Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
Greg Mirsky <gregimirsky@gmail.com> Thu, 04 February 2021 15:11 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E249F3A1588; Thu, 4 Feb 2021 07:11:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_TntfS6y7D9; Thu, 4 Feb 2021 07:11:50 -0800 (PST)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CD3E3A15B7; Thu, 4 Feb 2021 07:11:50 -0800 (PST)
Received: by mail-lj1-x232.google.com with SMTP id y14so3799900ljn.8; Thu, 04 Feb 2021 07:11:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DJaqLSCjkP9haAQkn/ib51070O58+QDS9Vdwiaf+aoU=; b=sZjE74GGtg6mVXBfStDH/dhYr7lNLguHWqcgM+SDi+8kJyUSF82R4Bg+xaweJpzfq8 xCuLlpjc1dicRAILDxWQddESldrN4AUhMNISuYobNnhYph9nYOUcsLYYkJCiV2m4UNow rKlDxCZ1W33otWCNkjhkBgBgcESZcfPRhePIIWnnDqOFHSFPeS3+CrVrFyMZ7f3V0NAS /rOoAwkHkxk9+BnUuXXSwQLb4aaPHfd7IJ+wf/uG5Al17QHuR+P9j+pHkD00Q0NRNelX FnThHmXBKQ/PEq+32RcQNQRm84X6tfX+0vbHMtAq6SZhz788QeacOR+2c9TtFERQ7n0v o/HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DJaqLSCjkP9haAQkn/ib51070O58+QDS9Vdwiaf+aoU=; b=JR0mGTmIiDiG8JJlRlbOTU5Xz5p6YnZUxb7xog3nv7rIKK7vSXyu6jzXQcLkaPFyBc V4LZA+OGcOAV87I1FsGDaVTp0IpuBG8rGt3zVH/kOKtcO24w1K0MNqSalzImJXiDwlG1 WD5Gqku2yKHya1ZX4vQbvzDKemYfkuAZsTfnjMqEUV3Wy8odXLy6odGrJOLGYKl/+UEF yAqtKRxGuNag5nISIWIM3tRHG4aKAUx5OJ7rfJE3e2fXrkOvlGfelZ5mz6E6U3mBA7DS bFCbz9ab1bfP0jj6Pv4vDw1J1DPKYwd1c3rHujFy4Qrm2qEqn/m042xOSUOWZ+U8Fp52 ip5w==
X-Gm-Message-State: AOAM532xzKiUqGFgc3g3mR1ehWWs49rYulwUEX8r5EgU94w7j1r3H5jY uQuABR82oQGgJnbFCHdq/C9ySPqT/t6NwqRfC8c=
X-Google-Smtp-Source: ABdhPJwG/HICKy68d1dkpQ9STpjQuMBpLZ2fvaM1EAsoeniRNAmxvvnvChMSNcGbIsc4iQ/LmXbK4OUplrFYmtLlPXE=
X-Received: by 2002:a2e:a377:: with SMTP id i23mr5161725ljn.158.1612451508298; Thu, 04 Feb 2021 07:11:48 -0800 (PST)
MIME-Version: 1.0
References: <161184769798.6893.13499187160157088449@ietfa.amsl.com> <48b9f1db-38cb-7703-3c1e-7d2e75f93d19@joelhalpern.com> <CA+RyBmWmPgEiBapRFKbqGcoe9deGwMdZBUnBRHwO9hjqoG82GA@mail.gmail.com> <11269_1612347099_601A76DB_11269_227_2_787AE7BB302AE849A7480A190F8B9330315C6440@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <13626_1612423091_601B9FB3_13626_224_1_787AE7BB302AE849A7480A190F8B9330315C6BE6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <13626_1612423091_601B9FB3_13626_224_1_787AE7BB302AE849A7480A190F8B9330315C6BE6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Thu, 04 Feb 2021 07:11:37 -0800
Message-ID: <CA+RyBmXgt_ko8-G68pf5QQuCQC61-DOr8Nu7-niJnpjE-uOfOA@mail.gmail.com>
To: Med Boucadair <mohamed.boucadair@orange.com>
Cc: "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
Content-Type: multipart/alternative; boundary="0000000000005ea80c05ba841fe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/fOsMEDwb1YvaOkeSHTGZHLVFYCw>
Subject: Re: [sfc] Fwd: IETF WG state changed for draft-ietf-sfc-nsh-integrity
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 15:11:53 -0000
Hi Med, thank you for the quick updates. These are very helpful and the text is perfectly clear. Regards, Greg On Wed, Feb 3, 2021 at 11:18 PM <mohamed.boucadair@orange.com> wrote: > Hi Greg, > > > > We made some changes to avoid the confusion raised in the message below. > The changes can be tracked at: > > https://tinyurl.com/nsh-integrity-latest > > > > Hope this is better. > > > > Cheers, > > Med > > > > *De :* mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] > *Envoyé :* mercredi 3 février 2021 11:12 > *À :* Greg Mirsky <gregimirsky@gmail.com> > *Cc :* sfc@ietf.org; draft-ietf-sfc-nsh-integrity@ietf.org; Joel M. > Halpern <jmh@joelhalpern.com> > *Objet :* RE: [sfc] Fwd: IETF WG state changed for > draft-ietf-sfc-nsh-integrity > > > > Hi Greg, > > > > Thank you for the comment. > > > > As explained in Section 7.2, if no encryption is used the IV Length field > will be followed by the MAC: > > > > The NSH imposer computes the message integrity for the target NSH > > data (depending on the integrity protection scope discussed in > > Section 5 > <https://tools.ietf.org/html/draft-ietf-sfc-nsh-integrity-03#section-5>) > using MAC_KEY and HMAC algorithm. It inserts the MAC in > > the "MAC and