Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt
Tal Mizrahi <tal.mizrahi.phd@gmail.com> Thu, 28 November 2019 14:23 UTC
Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80C0D12002F; Thu, 28 Nov 2019 06:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zahk3DrO8ni; Thu, 28 Nov 2019 06:23:52 -0800 (PST)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51C1A12004E; Thu, 28 Nov 2019 06:23:49 -0800 (PST)
Received: by mail-wm1-x334.google.com with SMTP id g206so11172949wme.1; Thu, 28 Nov 2019 06:23:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KF3EhLiwtlJFG05gpKak+LR2NOcyqRqgXGz+gvGTg/E=; b=pA3qjfPix3M0eRBqKKQGgzHmqhsfJsddgIjRLGrPxXbM65THPWP8xEpJIzVDIVFX+B G9vGNxgLISbnEQYxJ3jEOU8ZOSozN1CnmOGd3soZFHoTiXd6mR2OiqIPdradFvnqu6CX DZ/p4ljuHd87gYdMQjWBZ8yebUjB6RZGaeGgMqGlsKqXbop8Asgg7+8Zemg2XBvapEPz sz6JXkLyyMTeHhdyYlI5r17lkoIUD+5/LDg5IsTj3+VQvXsjaD/giAiM3QAVK+9z3vHe I3p6ByGAF8Gi6rHtl/JCrupA72CbZboNeY9JpJe1+WLQZ/XSbZpzz8jKWv2iRaDrIZWS RSYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KF3EhLiwtlJFG05gpKak+LR2NOcyqRqgXGz+gvGTg/E=; b=bqExTbT5FZVp+NhIVxdgtbOmARIfd0mizla50ziV8ukWUiaNiBUO9i5cvPeqzu7eTv D19+iHIa7G9ywv9QitHAiBQHAEUsEqVjzJZvQQ94fHESnmb/TWprh7nBVGB7mRBK0biB vq4MLNTMwUyMNvqGf6fbC+LQBE/s2/QVdanU2Qk0xW6MLYNiaZMvYUv7oqWHcra6q2x0 xduhbw9v72RwWLPwN+pCrPzgcjGGMtIITqGfH23URLRyG0dtczg0y9Jf2bRiyUOWd9Sw oFvmoeDL8xoVH9SJqEuQkN5p3JCU5BfgMVENXIINxLCRm4pXpks9ByhRNVCiuwLbQnbd QzSw==
X-Gm-Message-State: APjAAAVqO2p73qLHcqiGbXVosBj49xsqZTMLX43JROEOHm2/N8wGBqSD AgUTeSLLMAsbhqtIx1OSBZRodrPYf+T5NMDrE1R4wt4tiwQ=
X-Google-Smtp-Source: APXvYqwYJCjs5zI5yDq7Af0fRKWEusvq0PS0CqHC7tU4awZZhefskGE42wF+uq3c1qaigunIxd5Trv80GRzeMGKC2S8=
X-Received: by 2002:a1c:39c4:: with SMTP id g187mr10450902wma.78.1574951027551; Thu, 28 Nov 2019 06:23:47 -0800 (PST)
MIME-Version: 1.0
References: <157424563919.30554.3218410754028115412.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B9330313DB130@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330313DB130@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Thu, 28 Nov 2019 16:23:36 +0200
Message-ID: <CABUE3XnKGd+Eb+KJpX33sgQ+_z7q6ZskU35CH=n=xLkX7y=QBQ@mail.gmail.com>
To: mohamed.boucadair@orange.com
Cc: "sfc@ietf.org" <sfc@ietf.org>, "draft-rebo-sfc-nsh-integrity@ietf.org" <draft-rebo-sfc-nsh-integrity@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000893574059868dc74"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/SZmwnFkvF4AEK83jrLC4tiWtB6U>
Subject: Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 14:23:54 -0000
Hi, A comment regarding the Timestamp format that is defined in Section 5.2. The Timestamp format should be defined carefully. Please take a look at "Guidelines for Defining Packet Timestamps" (draft-ietf-ntp-packet-timestamps). I recommend to use the template - Section 3 of draft-ietf-ntp-packet-timestamps. The examples in the draft are pretty helpful. Cheers, Tal. On Wed, Nov 20, 2019 at 12:40 PM <mohamed.boucadair@orange.com> wrote: > Hi all, > > I'm pleased to share this updated version of this spec. This version > integrates a detailed review and inputs from Dan. > > FWIW, the main changes are as follows: > * SFFs are not supplied by design with the encryption material > * Motivate why base and service headers are not encrypted > * The inner packet is also integrity protected > * Use of timestamp to protect against replay attacks > * Restructure the design overview section to better highlight the provided > security protection services, which elements are involved, etc. > * Add a new section to discuss key management considerations > * Add a new section to discuss NSH-in-NSH > * Add more details to the processing rules > * And many edits. > > Comments, question, and suggestions are more than welcome. > > Cheers, > Med > > > -----Message d'origine----- > > De : internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > > Envoyé : mercredi 20 novembre 2019 11:27 > > À : Dan Wing; Tirumaleswar Reddy; Tirumaleswar Reddy.K; BOUCADAIR Mohamed > > TGI/OLN > > Objet : New Version Notification for draft-rebo-sfc-nsh-integrity-02.txt > > > > > > A new version of I-D, draft-rebo-sfc-nsh-integrity-02.txt > > has been successfully submitted by Mohamed Boucadair and posted to the > > IETF repository. > > > > Name: draft-rebo-sfc-nsh-integrity > > Revision: 02 > > Title: Integrity Protection for > > Network Service Header (NSH) and Encryption of Sensitive Context > > Headers > > Document date: 2019-11-20 > > Group: Individual Submission > > Pages: 26 > > URL: https://www.ietf.org/internet-drafts/draft-rebo-sfc-nsh- > > integrity-02.txt > > Status: https://datatracker.ietf.org/doc/draft-rebo-sfc-nsh- > > integrity/ > > Htmlized: > https://tools.ietf.org/html/draft-rebo-sfc-nsh-integrity-02 > > Htmlized: > https://datatracker.ietf.org/doc/html/draft-rebo-sfc-nsh- > > integrity > > Diff: https://www.ietf.org/rfcdiff?url2=draft-rebo-sfc-nsh- > > integrity-02 > > > > Abstract: > > This specification adds integrity protection and optional encryption > > of sensitive metadata directly to Network Service Headers (NSH) used > > for Service Function Chaining (SFC). > > > > > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc >
- [sfc] TR: New Version Notification for draft-rebo… mohamed.boucadair
- Re: [sfc] TR: New Version Notification for draft-… Tal Mizrahi
- Re: [sfc] TR: New Version Notification for draft-… mohamed.boucadair