Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-nsh-integrity-06: (with DISCUSS and COMMENT)
mohamed.boucadair@orange.com Thu, 15 July 2021 04:57 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 909663A1BCB;
Wed, 14 Jul 2021 21:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id tPRZdKKbcF7M; Wed, 14 Jul 2021 21:57:52 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C2E323A1BCA;
Wed, 14 Jul 2021 21:57:51 -0700 (PDT)
Received: from opfedar06.francetelecom.fr (unknown [xx.xx.xx.8])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by opfedar24.francetelecom.fr (ESMTP service) with ESMTPS id 4GQMZ41D0gz5w5V;
Thu, 15 Jul 2021 06:57:48 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com;
s=ORANGE001; t=1626325068;
bh=4+ROko9fNNd0fy61k9ieSUsZZ4tpjdZd7ikjLXDg/Uo=;
h=From:To:Subject:Date:Message-ID:Content-Type:
Content-Transfer-Encoding:MIME-Version;
b=GRdeUBQH8lSYCTnfoFWzQI3a73TjyLjDgsL+wiFR1g+JfwbYDVtaL8DNMcCk4BtZm
q+dxR0gwqD/FNqm6Zzzl515klVr2aAWBdwn00Oze0LEfBT6HmfzsWLT4/fQH/86/O4
5NOjhMEX7iA5OxGV/vQZ5/K7sCKd99WiVjGsGnWTO7HxWMbGDqClXKnQaiEdgIoTXn
M4JR/ZzrItMubJCHIufGJHSVvpGGlmD3IMX8DmI/WZK9iTExfBDHHm50i6XmUKIOtD
RtDz8WbKa72UlgXcARK3PJDdYGr/sfzorHh/TVPhN6g2ZUbVPLJUR3gNGwswPlJOKA
ejs4p+BRA6hTA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.32])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by opfedar06.francetelecom.fr (ESMTP service) with ESMTPS id 4GQMZ36sJQz3wbN;
Thu, 15 Jul 2021 06:57:47 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org"
<draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org"
<sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com"
<gregimirsky@gmail.com>
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgRGlzY3VzcyBvbiBkcmFmdC1pZXRmLXNmYy1uc2gt?=
=?utf-8?Q?integrity-06:_(with_DISCUSS_and_COMMENT)?=
Thread-Index: AQHXd+EWUzPhovDiy06QVDjdApotHKtBE6GQgAFgQoCAAQWqEA==
Date: Thu, 15 Jul 2021 04:57:46 +0000
Message-ID: <30015_1626325068_60EFC04B_30015_200_1_787AE7BB302AE849A7480A190F8B9330353BF421@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162617866082.13596.2398814614966286542@ietfa.amsl.com>
<15473_1626195281_60EDC551_15473_51_1_787AE7BB302AE849A7480A190F8B9330353BE8EC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
<94FF1F19-7004-42C5-8560-C99A2FEEF71A@cisco.com>
In-Reply-To: <94FF1F19-7004-42C5-8560-C99A2FEEF71A@cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/LgYwFIcVdCIB0DF-cVo9n-ozsvQ>
Subject: Re: [sfc]
=?utf-8?q?=C3=89ric_Vyncke=27s_Discuss_on_draft-ietf-sfc-n?=
=?utf-8?q?sh-integrity-06=3A_=28with_DISCUSS_and_COMMENT=29?=
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 04:57:58 -0000
Hi Eric, A version that integrates your review can be tracked at: https://tinyurl.com/nsh-integrity-latest. Please see inline for more context. Cheers, Med > -----Message d'origine----- > De : Eric Vyncke (evyncke) [mailto:evyncke@cisco.com] > Envoyé : mercredi 14 juillet 2021 13:12 > À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>om>; The > IESG <iesg@ietf.org> > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org; > sfc@ietf.org; gregimirsky@gmail.com > Objet : Re: Éric Vyncke's Discuss on draft-ietf-sfc-nsh-integrity- > 06: (with DISCUSS and COMMENT) > > Hello Med, > > Thank you for your prompt reply. > > See below for EV>, still holding my DISCUSS mainly around the "how > to compute the MAC as it includes the MAC field itself" [Med] Updated the text to: The NSH imposer sets the MAC field to zero and then computes the message integrity for the target NSH data (depending on the integrity protection scope discussed in Section 5) using MAC_KEY and HMAC algorithm. > > Regards > > -éric > > -----Original Message----- > From: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com> > Date: Tuesday, 13 July 2021 at 18:54 > To: Eric Vyncke <evyncke@cisco.com>om>, The IESG <iesg@ietf.org> > Cc: "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh- > integrity@ietf.org>gt;, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>rg>, > "sfc@ietf.org" <sfc@ietf.org>rg>, "gregimirsky@gmail.com" > <gregimirsky@gmail.com> > Subject: RE: Éric Vyncke's Discuss on draft-ietf-sfc-nsh-integrity- > 06: (with DISCUSS and COMMENT) > > Hi Eric, > > Thank you for the review. > > Please see inline. > > Cheers, > Med > > > -----Message d'origine----- > > De : Éric Vyncke via Datatracker [mailto:noreply@ietf.org] > > Envoyé : mardi 13 juillet 2021 14:18 > > À : The IESG <iesg@ietf.org> > > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc- > chairs@ietf.org; > > sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com > > Objet : Éric Vyncke's Discuss on draft-ietf-sfc-nsh-integrity- > 06: > > (with DISCUSS and COMMENT) > > > > Éric Vyncke has entered the following ballot position for > > draft-ietf-sfc-nsh-integrity-06: Discuss > > > > When responding, please keep the subject line