Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
Alvaro Retana <aretana.ietf@gmail.com> Mon, 12 July 2021 20:13 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCDD43A177D; Mon, 12 Jul 2021 13:13:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B9lfNmutLYIT; Mon, 12 Jul 2021 13:13:22 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C780C3A1736; Mon, 12 Jul 2021 13:13:08 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id ca14so12950301edb.2; Mon, 12 Jul 2021 13:13:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=zxbrGkyEvvW/R371j89VH7nT96k5mR36qR0J39iNlpA=; b=Fgevrgben4BJkiiXs7R0kMTO3VqMCQv0P25gKVmD8GAjnQ1VDvFk7z7f7ygRIre+d1 G/GX6kFft2X+3/uB9RWm5aBzgGysHyaV37p73Y0nqRRQRtqJL202F0g85LVHWQzmD23u IG/Y+rAFJTs7BOV46GsUiBG7+sSJHjS39hSLOOu+TJGlWVckLjp04Q3DsgbJXMoWV8Kq roNM1pyyrPtEhXPCsD12GSa9ME2iscKXl2wmLEzuUVqIv51WwB6csRA1WKFB94vRkhoO h08RTT6fa+WnvH/u/vEdke90KSkvgBMQNaAOaHAkOcX68q1lrMWul/dcL2fuaHEjBk/A 1ZBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=zxbrGkyEvvW/R371j89VH7nT96k5mR36qR0J39iNlpA=; b=eIf0F6KNyElcn4O+/R9frK7zRIPam/jlIDEWu+0WBHn1fEeetmTUDla9F9spV9V29C ksFuSzvCY2/infCj7MatPxQ2aB+M8XvyI9Rs5tIGvzfwb84tBwLuwN5MoQsJr8hPUGMz Gs8Umtt16YdsS9b477gGDpXR2fYS7nv0wD2C7V2Fzljb0pYAuydJpv9+K4xPM92Ec5dI Xm7sgoOjXjZHCOnr6pvPnrQI9G2AguWUExtL/m3YURxCRqIxD3CYTHtxNA0pj+2kmhce ehWgcFmB6CoLMlh0eAcsaroIYLyqgjfTcY++tKJebU6LXH7BKqTTDMKim0wbjBGJwa2E IYFg==
X-Gm-Message-State: AOAM53335vg9yHCeO3s8lRkj90xpwrNZGGe37tZ2Mdv3x7be/dxKcsFQ EQZNzpuhltRn/B1OwSTpMXkrEiipBnNZzTx5xVk=
X-Google-Smtp-Source: ABdhPJyVTEQowgcMOTzrz3Gvtx+g6xpcUQtagXdQyv6ioL0/nZuG2bfqVMmZVx5pwc5nRRzCIvHHn54jxbKzEb4rtbE=
X-Received: by 2002:a05:6402:40f:: with SMTP id q15mr768373edv.86.1626120782244; Mon, 12 Jul 2021 13:13:02 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Mon, 12 Jul 2021 13:13:01 -0700
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <13781_1626118873_60EC9AD9_13781_9_1_787AE7BB302AE849A7480A190F8B9330353BDA95@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162611498183.7775.3562397379733537345@ietfa.amsl.com> <23837_1626115941_60EC8F65_23837_478_1_787AE7BB302AE849A7480A190F8B9330353BD8C2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAMMESsx0ARXu2gpDT0MDxWT8ZPCZ8p97mcS43usAvPz=79vbiA@mail.gmail.com> <13781_1626118873_60EC9AD9_13781_9_1_787AE7BB302AE849A7480A190F8B9330353BDA95@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Date: Mon, 12 Jul 2021 13:13:01 -0700
Message-ID: <CAMMESsynLzx9mj_cCnjtbrjUa_UCtOhpRKQKTh3uuomJ7xfYJw@mail.gmail.com>
To: mohamed.boucadair@orange.com, The IESG <iesg@ietf.org>
Cc: "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com" <gregimirsky@gmail.com>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/G5Q8C8vkuyUjharQP2y_h1ZCip0>
Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 20:13:35 -0000
On July 12, 2021 at 3:41:13 PM, mohamed.boucadair@orange.com (mohamed.boucadair@orange.com (mailto:mohamed.boucadair@orange.com)) wrote: ... > > The outcome is that the requirements in rfc8300 would result in not > > using this specification. > > > > [Med] Not sure about this given that RFC8300 says the following: > > NSH itself does not mandate protocol-specific integrity > protection. However, if an operator deems protection is required, > several options are viable: > > 1. SFF/SF NSH verification > ... > 2. Transport Security > ... > 3. NSH Variable Header-Based Integrity > > Lastly, NSH MD Type 2 provides, via variable-length headers, > the ability to append cryptographic integrity protection to > the NSH packet. The implementation of such a scheme is > outside the scope of this document. > > The I-D is basically the third option. Ok. Please make it extra obvious that this is the case -- using the same words would be ideal. §8.2.2 (Confidentiality) is a lot less clear. Even though I still think that a formal Update to rfc8300 is the right thing to do, I would be very happy if there was (at least) some additional text included to clarify the expected relationship between the 2 documents. Thanks! Alvaro. > > > I know that we can interpret the update as "amends", but unless > > > I'm mistaken there is no formal IETF consensus on this. > > > > True. > > > > Without at least some text explaining the relationship between the > > requirements in this document and how they may be considered instead > > of the ones in rfc8300, I don't think this document is > > complete. For better or worse, the only tool we have right now to > > make that link clear is the Updates tag. > > > > > > Thanks! > > > > Alvaro.
- [sfc] Alvaro Retana's No Objection on draft-ietf-… Alvaro Retana via Datatracker
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel Halpern Direct
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy