[sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
Alvaro Retana via Datatracker <noreply@ietf.org> Mon, 12 July 2021 18:36 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sfc@ietf.org
Delivered-To: sfc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 53D063A0332; Mon, 12 Jul 2021 11:36:22 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alvaro Retana via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sfc-nsh-integrity@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org, gregimirsky@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alvaro Retana <aretana.ietf@gmail.com>
Message-ID: <162611498183.7775.3562397379733537345@ietfa.amsl.com>
Date: Mon, 12 Jul 2021 11:36:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/XPJNxLXCghGI8H_TsNqSV5LYvmI>
Subject: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 18:36:23 -0000
Alvaro Retana has entered the following ballot position for draft-ietf-sfc-nsh-integrity-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) Given the required behavior specified in the Security Considerations section... NSH data are exposed to several threats: o A man-in-the-middle attacker modifying the NSH data. o Attacker spoofing the NSH data. o Attacker capturing and replaying the NSH data. o Data carried in Context Headers revealing privacy-sensitive information to attackers. o Attacker replacing the packet on which the NSH is imposed with a bogus packet. In an SFC-enabled domain where the above attacks are possible, (1) NSH data MUST be integrity-protected and replay-protected, and (2) privacy-sensitive NSH metadata MUST be encrypted for confidentiality preservation purposes. The Base and Service Path headers are not encrypted. Why doesn't this document formally update rfc8300? Concerns that eventually led to this solution have been expressed for several other documents, including rfc8459 and rfc8979. It looks like the WG didn't consider the question of Updating the base NSH specification. I believe that this document specifies a required update to NSH, and would like the WG to consider formally Updating rfc8300. [My search of the archive didn't find any related discussion -- did I miss it?] [Even though I consider this omission a serious oversight, I don't think this issue raises to the level of a DISCUSS.] (2) §3: I find the use of normative language to describe requirements (that are met in this same document) not the best use of rfc2119 language because any interoperability concerns would result from the specification itself and not the requirements. The use of rfc2119 keywords to describe requirements may result in confusion. For example, "The solution MAY provide integrity protection for the Base Header." -- as described later, protecting the Base Header is optional, but the solution *does* provide integrity protection for it. IOW, the specification is what is reflected in the requirement, but referring to the solution, not the protection: providing integrity protection is not optional, using it is. A better working would be: "The solution must provide optional integrity protection for the Base Header."
- [sfc] Alvaro Retana's No Objection on draft-ietf-… Alvaro Retana via Datatracker
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel Halpern Direct
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy