMXloV0NEdi9KR2IrR2xXeVN1Tit1aThT?=
=?utf-8?B?NjVkZTgwN2h1YUwxQnZaSmx6SGpaTTJHenN3aVNndUFUdWRlSFB1UmJUcTEy?=
=?utf-8?B?RStJMU00cnVUS0crWW1Ud0g1RnNUMTRzYmhGcHJvUUg2bFhxSDNZU1NKTXlF?=
=?utf-8?B?SUMrOTV3YU5LZXJqblJpSCtmUXZrOTd3NXdZYzZMOUtqbTNLbStQaUZlc1c4?=
=?utf-8?B?THBrZTVzSVlFKzFSQ3U0Nmo1d3JjRUVpcGY5eFRJNmszcHE2VTAxY0wzenJu?=
=?utf-8?B?SmEyVTAxWWF2VDB3Z285NHplUTc0bnFkUjF4NTZTUEJFWjQ5TDFrSmZjQWN6?=
=?utf-8?B?NlF5RG13ZVMveVdudUh1ajZvTkQ2MkF0UHhtVU9SZ0o3Y2lmS2Zidlo2RWRT?=
=?utf-8?B?dEZ5QU53V3NKMnVVQU13bHNBcXlNc0ZUOFdvMGJtZnZCSU9RRnRhRitMZzFh?=
=?utf-8?B?bkhya0xzSlVYbVZqMHhFeGdlM3UyVlBGNDhOZTU1QXAxL1h4aWJNd3ZVYVNt?=
=?utf-8?B?YkgwQis2WllvY3BqdUhJc2NGVDlyR0VjL2hZV0pQckFOR1NxTWxmNkVZRHlU?=
=?utf-8?B?dVBWN2loMUJpYkdUbTlwMHJNWEdrYURUSzhBMmVObkIyK2FtemM3aFpzNFBa?=
=?utf-8?B?aHVKZW5GN09Gd1R0MUZCYlJyTUhwbjVCUFJybWllMUttVXJDZndtbm4yMDlE?=
=?utf-8?B?ZUp4MEo2TDVXL0V1c21FbW80MCt0Z21CNElzU0phb1lFSmtPdmY4cWpoNnB4?=
=?utf-8?Q?dDFHMExbeJ/Oc0AwOZ6pBTHf1A8tsS4qT75p6Jj?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR11MB5606.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 820f2b3d-68a5-4510-071b-08d97f36e2a2
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 08:39:55.4696 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IBqQ7/s8HSg6+WsLMNjsNBLqrX7dotoN+jEwqpiKLOMVCYogbFNdSXgA/I6lWI4nexq1lWThUKLX4Q9T3lKIlg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR11MB5592
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.22, xbe-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/9I8qiFga2BryMXl6V4btAszkgi4>
Subject: Re: [sfc] [Last-Call] Secdir last call review of
draft-ietf-sfc-proof-of-transit-08
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2021 08:40:05 -0000
Hi Christian, Thanks a lot for the detailed follow-up. Please see inline. > -----Original Message----- > From: Christian Huitema <huitema@huitema.net> > Sent: Thursday, 23 September 2021 22:13 > To: Frank Brockners (fbrockne) <fbrockne@cisco.com>om>; secdir@ietf.org > Cc: shwetha.bhandari@gmail.com; last-call@ietf.org; Youell, Stephen > <stephen.youell@jpmorgan.com>om>; sfc@ietf.org; draft-ietf-sfc-proof-of- > transit.all@ietf.org > Subject: Re: [Last-Call] Secdir last call review of draft-ietf-sfc-proof-of-transit- > 08 > > > On 9/23/2021 12:31 PM, Frank Brockners (fbrockne) wrote: > > Hi Christian, > > > > Thanks a lot for your detailed review. Please see inline. > > > >> -----Original Message----- > >> From: Christian Huitema via Datatracker <noreply@ietf.org> > >> Sent: Monday, 20 September 2021 05:48 > >> To: secdir@ietf.org > >> Cc: draft-ietf-sfc-proof-of-transit.all@ietf.org; last-call@ietf.org; > >> sfc@ietf.org > >> Subject: Secdir last call review of > >> draft-ietf-sfc-proof-of-transit-08 > >> > >> Reviewer: Christian Huitema > >> Review result: Serious Issues > >> > >> I have reviewed this document as part of the security directorate's > >> ongoing effort to review all IETF documents being processed by the > >> IESG. These comments were written primarily for the benefit of the security > area directors. > >> Document editors and WG chairs should treat these comments just like > >> any other last call comments. > >> > >> This document proposes a security mechanism to prove that traffic > >> transited through all specified nodes in a path. The mechanism works > >> by adding a short option to each packet for which transit shall be > >> verified. The option consists of a random number set by the > >> originator of the packet, and a sum field to which each transit node > >> adds a value depending on public parameters, on the random number and > >> on secrets held by the node. The destination has access to all the > >> secrets held by the nodes on the path, and can verify whether or not > >> the final sum corresponds to the sum of expected values. The proposed size > of the random number and the sum field is 64 bits. > >> > >> In the paragraph above, I described the mechanism without mentioning > >> the algorithm used to compute these 64 bit numbers. The 64 bit size > >> is obviously a > >> concern: for cryptographic applications, 64 bits is not a large > >> number, and that might be a weakness whatever the proposed algorithm. > >> The actual algorithm appears to be a bespoke derivation of Shamir's > >> Secret Sharing algorithm (SSS). In other word, it is a case of "inventing your > own crypto". > > ...FB: SSS is a well know algorithm and draft-ietf-sfc-proof-of-transit does not > modify it. > > All draft-ietf-sfc-proof-of-transit does is to operationalize the SSS algorithm > for the proof of transit use case. > > > > Also note that the draft does not require the use of 64 bit numbers. > > Nor does draft require a minimum time between changing the secrets. > > What particular attack are you concerned about where 64 bit numbers are a > concern? > > > >> SSS relies on the representation of polynomials as a sum of Lagrange > >> Basis Polynomials. Each of the participating nodes holds a share of > >> the secret represented by a point on the polynomial curve. A > >> polynomial of degree K on the field of integers modulo a prime number > >> N can only be revealed if at list K+1 participants reveal the value > >> of their point. The safety of the algorithm relies on the size of the > >> number N and on the fact that the secret shall be revealed only once. > >> But the algorithm does not use SSS