Re: [sfc] Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity-08: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Wed, 15 September 2021 22:53 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364133A175A; Wed, 15 Sep 2021 15:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvMrHrgOtIXi; Wed, 15 Sep 2021 15:52:58 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49C2A3A1757; Wed, 15 Sep 2021 15:52:57 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 18FMqnEx010883 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Sep 2021 18:52:54 -0400
Date: Wed, 15 Sep 2021 15:52:48 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
Cc: The IESG <iesg@ietf.org>, "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com" <gregimirsky@gmail.com>
Message-ID: <20210915225248.GB32645@kduck.mit.edu>
References: <163165592034.1346.4978645209515293884@ietfa.amsl.com> <13196_1631707218_6141E052_13196_110_22_787AE7BB302AE849A7480A190F8B9330354068BF@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <13196_1631707218_6141E052_13196_110_22_787AE7BB302AE849A7480A190F8B9330354068BF@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/BP2t9-I_GzUmXzUCEAEJzkaYPSc>
Subject: Re: [sfc] Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity-08: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 22:53:04 -0000
Hi Med, Thanks for taking the PR and making the further edits. I don't see any changes in §7.5, though -- is it really the expectation that any node that implements this specification at all is going to be required to expect that all incoming NSH-bearing messages include the new context header? That doesn't really seem deployable. -Ben On Wed, Sep 15, 2021 at 12:00:17PM +0000, mohamed.boucadair@orange.com wrote: > Hi Ben, > > The suggestions look good to me. > > I made some additional edits + added a pointer to the cfrg I-D. The full diff can be seen at: https://tinyurl.com/nsh-integrity-latest > > Will proceed with the submission of this version tomorrow. > > Many thanks for your effort. > > Cheers, > Med > > > -----Message d'origine----- > > De : Benjamin Kaduk via Datatracker [mailto:noreply@ietf.org] > > Envoyé : mardi 14 septembre 2021 23:45 > > À : The IESG <iesg@ietf.org> > > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org; > > sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com > > Objet : Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity- > > 08: (with COMMENT) > > > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-sfc-nsh-integrity-08: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > > criteria.html > > for more information about DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thanks for the updates in the -07 and -08; I think we found a reasonable > > way to address the issues that came up in my earlier review. > > > > I turned most of my comments into a github PR against > > https://github.com/boucadair/draft-ietf-sfc-nsh-integrity/ since that > > repo was referenced in previous responses to comments. The tip of the > > branch I forked off seems to have corresponded to only the -07, though, > > so I'm not sure if I should have gone somewhere else. (I made a > > separate first commit that just syncs down the -08 from the > > datatracker.) > > The PR is > > https://github.com/boucadair/draft-ietf-sfc-nsh-integrity/pull/6 and the > > actual "new" (non-08) changes are viewable via > > https://github.com/boucadair/draft-ietf-sfc-nsh- > > integrity/compare/99c6484fbe85af7179086ab243c88813e2b47b74..kaduk:kaduk- > > review?expand=1 > > > > Section 4.4 > > > > In order to accommodate deployments relying upon keying material per > > SFC/SFP and also the need to update keys after encrypting NSH data > > for a certain amount of time, this document uses key identifiers to > > unambiguously identify the appropriate keying material. Doing so > > addresses the problem of synchronization of keying material. > > > > I included a suggestion in my pull request, but I want to call out as a > > potentially significant change that the key identifier should identify > > not just the key material but also the algorithms that they key is to be > > used with. > > > > Section 5.1 > > > > Nonce Length: Carries the length of the Nonce. If the Context > > Headers are only integrity protected, "Nonce Length" is set to > > zero (that is, no "Nonce" is included). The "Nonce Length" can be > > set to zero depending on the encryption algorithm used to encrypt > > the Context Headers. > > > > I included this in my PR, but want to call out that this last sentence > > seems harmful. It seems vastly preferrable to have "the nonce length > > field is zero" indicate one specific thing, rather than having two > > different possibilities for that situation, as this text appears to do. > > I know that my earlier comments proposed a scenario where an AEAD might > > validly encrypt with a zero-length nonce, but I don't think we should > > support that at the cost of losing the clear signal that the encrypted > > context headers are (not) present. > > > > Section 7.3 > > > > Using the secret key (ENC_KEY) and authenticated encryption > > algorithm, the NSH imposer encrypts the Context Headers (as set, for > > example, in Section 3) and inserts the resulting payload in the "MAC > > and Encrypted Metadata" Context Header (Section 5). The entire > > Context Header carrying a sensitive metadata is encrypted (that is, > > including the MD Class, Type, Length, and associated metadata of each > > Context Header). > > > > I included some text in my pull request, but want to call out as > > important that this description does not specify what is to be used as > > the "additional authenticated data" AEAD input. (I assume the empty > > string is intended, though other choices are valid.) > > > > Section 7.5 > > > > When an SFC data plane element conforms to this specification, it > > MUST ensure that a "MAC and Encrypted Metadata" Context Header is > > included in a received NSH packet. [...] > > > > This doesn't quite seem like the right condition -- this text sounds > > like once you implement this context header you have to require that it > > appears in all incoming packets, which breaks interoperability with > > senders that don't produc this contxt header. > > > > Section 9 > > > > The secret key (K) must have an expiration time assigned as the > > latest point in time before which the key may be used for integrity > > protection of NSH data and encryption of Context Headers. Prior to > > the expiration of the secret key, all participating NSH-aware nodes > > SHOULD have the control plane distribute a new key identifier and > > associated keying material so that when the secret key is expired, > > those nodes are prepared with the new secret key. This allows the > > NSH imposer to switch to the new key identifier as soon as necessary. > > It is RECOMMENDED that the next key identifier and associated keying > > material be distributed by the control plane well prior to the secret > > key expiration time. > > > > I note that draft-irtf-cfrg-aead-limits offers some guidance on how > > often to rekey (though it gives data-based criteria, not time-based > > ones), if that is potentially relevant. > > > > > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. >
- [sfc] Benjamin Kaduk's No Objection on draft-ietf… Benjamin Kaduk via Datatracker
- Re: [sfc] Benjamin Kaduk's No Objection on draft-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's No Objection on draft-… mohamed.boucadair