Re: [sfc] Zaheduzzaman Sarker's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
mohamed.boucadair@orange.com Tue, 13 July 2021 11:06 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 90A7F3A13C3;
Tue, 13 Jul 2021 04:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6PGy4xbBHPGR; Tue, 13 Jul 2021 04:06:24 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 491A03A13C2;
Tue, 13 Jul 2021 04:06:24 -0700 (PDT)
Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by opfedar20.francetelecom.fr (ESMTP service) with ESMTPS id 4GPHrG2KYRz8tww;
Tue, 13 Jul 2021 13:06:22 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com;
s=ORANGE001; t=1626174382;
bh=Xx+SNFyykMdTiDpy2wNSLdLrCwoJPm7FgJBWWvLgLsE=;
h=From:To:Subject:Date:Message-ID:Content-Type:
Content-Transfer-Encoding:MIME-Version;
b=a2Fi3D+PjTgoWd51u2jt/fT8SB7q5AFwknFvPv2D5X5EJ6DV5odwMueCke87Xz6mM
J4FnH73+YQ2l9sxqoBk+380SbdTGQGJCklsIWsh9KrcVzvTKFrIaSDzzcqPOR/YlR0
VoswUR6DNsgWue3UrWEdP45jdbNBQ2V4XfCjt+DNI75ERqq83hf7sVXhehNTn+01uO
lJ2lSFTqSMEUGhefEr/nGSuXYLsxz23jaP+eGuB/OL8D/1vab7tU3cigZjf1mzMmm6
9Qv5tPsEtfKDsgxXkXDchv+8biRMaaceUjbE8NnJk7AKqMWw3afWrCWs+H9/ErsHy7
EXuBo22+6l2ZQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.92])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by opfedar02.francetelecom.fr (ESMTP service) with ESMTPS id 4GPHrG0rBWzCqkV;
Tue, 13 Jul 2021 13:06:22 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: Zaheduzzaman Sarker <Zaheduzzaman.Sarker@ericsson.com>, The IESG
<iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org"
<draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org"
<sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com"
<gregimirsky@gmail.com>
Thread-Topic: Zaheduzzaman Sarker's No Objection on
draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
Thread-Index: AQHXd9MBbrum3ehGokamLtK1wKZXz6tAt3dQ
Date: Tue, 13 Jul 2021 11:06:21 +0000
Message-ID: <3763_1626174382_60ED73AE_3763_126_1_787AE7BB302AE849A7480A190F8B9330353BE5BA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162617261371.15907.6050785043086194503@ietfa.amsl.com>
In-Reply-To: <162617261371.15907.6050785043086194503@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/NmCQ2MGgg-6GsSdesF3P1ldTGnc>
Subject: Re: [sfc] Zaheduzzaman Sarker's No Objection on
draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 11:06:30 -0000
Hi Zahed, Thanks for the review. Please see inline. Cheers, Med > -----Message d'origine----- > De : Zaheduzzaman Sarker via Datatracker [mailto:noreply@ietf.org] > Envoyé : mardi 13 juillet 2021 12:37 > À : The IESG <iesg@ietf.org> > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org; > sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com > Objet : Zaheduzzaman Sarker's No Objection on draft-ietf-sfc-nsh- > integrity-06: (with COMMENT) > > Zaheduzzaman Sarker has entered the following ballot position for > draft-ietf-sfc-nsh-integrity-06: No Objection > > When responding, please keep the subject line intact and reply to > all email addresses included in the To and CC lines. (Feel free to > cut this introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ > > > > -------------------------------------------------------------------- > -- > COMMENT: > -------------------------------------------------------------------- > -- > > Thanks for the efforts on this specification. > > I have following non-blocking comments those I believe would improve > the document if addressed -- > > * I agree with Alvaro and Lars's comment about updating 8300. Would > like to get > response(s) to their comments. [Med] Already replied to those. > > * I think it will be helpful to explicitly mention if integrity and > confidentiality by the transport encapsulation is needed or not when > this specification is in use. This specification definitely says > that one does not need to relay on the service provided by the > transport encapsulation but it does not says that those services are > not longer required. [Med] We don't say so because this is deployment-specific. One may deploy hSFC (RFC8459) with transport security to interconnect lower-level domains, but use this spec within a lower-level domain. > > * Section 1 : says - > "This specification fills that gap. Concretely, this document > adds > integrity protection and optional encryption of sensitive > metadata > directly to the NSH (Section 4);" > > Does this specification extends the use of NSH in multiple SFC > domain? [Med] No, we don't as we adhere to RFC7665 and RFC8300. Future documents may define an updated 7665 to describe the inter-domain case. This spec may solve some of the inherent issues, but it is out of scope to discuss those in this I-D. Till this happens, the scope is still what is recorded in RFC7665: == The architecture described herein is assumed to be applicable to a single network administrative domain. While it is possible for the architectural principles and components to be applied to inter-domain SFCs, these are left for future study. == My > little understanding of NSH says it is SFC domain specific and > within one SFC > domain the devices a vetted to be trusted. I think it will be very > helpful to > add zest from the section 3.2.1. of I-D.arkko-farrell-arch-model-t > here. > > * Section 6 : > > The epoch is 1970-01-01T00:00Z in UTC time. Note this epoch > value > is different from the one used in Section 6 of [RFC5905]. > > It would be great if we can add the implications of the > difference. Now I > don't know what it means. > > [Med] The implication is basically what is mentioned under wraparound bullet: "The next wraparound will occur in the year 2106". If we maintained the epoch in RFC5905, the wraparound would be in 2036. Tweaked the text to mention this. Thanks. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Zaheduzzaman Sarker's No Objection on draft… Zaheduzzaman Sarker via Datatracker
- Re: [sfc] Zaheduzzaman Sarker's No Objection on d… mohamed.boucadair
- Re: [sfc] Zaheduzzaman Sarker's No Objection on d… Zaheduzzaman Sarker
- Re: [sfc] Zaheduzzaman Sarker's No Objection on d… mohamed.boucadair
- Re: [sfc] Zaheduzzaman Sarker's No Objection on d… Zaheduzzaman Sarker