IETF Logo Mail Archive

Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-nsh-integrity-06: (with DISCUSS and COMMENT)

mohamed.boucadair@orange.com Thu, 15 July 2021 13:30 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DFEE3A00B2; Thu, 15 Jul 2021 06:30:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lrjXToUMUa6e; Thu, 15 Jul 2021 06:30:16 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 058283A00AE; Thu, 15 Jul 2021 06:30:15 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr20.francetelecom.fr (ESMTP service) with ESMTPS id 4GQZxK6sr4z1yTJ; Thu, 15 Jul 2021 15:30:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1626355814; bh=tVCRtOaRsqjlLY4nT1CN1orKDplTqLMHzVktL+evd5g=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=X+ZW48LzTLx+eeUv/bRFFZnmEfCf6Jl89llAGfZGMXMF97l9U8BjklQN9j/MU2bvn JiWh06Hhroofb/uv0DPVsqLNShfM+JoOjkXS734p9lOL9/gbVrIqsMNfpArwHdkpzZ H32RJbEiVAmrsQ8FSAaquLOL6MxD/gOrWy0l0tMMjbigjOS9GAJ2yF3OxByTx2GSf/ p4ql1z67Qq51qEVyNOkrdw1a7SVFNc/l8gT9PMSuwAC7fxqUpwtoy0cw/R4ceAxnUg HMSjxz/dx+C47P7IT/3xhjJ05KAdSXXRAnGO9z3t/jK5rZVVjkMUJvysexVQpzwyy7 KJeHH5I5/f+Pg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr01.francetelecom.fr (ESMTP service) with ESMTPS id 4GQZxK1kjXzDq7N; Thu, 15 Jul 2021 15:30:13 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org" <draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com" <gregimirsky@gmail.com>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-sfc-nsh-integrity-06: (with DISCUSS and COMMENT)
Thread-Index: AQHXePbUnGtMWTBmlECZ6vxdOGPzS6tD9g8g
Date: Thu, 15 Jul 2021 13:30:12 +0000
Message-ID: <31639_1626355813_60F03865_31639_1_1_787AE7BB302AE849A7480A190F8B9330353BF7EE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162629795136.25767.17850752260179612361@ietfa.amsl.com>
In-Reply-To: <162629795136.25767.17850752260179612361@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/fZD8LrtMgNa6OyU8dktfFiVDWgI>
Subject: Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-nsh-integrity-06: (with DISCUSS and COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 13:30:21 -0000

Hi Ben, 

Thank you for the review. Much appreciated. 

Starting with the easy part (NITS) as we need more time to think about your point(0) and its impact on many COMMENT points. 

FYI, we used to have a discussion on AES-GCM in the past, but we went for the current design as we wanted to impose by design the separation between entities that access the encrypted data and avoid the extra 128 bits overhead. There was also a discussion about the parallelization provided by separating the two operations.  

Anyway, we will follow SOON on the DISCUSS and COMMENT parts with concrete proposals to hopefully fix them. 

The changes can be tracked at: https://tinyurl.com/nsh-integrity-latest 

Cheers,
Med

> -----Message d'origine-----
> De : Benjamin Kaduk via Datatracker [mailto:noreply@ietf.org]
> Envoyé : mercredi 14 juillet 2021 23:26
> À : The IESG <iesg@ietf.org>
> Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org;
> sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com
> Objet : Benjamin Kaduk's Discuss on draft-ietf-sfc-nsh-integrity-06:
> (with DISCUSS and COMMENT)
> 
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-sfc-nsh-integrity-06: Discuss
> 
> When responding, please keep the subject line intact and reply to
> all email addresses included in the To and CC lines. (Feel free to
> cut this introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-
> criteria.html
> for more information about DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/
> 
> 
[..]
> 
> --------------------------------------------------------------------
> --
> COMMENT:
> --------------------------------------------------------------------
> --
> 
[..]
> NITS
> 
> Section 1
> 
>    network infrastructures against them, network slicing, etc.
> Because
>    of the proliferation of such advanced SFs together with complex
>    service deployment constraints that demand more agile service
>    delivery procedures, operators need to rationalize their service
>    delivery logics and master their complexity while optimising
> service
>    activation time cycles.  The overall problem space is described
> in
>    [RFC7498].
> 
> The "their" in "master their complexity" is a bit ambiguous between
> "operators" and "service delivery logics"

[Med] s/their/its


 (noting that the previous
> use of "their" did refer to "operators").  (The sentence as a whole
> reads a bit like marketing language, but that's not intended to be
> an actionable
> comment.)
> 
>    This specification fills that gap.  Concretely, this document
> adds
>    integrity protection and optional encryption of sensitive
> metadata
>    directly to the NSH (Section 4); integrity protects the packet
>    payload and provides replay protection (Section 7.4).  [...]
> 
> The clause after the semicolon needs to be able to stand alone as a
> complete sentence in order to be grammatical, but it currently has
> no subject.  Maybe prefixing "it also" would be enough to fix it.

