IETF Logo Mail Archive

Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-nsh-integrity-06: (with DISCUSS and COMMENT)

mohamed.boucadair@orange.com Tue, 13 July 2021 16:54 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB9D73A0C99; Tue, 13 Jul 2021 09:54:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dczBK8xmUhmr; Tue, 13 Jul 2021 09:54:49 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76693A0C9C; Tue, 13 Jul 2021 09:54:48 -0700 (PDT)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr20.francetelecom.fr (ESMTP service) with ESMTPS id 4GPRZ96L9dz21Nd; Tue, 13 Jul 2021 18:54:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1626195281; bh=p0Iz1dTIHG7RC7rI7yOC7vr7vHNHZH9X9zGJwf0Bhvw=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=UivSF8sACPqEpq/bxr+sbk3c/GdtGYD27gmg/9pLa1SUmJ4OLAHugrjbRu2TMWE0J GFG5bnLHRa4CCl25FnT1LLXABUdC0ipJTNmgVRf605nPEDfv4OOT0ZOsn6fT2qacD7 qXEGOnRFXdzI8EYk8j4Ms4ec4U7e7O8JjSHhvg3hCGltvXsVB6oExolX6StjNa5ukp PfCJR7wLYM5tJZMbARVNM8v6LwXVRg/GQENl9IZOIPvgKzR+qXRnTs7Gr1yMHeWeOJ 5SDS5LT+b8e1B3zyDeZlCxAims1GPDVIGfj+7e2y4TNrrR9/jkUQaa+Yl6mgHx0DiS 9BHAvx3PNSIrA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr03.francetelecom.fr (ESMTP service) with ESMTPS id 4GPRZ95kSkzDq7V; Tue, 13 Jul 2021 18:54:41 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: =?utf-8?B?w4lyaWMgVnluY2tl?= <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com" <gregimirsky@gmail.com>
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgRGlzY3VzcyBvbiBkcmFmdC1pZXRmLXNmYy1uc2gt?= =?utf-8?Q?integrity-06:_(with_DISCUSS_and_COMMENT)?=
Thread-Index: AQHXd+EWUzPhovDiy06QVDjdApotHKtBE6GQ
Date: Tue, 13 Jul 2021 16:54:40 +0000
Message-ID: <15473_1626195281_60EDC551_15473_51_1_787AE7BB302AE849A7480A190F8B9330353BE8EC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162617866082.13596.2398814614966286542@ietfa.amsl.com>
In-Reply-To: <162617866082.13596.2398814614966286542@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/CpdjGh_htHmanBw4YR7pkMM76jY>
Subject: Re: [sfc] =?utf-8?q?=C3=89ric_Vyncke=27s_Discuss_on_draft-ietf-sfc-n?= =?utf-8?q?sh-integrity-06=3A_=28with_DISCUSS_and_COMMENT=29?=
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 16:54:54 -0000

Hi Eric, 

Thank you for the review. 

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Éric Vyncke via Datatracker [mailto:noreply@ietf.org]
> Envoyé : mardi 13 juillet 2021 14:18
> À : The IESG <iesg@ietf.org>
> Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org;
> sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com
> Objet : Éric Vyncke's Discuss on draft-ietf-sfc-nsh-integrity-06:
> (with DISCUSS and COMMENT)
> 
> Éric Vyncke has entered the following ballot position for
> draft-ietf-sfc-nsh-integrity-06: Discuss
> 
> When responding, please keep the subject line intact and reply to
> all email addresses included in the To and CC lines. (Feel free to
> cut this introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-
> criteria.html
> for more information about DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/
> 
> 
> 
> --------------------------------------------------------------------
> --
> DISCUSS:
> --------------------------------------------------------------------
> --
> 
> Thank you for the work put into this document.
> 
> Special thanks to Greg Mirsky for his shepherding especially about
> his summary of the WG consensus.
> 
> Please find below some blocking DISCUSS point (which should be easy
> to fix), some non-blocking COMMENT points (but replies would be
> appreciated), and one nit.
> 
> I hope that this helps to improve the document,
> 
> Regards,
> 
> -éric
> 
> == DISCUSS ==
> 
> I failed to spot the order of the operations for the integrity and
> confidentiality operations, e.g., I did not find on what the HMAC is
> computed:
> in the unencrypted or encrypted field ?

