IETF Logo Mail Archive

Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity

mohamed.boucadair@orange.com Wed, 03 February 2021 10:11 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD1ED3A1712; Wed, 3 Feb 2021 02:11:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.817
X-Spam-Level:
X-Spam-Status: No, score=-2.817 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IG-8Eb_AK1Q; Wed, 3 Feb 2021 02:11:41 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6449F3A1711; Wed, 3 Feb 2021 02:11:41 -0800 (PST)
Received: from opfedar07.francetelecom.fr (unknown [xx.xx.xx.9]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id 4DVyBz4Vbzz2xQB; Wed, 3 Feb 2021 11:11:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1612347099; bh=9Q30ci+IAQ3UETtxZxoWQMPwif26yPPmi5u0qGLM+Tw=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=WCWAnMI684XQ/+ZEbHxh2ZNkmx4mzrHuQFpqhDiwMN7Lc/iaobLJdAu0uRddC6ScQ b4t1vH3b3P1zWIfY9DKqmRk10gJw8lIJyx2RAxotakxzFLIPw87f7Y1v5etXTA3ibN cj0nDyxw+BXmUCTfzAjE9WpONCeCIPOl72/9UV93QatkC/G+TiVJPGbapT+LMthnJU UdWUcTEp+a8DoJ1jdMzmo0FNzDaE2zi69yhj3znIvhoxPwI833x6gfZul8YWnCgdy8 OpH8aIYeucGCjkNhRK0F9Ojaal1Q27Z58PmcdRBgeIWtDWVFprZtsCiXT9Z1GU8WcN +Ufm/A5PHIWhg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.48]) by opfedar07.francetelecom.fr (ESMTP service) with ESMTP id 4DVyBz34zyz5vNr; Wed, 3 Feb 2021 11:11:39 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Greg Mirsky <gregimirsky@gmail.com>
CC: "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
Thread-Topic: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
Thread-Index: AQHW9mtaBg7jJtqhYUuUL0zWLYESB6pGO1jg
Date: Wed, 03 Feb 2021 10:11:38 +0000
Message-ID: <11269_1612347099_601A76DB_11269_227_2_787AE7BB302AE849A7480A190F8B9330315C6440@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <161184769798.6893.13499187160157088449@ietfa.amsl.com> <48b9f1db-38cb-7703-3c1e-7d2e75f93d19@joelhalpern.com> <CA+RyBmWmPgEiBapRFKbqGcoe9deGwMdZBUnBRHwO9hjqoG82GA@mail.gmail.com>
In-Reply-To: <CA+RyBmWmPgEiBapRFKbqGcoe9deGwMdZBUnBRHwO9hjqoG82GA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B9330315C6440OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/OolYvval4f7fuaYn0zRqKhkUXNU>
Subject: Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 10:11:44 -0000

Hi Greg,

Thank you for the comment.

As explained in Section 7.2, if no encryption is used the IV Length field will be followed by the MAC:

   The NSH imposer computes the message integrity for the target NSH
   data (depending on the integrity protection scope discussed in
   Section 5<https://tools.ietf.org/html/draft-ietf-sfc-nsh-integrity-03#section-5>) using MAC_KEY and HMAC algorithm.  It inserts the MAC in
   the "MAC and Encrypted Metadata" Context Header.  The length of the
   MAC is decided by the HMAC algorithm adopted for the particular key
   identifier.


I guess you were confused by figures 6 and 7 where we put “Context Headers to encrypt (opt.)” right after Initialization Vector. Will fix that to avoid confusion.

Cheers,
Med

De : Greg Mirsky [mailto:gregimirsky@gmail.com]
Envoyé : vendredi 29 janvier 2021 19:20
À : Joel M. Halpern <jmh@joelhalpern.com>; draft-ietf-sfc-nsh-integrity@ietf.org
Cc : sfc@ietf.org
Objet : Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity

Dear Authors,
I appreciate your kind consideration of my comments on the draft. I've reviewed the updates. It all looks good. I might have a small question about the case of IV Length = 0. The updated text suggests:
       If encryption is not used, IV length is set to zero
       (that is, no "Initialization Vector" is included).
As I understand it, that means that the IV Length field is immediately followed by the padding as explained in the last paragraph in Section 5:
   The "MAC and Encrypted Metadata" Context Headers are padded out to a
    multiple of 4 bytes as per Section 2.2 of [RFC8300].
Is that correct?

And yes, I support progressing this document to publication.

Regards,
Greg

Regards,
Greg

On Thu, Jan 28, 2021 at 7:33 AM Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>> wrote:
As you can see below, the SFC Chairs have started the WG last Call for
the nsh-integrity draft.  Please respond.
Thank you,
Joel


-------- Forwarded Message -------


The IETF WG state of draft-ietf-sfc-nsh-integrity has been changed to "In WG
Last Call" from "WG Document" by Joel Halpern:

https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/

Comment:
This starts the SFC Working Group last call for the NSH integrity protection
document.  This will run through the end of the day February 11, 2021.
(Don't worry about time zone.  If it is still Feb 11 2021 somewhere in the
world, you can send in comments.)  Please respond.  Silence is not consent,
and when (if, but we hope when) we send this to the AD, we need to be
able to
describe meaningful WG support for the publication.  And if possible, more
than just +1.

Thank you,
Joel (and Jim)

_______________________________________________
sfc mailing list
sfc@ietf.org<mailto:sfc@ietf.org>
https://www.ietf.org/mailman/listinfo/sfc

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.31.3 | Report a Bug | By Email | System Status