Re: [sfc] Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity-08: (with COMMENT)
mohamed.boucadair@orange.com Wed, 15 September 2021 12:00 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 803243A1584; Wed, 15 Sep 2021 05:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CuTM5KYSePXf; Wed, 15 Sep 2021 05:00:21 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C76153A1589; Wed, 15 Sep 2021 05:00:20 -0700 (PDT)
Received: from opfednr02.francetelecom.fr (unknown [xx.xx.xx.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr26.francetelecom.fr (ESMTP service) with ESMTPS id 4H8f0y637wz10SS; Wed, 15 Sep 2021 14:00:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1631707218; bh=JrUZt+h317o5eEldNKSXxzD9bDzrEy10PMwtemT5iSE=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=s4N/+AS5iSs3aXAiIbaoG+hqZ8Lz88u4EGkpJjw0HoMC0bSX9k9IdAIpgz8LLg9H0 aOGWpm+mPX/bJxVrm4ecOjzbVkMssD9QWt1MIoO5HNlPHJeOsG34Aq0rZBPhBEpbGc gO8l+OZ2WiJktPTn3E/RE03BQpjkuGjdrZq8Yv3KRpzmsUacPRap9Jsb5qsOZd0Kmh rMAky9BWcp6f8754lcFcGZOrQ0fQgecUjKYY6UZ8SDCF5mugf45qEHqgKcYhz4bUL3 QNd9/Ic+uWHCwCdFU6wKD0SgT7mgQkGEizCjNro24KRqvimOVnJcV//jlAn5ISsIMA M0LmBrE+Tf7Vw==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr02.francetelecom.fr (ESMTP service) with ESMTPS id 4H8f0y56vnz8sZ3; Wed, 15 Sep 2021 14:00:18 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com" <gregimirsky@gmail.com>
Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity-08: (with COMMENT)
Thread-Index: AQHXqbHUmWfXT7X7oEuK1uXeDAJwAquk/kqQ
Date: Wed, 15 Sep 2021 12:00:17 +0000
Message-ID: <13196_1631707218_6141E052_13196_110_22_787AE7BB302AE849A7480A190F8B9330354068BF@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <163165592034.1346.4978645209515293884@ietfa.amsl.com>
In-Reply-To: <163165592034.1346.4978645209515293884@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/Cxx_n-JOfMNI19s70_rOSnIDOZI>
Subject: Re: [sfc] Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity-08: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 12:00:25 -0000
Hi Ben, The suggestions look good to me. I made some additional edits + added a pointer to the cfrg I-D. The full diff can be seen at: https://tinyurl.com/nsh-integrity-latest Will proceed with the submission of this version tomorrow. Many thanks for your effort. Cheers, Med > -----Message d'origine----- > De : Benjamin Kaduk via Datatracker [mailto:noreply@ietf.org] > Envoyé : mardi 14 septembre 2021 23:45 > À : The IESG <iesg@ietf.org> > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org; > sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com > Objet : Benjamin Kaduk's No Objection on draft-ietf-sfc-nsh-integrity- > 08: (with COMMENT) > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-sfc-nsh-integrity-08: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for the updates in the -07 and -08; I think we found a reasonable > way to address the issues that came up in my earlier review. > > I turned most of my comments into a github PR against > https://github.com/boucadair/draft-ietf-sfc-nsh-integrity/ since that > repo was referenced in previous responses to comments. The tip of the > branch I forked off seems to have corresponded to only the -07, though, > so I'm not sure if I should have gone somewhere else. (I made a > separate first commit that just syncs down the -08 from the > datatracker.) > The PR is > https://github.com/boucadair/draft-ietf-sfc-nsh-integrity/pull/6 and the > actual "new" (non-08) changes are viewable via > https://github.com/boucadair/draft-ietf-sfc-nsh- > integrity/compare/99c6484fbe85af7179086ab243c88813e2b47b74..kaduk:kaduk- > review?expand=1 > > Section 4.4 > > In order to accommodate deployments relying upon keying material per > SFC/SFP and also the need to update keys after encrypting NSH data > for a certain amount of time, this document uses key identifiers to > unambiguously identify the appropriate keying material. Doing so > addresses the problem of synchronization of keying material. > > I included a suggestion in my pull request, but I want to call out as a > potentially significant change that the key identifier should identify > not just the key material but also the algorithms that they key is to be > used with. > > Section 5.1 > > Nonce Length: Carries the length of the Nonce. If the Context > Headers are only integrity protected, "Nonce Length" is set to > zero (that is, no "Nonce" is included). The "Nonce Length" can be > set to zero depending on the encryption algorithm used to encrypt > the Context Headers. > > I included this in my PR, but want to call out that this last sentence > seems harmful. It seems vastly preferrable to have "the nonce length > field is zero" indicate one specific thing, rather than having two > different possibilities for that situation, as this text appears to do. > I know that my earlier comments proposed a scenario where an AEAD might > validly encrypt with a zero-length nonce, but I don't think we should > support that at the cost of losing the clear signal that the encrypted > context headers are (not) present. > > Section 7.3 > > Using the secret key (ENC_KEY) and authenticated encryption > algorithm, the NSH imposer encrypts the Context Headers (as set, for > example, in Section 3) and inserts the resulting payload in the "MAC > and Encrypted Metadata" Context Header (Section 5). The entire > Context Header carrying a sensitive metadata is encrypted (that is, > including the MD Class, Type, Length, and associated metadata of each > Context Header). > > I included some text in my pull request, but want to call out as > important that this description does not specify what is to be used as > the "additional authenticated data" AEAD input. (I assume the empty > string is intended, though other choices are valid.) > > Section 7.5 > > When an SFC data plane element conforms to this specification, it > MUST ensure that a "MAC and Encrypted Metadata" Context Header is > included in a received NSH packet. [...] > > This doesn't quite seem like the right condition -- this text sounds > like once you implement this context header you have to require that it > appears in all incoming packets, which breaks interoperability with > senders that don't produc this contxt header. > > Section 9 > > The secret key (K) must have an expiration time assigned as the > latest point in time before which the key may be used for integrity > protection of NSH data and encryption of Context Headers. Prior to > the expiration of the secret key, all participating NSH-aware nodes > SHOULD have the control plane distribute a new key identifier and > associated keying material so that when the secret key is expired, > those nodes are prepared with the new secret key. This allows the > NSH imposer to switch to the new key identifier as soon as necessary. > It is RECOMMENDED that the next key identifier and associated keying > material be distributed by the control plane well prior to the secret > key expiration time. > > I note that draft-irtf-cfrg-aead-limits offers some guidance on how > often to rekey (though it gives data-based criteria, not time-based > ones), if that is potentially relevant. > > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Benjamin Kaduk's No Objection on draft-ietf… Benjamin Kaduk via Datatracker
- Re: [sfc] Benjamin Kaduk's No Objection on draft-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's No Objection on draft-… mohamed.boucadair