[Med] Isn't this covered by this text: 

   Using the secret key (K) and authenticated encryption algorithm, the
   NSH imposer encrypts the Context Headers (as set, for example, in
   Section 3), computes the message integrity for the target NSH data,
   and inserts the resulting payload in the "MAC and Encrypted Metadata"
   Context Header (Section 5).  The entire Context Header carrying a
   privacy-sensitive metadata is encrypted (that is, including the MD
   Class, Type, Length, and associated metadata of each Context Header).

> 
> -- Section 5.1 --
> What is the unit of "key length", I assume a length expressed in
> octets but it is not specified.

[Med] Yes. Fixed. Thank you for catching this. 

> 
> -- Section 7.2 --
> What is the "A" used in the HMAC computation ?

[Med] This is: Additional Authenticated Data (A) (mentioned in 4.2).

> 
> The formula specifies HMAC-SHA-256-128() but what if another HMAC is
> used ?

[Med] Please note that the text says: "can be illustrated as follows:". 

That is for illustration purposes. 

> Section 7.3 use MAC() which is more flexible.
> 
> As the MAC field is included in the integrity protected header,
> please specify the value of this field when computing the HMAC (I
> assume 0 but let's be clear)
> 
> -- Section 7.5 --
> What is the expected behavior when a NSH does not contain a "MAC and
> Encrypted Metadata" Context Header ? §1 hints to packet drop ?
> Should there be a local policy for this case ?

[Med] This is covered here: 

   It MUST log an error at least once per the
   SPI for which the "MAC and Encrypted Metadata" Context Header is
   missing.

> 
> 
> --------------------------------------------------------------------
> --
> COMMENT:
> --------------------------------------------------------------------
> --
> 
> 
> I second Alvaro's and Lars' point about formally updating RFC 8300.
> 
> Quite often in the text "privacy-sensitive metadata" is used but
> encryption is not only required for privacy but also to protect
> operational data from attackers (i.e., not linked to privacy), is
> there a real need to qualify "metadata" with "privacy-sensitive",
> i.e., "confidential metadata" may be more appropriate ?

[Med] We use this term because we can easily argue why we included statement such as:

 " In an SFC-enabled domain where the above attacks are possible, (1)
   NSH data MUST be integrity-protected and replay-protected, and (2)
   privacy-sensitive NSH metadata MUST be encrypted for confidentiality
   preservation purposes."

Other types can be encrypted as per: 

   Classifier(s), NSH-aware SFs, and SFC proxies are instructed with the
   set of Context Headers (privacy-sensitive metadata, typically) that
   must be encrypted.

> 
> -- Section 4.1.1 --
> The use of 'metadata' (notably in table 1) for 'context headers' is
> confusing for a first-time reader. Any chance to be consistent and
> only use 'context headers' ?

[Med] Will see how to make this better, but please that we do have the following before table 1: 

"Context Header(s): Carries metadata..."

> 
> -- Section 4.2 --
> At first reading, I am confused by the use of the word 'secret key'
> for what appears to be a 'shared key'. Or is this 'secret key' never
> shared and simply used to generate the secondary keys, which are
> then shared ? Even if discussed later, some early explanations would
> be welcome.

[Med] We are using similar wording as in RFC7518.

> 
> -- Section 5.1 --
> Is there a good reason why the field name "key length" is not "key
> ID length" ?

[Med] Only for esthetic matters of the figures. Can fix that if you prefer. 

|Key ID Length| vs | Key Length |

> 
> I also find very strange to define "Length: variable" as the header
> field itself as a fixed length, simply state "unsigned integer".

[Med] We are echoing Section 2.5.1 of RFC8300.

> 
> As timestamp can include fractions of second, which is a good thing,
> then please reword "expressed in seconds relative" to indicate that
> fraction of second is included.

[Med] OK.

> 
> The 32-bit epoch will wrap around in 2036, should this I-D already
> consider what to do at that moment ?

[Med] Hmm. We say that it wraps in 2106 :-)

> 
> -- Section 8 --
> Indeed MTU is always an interesting 'problem' but how is this
> extension different than plain NSH ? The NSH neither increases nor
> decreases on the fly with this document.

[Med] It varies as we can add/strip context headers as the packet progress in the service chain. 

> 
> == NITS ==
> 
> -- Section 3 --
> Should 'figure 1' be 'table 1' per consistency with section 4.1.1 ?

[Med] It should. Will be fixed. Thanks. 

> 
> 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.8.7 | Report a Bug | By Email