directly, so it deserves its own security > analysis instead of relying simply on Shamir's work. > >> > >> The proposed algorithm uses two polynomials of degree K for a path > >> containing > >> K+1 nodes, on a field defined by a prime number N of 64 bits. One of > >> K+the > >> polynomial, POLY-1, is secret, and only fully known by the verifying node. > >> The other, POLY-2 is public, with the constant coefficient set at a > >> random value RND for each packet. > >> > >> For each packet, the goal is compute the value of POLY-1 plus POLY-2 > >> at the point 0 -- that is, the constant coefficient of POLY-3 = POLY-1 + POLY- > 2. > >> > >> Without going in too much details, one can observe that the constant > >> coefficient of POLY-3 is equal to the sum of the constant > >> coefficients of POLY-1 and POLY-2, and that the constant coefficient > >> of POLY-2 is the value RND present in each packet. In the example > >> given in section 3.3.2, the numbers are computed modulo 53, the > >> constant coefficient of POLY-1 is 10, and the value RND is 45. The > >> final sum CML is indeed > >> 10 + 45 = 2 mod 53. > >> > >> To me, this appears as a serious weakness in the algorithm. If an > >> adversary can observe the value RND and CML for a first packet, it > >> can retrieve the constant coefficient of POLY-1, and thus can predict > >> the value of CML for any other packet. That does not seem very secure. > > ...FB: There seems to be a bit of confusion or misreading of how the method > works. In the above statement you seem to assume that the verifier would not > be part of the proof-chain, so that the final CML value would be somehow > exposed to an external entity along with RND. This is not the case. The verifier is > the last node (k+1) in the proof-chain. > > > > At concept level, the method reconstructs the polynomial hop by hop, picking > up a point on the curve at every hop. Only final node in the proof-chain, which is > also the verifier, acts on the information of all the k+1 points and as such is able > to reconstruct the polynomial. > > > > In section 3.2.1, the draft explicitly states that the verifier *is* part of the > proof-chain: "Each of the k+1 nodes (including verifier) are assigned a point on > the polynomial i.e., shares of the SECRET." The fact that the verifier, i.e., the last > node in the proof-chain ("k+1"), can retrieve the secret, is desired and > intentional, because the verifier needs to compare the result of the iterative > construction of the secret with the secret value it received from the controller. > This is how the system is designed, and the calculation of (10+45) mod 53 = 2 is > part of the verification. > > OK. That's slightly less bad. But it is still very bad crypto, because you are > effectively doing a linear combination. > > You are evaluating POLY-3 = POLY-1 + POLY-2 > > POLY-2 can be written as POLY-2 = RND + POLY-2-NC, in which POLY2-NC only > contains the non constant terms -- that is, POLY-2-NC(0) = 0 > > Then for any point X, we get POLY-3(X) = POLY-1(X) + POLY2-NC(X) + RND For a > given value Xj of X, this means we can express : POLY-3(Xj) = Vj + RND In which Vj > is a constant term = POLY-1(Xj) + POLY2-NC(Xj) > > Each node will increment the cumul by the value LPCj * POLY-3(Xj) = LPCj > * (Vj + RND) > > Suppose that an adversary can observe the value of CML before and after being > incremented by node Xj. Suppose that it could do that twice. Then it has the > values: > > CML1-before-j = C1b > CML1-after-j = C1a > D1 = C1a - C1b = LPCj * (Vj + RND1) > > CML1-before-j = C2b > CML1-after-j = C2a > D2 = C2a - C2b = LPCj * (Vj + RND2) > > D2-D1 = LPCj*(RND2-RND1) > > LPCj = (RND2-RND1)/(D2-D1) > Vj = D2/LPCj - RND2 > > The inverse of numbers modulo a prime P is easily computed -- see Fermat's > little theorem. > > Once the input and output of a node have been observed twice, it becomes easy > to update the cumulative sum CML while bypassing these nodes. ...FB: This is great. Thanks for spelling out the details. You raise a good point: For the solution to make sense, we need to ensure that an attacker cannot observe the input and output of a node. To ensure this does not happen, we must require the communication to/from the node to be encrypted, e.g., through link layer encryption of at least the proof-of-transit data fields. We'll add this requirement to the draft - and also detail the threat you describe above in detail in the security considerations section. Thanks again, Frank > > The scheme described in the draft is definitely not equivalent to SSS. > It boils down to linear combinations of coefficients, and it is not secure. > > -- Christian Huitema > > > > >
- [sfc] Secdir last call review of draft-ietf-sfc-p… Christian Huitema via Datatracker
- Re: [sfc] Secdir last call review of draft-ietf-s… Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Christian Huitema
- Re: [sfc] [Last-Call] Secdir last call review of … Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Christian Huitema
- Re: [sfc] [Last-Call] Secdir last call review of … Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Christian Huitema
- Re: [sfc] [Last-Call] Secdir last call review of … Frank Brockners (fbrockne)
- Re: [sfc] [Last-Call] Secdir last call review of … Joel M. Halpern
- Re: [sfc] [Last-Call] Secdir last call review of … Martin Vigoureux