intact and reply > to > > all email addresses included in the To and CC lines. (Feel > free to > > cut this introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > > criteria.html > > for more information about DISCUSS and COMMENT positions. > > > > [..] > > > > == DISCUSS == > > > > I failed to spot the order of the operations for the integrity > and > > confidentiality operations, e.g., I did not find on what the > HMAC is > > computed: > > in the unencrypted or encrypted field ? > > [Med] Isn't this covered by this text: > > Using the secret key (K) and authenticated encryption > algorithm, the > NSH imposer encrypts the Context Headers (as set, for > example, in > Section 3), computes the message integrity for the target NSH > data, > and inserts the resulting payload in the "MAC and Encrypted > Metadata" > Context Header (Section 5). The entire Context Header > carrying a > privacy-sensitive metadata is encrypted (that is, including > the MD > Class, Type, Length, and associated metadata of each Context > Header). > > EV> the text could be made clearer by using "then" rather than > simple "," > EV> but I STRONGLY suggest to move this explanation earlier at the > very > EV> beginning of section 7 (or 7.1) and not like now in section 7.3 > BTW, > EV> this is indeed the expected order to avoid DoS > [Med] I really struggled to see how to mention this text earlier, but it is currently where it should be. It can be in 7.1 is this is about generic considerations. It is in this section because this is where we discussion encryption. > > > > -- Section 5.1 -- > > What is the unit of "key length", I assume a length expressed > in > > octets but it is not specified. > > [Med] Yes. Fixed. Thank you for catching this. > > EV> __ > > > > > -- Section 7.2 -- > > What is the "A" used in the HMAC computation ? > > [Med] This is: Additional Authenticated Data (A) (mentioned in > 4.2). > > EV> fair enough, suggest to write that the terminology of section > 4.2 is used there. [Med] Updated the text for better clarity. > > > > The formula specifies HMAC-SHA-256-128() but what if another > HMAC is > > used ? > > [Med] Please note that the text says: "can be illustrated as > follows:". > > That is for illustration purposes. > > EV> could also be made more obvious with " The Message > Authentication Code (T) computation process for additional > authentication text (A) with HMAC-SHA-256-128() can be illustrated > as follows:" [Med] Deal. > > > Section 7.3 use MAC() which is more flexible. > > > > As the MAC field is included in the integrity protected > header, > > please specify the value of this field when computing the HMAC > (I > > assume 0 but let's be clear) > > EV> still waiting for an answer on this issue (so keeping my DISCUSS > EV> ballot) > [Med] Added this text: The NSH imposer sets the MAC field to zero and then computes the message integrity for the target NSH data (depending on the integrity protection scope discussed in Section 5) using MAC_KEY and HMAC algorithm. > > > > -- Section 7.5 -- > > What is the expected behavior when a NSH does not contain a > "MAC and > > Encrypted Metadata" Context Header ? §1 hints to packet drop ? > > Should there be a local policy for this case ? > > [Med] This is covered here: > > It MUST log an error at least once per the > SPI for which the "MAC and Encrypted Metadata" Context Header > is > missing. > > EV> honestly, not clear from the text. Please consider adding "In > this case, it MUST..." [Med] Updated the text. It reads now: When an SFC data plan element conforms to this specification, it MUST ensure that a "MAC and Encrypted Metadata" Context Header is included in a received NSH packet. The imposer MUST silently discard the packet and MUST log an error at least once per the SPI if at least one of the following is observed: o the "MAC and Encrypted Metadata" Context Header is missing, o the enclosed key identifier is unknown or invalid (e.g., the corresponding key expired), o the timestamp is invalid (Section 7.4). > > > > > > > -------------------------------------------------------------- > ------ > > -- > > COMMENT: > > -------------------------------------------------------------- > ------ > > -- > > > > > > I second Alvaro's and Lars' point about formally updating RFC > 8300. > > > > Quite often in the text "privacy-sensitive metadata" is used > but > > encryption is not only required for privacy but also to > protect > > operational data from attackers (i.e., not linked to privacy), > is > > there a real need to qualify "metadata" with "privacy- > sensitive", > > i.e., "confidential metadata" may be more appropriate ? > > [Med] We use this term because we can easily argue why we > included statement such as: > > " In an SFC-enabled domain where the above attacks are > possible, (1) > NSH data MUST be