[Med] OK to start a new sentence. 

> 
> Section 4.1.2
> 
>    The integrity protection scope is explicitly signaled to NSH-
> aware
>    SFs and SFC proxies in the NSH by means of a dedicated MD Type
>    (Section 5).
> 
> Signaled to SFFs as well, since in the second LoA they can use it.

[Med] Yes. 

> 
> Section 4.6
> 
>    As discussed in [RFC8459], an SFC-enabled domain (called, upper-
> level
>    domain) may be decomposed into many sub-domains (called, lower-
> level
>    domains).  In order to avoid maintaining state to restore back
> upper-
>    lower NSH information at the boundaries of lower-level domains,
> two
> 
> I think s/upper-lower/upper-layer/ (across the line break)?

[Med] Yes, changed to "upper-level". 

> 
> Section 5.1
> 
>    MAC#1 Context Header is a variable-length Context Header that
> carries
>    the Message Authentication Code (MAC) for the Service Path
> Header,
>    Context Headers, and the inner packet on which NSH is imposed,
>    calculated using MAC_KEY and optionally Context Headers encrypted
>    using ENC_KEY.  [...]
> 
> Comma after "calculated using MAC_KEY", please. 

[Med] Fixed, but that I'm afraid that we will touch this once we fix your discuss point (0).

 ("optionally
> Context Headers [...]" are not used along with MAC_KEY in the
> calculation)
> 
> Section 5.2
> 
>    Message Authentication Code:  Coves the entire NSH data.  The
> 
> s/Coves/Covers/
> 

[Med] Fixed. 

> Section 6
> 
>       The epoch is 1970-01-01T00:00Z in UTC time.  [...]
> 
> (IIUC, the "in UTC time" is redundant with the trailing 'Z'.)

[Med] Right. 

> 
> Section 7.1
> 
>    element.  The details of sending notification alarms (i.e., the
>    parameters affecting the transmission of the notification alarms
>    depend on the information in the context header such as
> frequency,
>    thresholds, and content in the alarm) SHOULD be configurable.
> 
> The grammar in the parenthetical seems off to me.  Possibly
> s/depend/depending/ would be a fix, but I'm not sure.

[Med] Made these changes: 

s/affecting/that affect
s/depend/depending/

> 
>    NSH-aware SFs and SFC proxies MUST re-apply the integrity
> protection
>    if any modification is made to the Context Headers (strip a
> Context
>    Header, update the content of an existing Context Header, insert
> a
>    new Context Header).
> 
> I think maybe an "e.g.," in the parenthetical is in order, since
> this doesn't seem to include things like "decrement the TTL".

[Med] Fixed. 

> 
> Section 9
> 
>    The interaction between the SFC data plane elements and a key
>    management system MUST NOT be transmitted in clear since this
> would
>    completely destroy the security benefits of the integrity
> protection
>    solution defined in this document.  The secret key (K) must have
> an
>    expiration time assigned as the latest point in time before which
> the
> 
> This first sentence seems like it could probably be a paragraph of
> its own; the subsequent discussion of expiration time seems to be
> mostly unrelated.

[Med] Works for me. Fixed.

> 
> We might also add another sentence to reiterate that "the security
> and integrity of the key-distribution mechanism is vital to the
> security of the system as a whole".

[Med] Added. 

> 
>    o  Attacker replacing the packet on which the NSH is imposed with
> a
>       bogus packet.
> 
> I'd probably say "modified or bogus".

[Med] Fixed. 

> 
>    In an SFC-enabled domain where the above attacks are possible,
> (1)
> 
> This is perhaps ambiguous about whether an "any" or "all" criterion
> should be used.  Perhaps that's desired :)
> 

[Med] I think you got it :-)


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email