[sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt
<mohamed.boucadair@orange.com> Wed, 20 November 2019 10:40 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94EE71208EE; Wed, 20 Nov 2019 02:40:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UN4iwqXpb6NW; Wed, 20 Nov 2019 02:39:59 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E32E4120047; Wed, 20 Nov 2019 02:39:55 -0800 (PST)
Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) by opfedar23.francetelecom.fr (ESMTP service) with ESMTP id 47Hzj62lwdzBsVm; Wed, 20 Nov 2019 11:39:54 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.104]) by opfedar04.francetelecom.fr (ESMTP service) with ESMTP id 47Hzj61yFkz1xpM; Wed, 20 Nov 2019 11:39:54 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM5F.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Wed, 20 Nov 2019 11:39:54 +0100
From: mohamed.boucadair@orange.com
To: "sfc@ietf.org" <sfc@ietf.org>
CC: "draft-rebo-sfc-nsh-integrity@ietf.org" <draft-rebo-sfc-nsh-integrity@ietf.org>
Thread-Topic: New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt
Thread-Index: AQHVn40Xb9sRcEUNYkGzfrmODeIHPKeT2yKg
Date: Wed, 20 Nov 2019 10:39:53 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330313DB130@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <157424563919.30554.3218410754028115412.idtracker@ietfa.amsl.com>
In-Reply-To: <157424563919.30554.3218410754028115412.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/GhekuGA2lU_NG3Bw_UhSQlj-i8Q>
Subject: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 10:40:00 -0000
Hi all, I'm pleased to share this updated version of this spec. This version integrates a detailed review and inputs from Dan. FWIW, the main changes are as follows: * SFFs are not supplied by design with the encryption material * Motivate why base and service headers are not encrypted * The inner packet is also integrity protected * Use of timestamp to protect against replay attacks * Restructure the design overview section to better highlight the provided security protection services, which elements are involved, etc. * Add a new section to discuss key management considerations * Add a new section to discuss NSH-in-NSH * Add more details to the processing rules * And many edits. Comments, question, and suggestions are more than welcome. Cheers, Med > -----Message d'origine----- > De : internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Envoyé : mercredi 20 novembre 2019 11:27 > À : Dan Wing; Tirumaleswar Reddy; Tirumaleswar Reddy.K; BOUCADAIR Mohamed > TGI/OLN > Objet : New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt > > > A new version of I-D, draft-rebo-sfc-nsh-integrity-02.txt > has been successfully submitted by Mohamed Boucadair and posted to the > IETF repository. > > Name: draft-rebo-sfc-nsh-integrity > Revision: 02 > Title: Integrity Protection for > Network Service Header (NSH) and Encryption of Sensitive Context > Headers > Document date: 2019-11-20 > Group: Individual Submission > Pages: 26 > URL: https://www.ietf.org/internet-drafts/draft-rebo-sfc-nsh- > integrity-02.txt > Status: https://datatracker.ietf.org/doc/draft-rebo-sfc-nsh- > integrity/ > Htmlized: https://tools.ietf.org/html/draft-rebo-sfc-nsh-integrity-02 > Htmlized: https://datatracker.ietf.org/doc/html/draft-rebo-sfc-nsh- > integrity > Diff: https://www.ietf.org/rfcdiff?url2=draft-rebo-sfc-nsh- > integrity-02 > > Abstract: > This specification adds integrity protection and optional encryption > of sensitive metadata directly to Network Service Headers (NSH) used > for Service Function Chaining (SFC). > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat
- [sfc] TR: New Version Notification for draft-rebo… mohamed.boucadair
- Re: [sfc] TR: New Version Notification for draft-… Tal Mizrahi
- Re: [sfc] TR: New Version Notification for draft-… mohamed.boucadair