integrity-protected and replay-protected, > and (2) > privacy-sensitive NSH metadata MUST be encrypted for > confidentiality > preservation purposes." > > Other types can be encrypted as per: > > Classifier(s), NSH-aware SFs, and SFC proxies are instructed > with the > set of Context Headers (privacy-sensitive metadata, > typically) that > must be encrypted. > > EV> let's say that we disagree __ but this is non-blocking anyway [Med] I changed many occurrences of privacy-sensitive to sensitives but maintained them when zooming on privacy was the intent. > > > > > -- Section 4.1.1 -- > > The use of 'metadata' (notably in table 1) for 'context > headers' is > > confusing for a first-time reader. Any chance to be consistent > and > > only use 'context headers' ? > > [Med] Will see how to make this better, but please that we do > have the following before table 1: > > "Context Header(s): Carries metadata..." > > > > > -- Section 4.2 -- > > At first reading, I am confused by the use of the word 'secret > key' > > for what appears to be a 'shared key'. Or is this 'secret key' > never > > shared and simply used to generate the secondary keys, which > are > > then shared ? Even if discussed later, some early explanations > would > > be welcome. > > [Med] We are using similar wording as in RFC7518. > > EV> I fail to see this wording in RFC 7518 [Med] RFC 7518 says for example: The authenticated encryption algorithm takes as input four octet strings: a secret key K, a plaintext P, Additional Authenticated Data ^^^^^^^^^^^^^^ A, and an Initialization Vector IV. The authenticated ciphertext value E and the Authentication Tag value T are provided as outputs. The data in the plaintext are encrypted and authenticated, and the Additional Authenticated Data are authenticated, but not encrypted. > > > > > -- Section 5.1 -- > > Is there a good reason why the field name "key length" is not > "key > > ID length" ? > > [Med] Only for esthetic matters of the figures. Can fix that if > you prefer. > > |Key ID Length| vs | Key Length | > > EV> this would be clearer IMHO but editorial hence non-blocking [Med] Made the change. Thanks. > > > > > I also find very strange to define "Length: variable" as the > header > > field itself as a fixed length, simply state "unsigned > integer". > > [Med] We are echoing Section 2.5.1 of RFC8300. > > EV> like above, I fail to see this similarity in the section 2.5.1 > of RFC 8300 "Indicates the length of the variable-length metadata, > in bytes." [Med] that's basically says variable. Updated the text to use exact wording in 8300. > > > > As timestamp can include fractions of second, which is a good > thing, > > then please reword "expressed in seconds relative" to indicate > that > > fraction of second is included. > > [Med] OK. > > > > > The 32-bit epoch will wrap around in 2036, should this I-D > already > > consider what to do at that moment ? > > [Med] Hmm. We say that it wraps in 2106 :-) > > EV> I should have spot the different epoch ;-) > > > > > -- Section 8 -- > > Indeed MTU is always an interesting 'problem' but how is this > > extension different than plain NSH ? The NSH neither increases > nor > > decreases on the fly with this document. > > [Med] It varies as we can add/strip context headers as the > packet progress in the service chain. > > EV> Amazing that this was accepted by the IESG in RFC 8300 years > ago... when net-pgm RFC had to remove the header insertion. > > > > > == NITS == > > > > -- Section 3 -- > > Should 'figure 1' be 'table 1' per consistency with section > 4.1.1 ? > > [Med] It should. Will be fixed. Thanks. > > > > > > > > > ____________________________________________________________________ > _____________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des > informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si > vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les > messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, > deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or > privileged information that may be protected by law; > they should not be distributed, used or copied without > authorisation. > If you have received this email in error, please notify the > sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that > have been modified, changed or falsified. > Thank you. > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-nsh… Éric Vyncke via Datatracker
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… mohamed.boucadair
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Eric Vyncke (evyncke)
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… tirumal reddy
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… mohamed.boucadair
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Eric Vyncke (evyncke)
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… tirumal reddy