Encrypted Metadata" Context Header. The length of the > > MAC is decided by the HMAC algorithm adopted for the particular key > > identifier. > > > > I guess you were confused by figures 6 and 7 where we put “Context Headers to encrypt (opt.)” right after Initialization Vector. Will fix that to avoid confusion. > > > > Cheers, > > Med > > > > *De :* Greg Mirsky [mailto:gregimirsky@gmail.com <gregimirsky@gmail.com>] > *Envoyé :* vendredi 29 janvier 2021 19:20 > *À :* Joel M. Halpern <jmh@joelhalpern.com>; > draft-ietf-sfc-nsh-integrity@ietf.org > *Cc :* sfc@ietf.org > *Objet :* Re: [sfc] Fwd: IETF WG state changed for > draft-ietf-sfc-nsh-integrity > > > > Dear Authors, > > I appreciate your kind consideration of my comments on the draft. I've > reviewed the updates. It all looks good. I might have a small question > about the case of IV Length = 0. The updated text suggests: > > If encryption is not used, IV length is set to zero > (that is, no "Initialization Vector" is included). > > As I understand it, that means that the IV Length field is immediately > followed by the padding as explained in the last paragraph in Section 5: > > The "MAC and Encrypted Metadata" Context Headers are padded out to a > multiple of 4 bytes as per Section 2.2 of [RFC8300]. > > Is that correct? > > > > And yes, I support progressing this document to publication. > > > > Regards, > > Greg > > > > Regards, > > Greg > > > > On Thu, Jan 28, 2021 at 7:33 AM Joel M. Halpern <jmh@joelhalpern.com> > wrote: > > As you can see below, the SFC Chairs have started the WG last Call for > the nsh-integrity draft. Please respond. > Thank you, > Joel > > > -------- Forwarded Message ------- > > > The IETF WG state of draft-ietf-sfc-nsh-integrity has been changed to "In > WG > Last Call" from "WG Document" by Joel Halpern: > > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ > > Comment: > This starts the SFC Working Group last call for the NSH integrity > protection > document. This will run through the end of the day February 11, 2021. > (Don't worry about time zone. If it is still Feb 11 2021 somewhere in the > world, you can send in comments.) Please respond. Silence is not consent, > and when (if, but we hope when) we send this to the AD, we need to be > able to > describe meaningful WG support for the publication. And if possible, more > than just +1. > > Thank you, > Joel (and Jim) > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > _________________________________________________________________________________________________________________________ > > > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > > > This message and its attachments may contain confidential or privileged information that may be protected by law; > > they should not be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender and delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > > Thank you. > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > >
- [sfc] Fwd: IETF WG state changed for draft-ietf-s… Joel M. Halpern
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Greg Mirsky
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Dirk.von-Hugo
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… wei.yuehua
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Dirk.von-Hugo
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Greg Mirsky
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Dhruv Dhody
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- [sfc] Fwd: IETF WG state changed for draft-ietf-s… Joel M. Halpern
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… Greg Mirsky
- Re: [sfc] Fwd: IETF WG state changed for draft-ie… mohamed.boucadair
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Dan Wing
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Konda, Tirumaleswar Reddy
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Greg Mirsky
- Re: [sfc] IETF WG state changed for draft-ietf-sf… mohamed.boucadair
- Re: [sfc] IETF WG state changed for draft-ietf-sf… Greg Mirsky
- Re: [sfc] IETF WG state changed for draft-ietf-sf… mohamed.boucadair