Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt
"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 08 November 2019 14:02 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D97B71200F9 for <sfc@ietfa.amsl.com>; Fri, 8 Nov 2019 06:02:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-DCNEp3s1Az for <sfc@ietfa.amsl.com>; Fri, 8 Nov 2019 06:02:08 -0800 (PST)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB76312003F for <sfc@ietf.org>; Fri, 8 Nov 2019 06:02:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 478hm04xFCz1qs02; Fri, 8 Nov 2019 06:02:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1573221728; bh=kCpR40wqSTdgDutME8O0OcBy2T+fUkYPpv5M3sWSkLc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=lwfwPcFha9qaR0CgskJSueeSOyppnmQClxljCy3hBZ/Lob+oRRN4L190fcOgyO0qW 3gyPgNcdFrq2+BYhSg8FyXV8h3q59rFT+xwl2TlztD+34u/QZ6sUAID5rREGOMcQ8i kV3+ST6VLDq3Cya0vWM6C7Q7oQ0ggI6lCPawzMH0=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from [192.168.128.43] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 478hlz18N9z1qs3R; Fri, 8 Nov 2019 06:02:06 -0800 (PST)
To: Shunsuke Homma <shunsuke.homma.fp@hco.ntt.co.jp>, sfc@ietf.org
References: <157288238359.16503.4915397025250194299.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93303134D9F2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <3b5bf706-2676-db09-02da-2d2c314c0448@joelhalpern.com> <00e701d59630$abf4a030$03dde090$@hco.ntt.co.jp_1>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <6a8f85c9-0822-e80f-ea6f-5198bbd512b6@joelhalpern.com>
Date: Fri, 08 Nov 2019 09:02:04 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <00e701d59630$abf4a030$03dde090$@hco.ntt.co.jp_1>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/p2pn8PkUBaJYrOKFGQxAGJ48Cng>
Subject: Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 14:02:11 -0000
Shunsuke. Thank you for your interest in this topic. As co-chair, I am trying to understand what kinds of additions you would be looking for to address metadata errors. All SF are already allowed to modify metadata. Any process for detecting and correcting erroneous metadata would seem on the one end to be permitted by current rules, and on the other hand to be highly specific to the precise metadata being dealt with. Did you have something more general, and needing documentation, to be added? Yours, Joel Halpern On 11/8/2019 7:33 AM, Shunsuke Homma wrote: > Hi, > > I agree that integrity protection is important, and I'd like to support this work. > > In addition to encryption of metadata, I assume that a mechanism to prevent accidentally errors on metadata would be also needed. For example, it may be realized by integrating some error correction mechanism into NSH scheme, or defining a rule for a case that an SF/SF proxy detects metadata error is detected (e.g., delete the errored metadata, discard whole of packet). > > Best regards, > > Shunsuke > > -----Original Message----- > From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Joel M. Halpern > Sent: Tuesday, November 05, 2019 1:04 AM > To: sfc@ietf.org > Subject: Re: [sfc] TR: New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt > > Thank you for your work on this Med and Tiru. > Working Group, this is a topic we have in the charter, and explicitly > told the IESG we would work on. Please review and comment on the > approach described here. > > Thank you, > Joel (as co-chair) > > On 11/4/2019 10:56 AM, mohamed.boucadair@orange.com wrote: >> Hi all, >> >> This new version integrates the comments we received offline. The main changes are: >> >> * Clarify why we don't encrypt the base and service path headers >> * Clarify that all metadata is integrity protected >> * Clarify that the Base header may (or not) be covered by integrity protection. Both schemes are discussed with trade-offs called out. >> * Updated the solution overview to provide a big picture view. >> >> A detailed diff can be found at: https://www.ietf.org/rfcdiff?url2=draft-rebo-sfc-nsh-integrity-01 >> >> Please review and share your comments. >> >> Cheers, >> Tiru & Med >> >>> -----Message d'origine----- >>> De : internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] >>> Envoyé : lundi 4 novembre 2019 16:46 >>> À : Reddy K; Tirumaleswar Reddy; BOUCADAIR Mohamed TGI/OLN >>> Objet : New Version Notification for draft-rebo-sfc-nsh-integrity-01.txt >>> >>> >>> A new version of I-D, draft-rebo-sfc-nsh-integrity-01.txt >>> has been successfully submitted by Mohamed Boucadair and posted to the >>> IETF repository. >>> >>> Name: draft-rebo-sfc-nsh-integrity >>> Revision: 01 >>> Title: Integrity Protection for Network Service Header (NSH) and >>> Encryption of Sensitive Metadata >>> Document date: 2019-11-04 >>> Group: Individual Submission >>> Pages: 21 >>> URL: https://www.ietf.org/internet-drafts/draft-rebo-sfc-nsh- >>> integrity-01.txt >>> Status: https://datatracker.ietf.org/doc/draft-rebo-sfc-nsh- >>> integrity/ >>> Htmlized: https://tools.ietf.org/html/draft-rebo-sfc-nsh-integrity-01 >>> Htmlized: https://datatracker.ietf.org/doc/html/draft-rebo-sfc-nsh- >>> integrity >>> Diff: https://www.ietf.org/rfcdiff?url2=draft-rebo-sfc-nsh- >>> integrity-01 >>> >>> Abstract: >>> This specification adds integrity protection and optional encryption >>> directly to Network Service Headers (NSH) used for Service Function >>> Chaining (SFC). >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> The IETF Secretariat >> >> _______________________________________________ >> sfc mailing list >> sfc@ietf.org >> https://www.ietf.org/mailman/listinfo/sfc >> > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > >
- [sfc] TR: New Version Notification for draft-rebo… mohamed.boucadair
- Re: [sfc] TR: New Version Notification for draft-… Joel M. Halpern
- [sfc] FW: TR: New Version Notification for draft-… Dirk.von-Hugo
- Re: [sfc] TR: New Version Notification for draft-… Dirk.von-Hugo
- Re: [sfc] TR: New Version Notification for draft-… Shunsuke Homma
- Re: [sfc] TR: New Version Notification for draft-… Joel M. Halpern
- Re: [sfc] TR: New Version Notification for draft-… Shunsuke Homma