IETF Logo Mail Archive

Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 12 July 2021 19:38 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319EC3A1360; Mon, 12 Jul 2021 12:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.899
X-Spam-Level:
X-Spam-Status: No, score=-0.899 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kLHUC8d_QHf7; Mon, 12 Jul 2021 12:38:05 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EA003A1404; Mon, 12 Jul 2021 12:37:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4GNvDv0R9gz1nscD; Mon, 12 Jul 2021 12:37:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1626118671; bh=i4xsu7nPZHtdQGmB5AAa8p/pFOuR/m9nOMwFv049kZQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=QgDiJstfarc680AAliZ1xWSAvqGr01pe4sEIpYlTTfi01XKASZ0M1MJggWFR7u8UC UFNw+rhgtKHsqx3zPOsyCaDDk5qKKhceNOiL8OMMFcxfP8bCUWjSivflhxLaX2Yjp4 ecZKdUiDge5oaSOSY4Wr0doVnZJDdQXfCq/JdpV0=
X-Quarantine-ID: <rKF1N7Yo_eWW>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.64] (50-233-136-230-static.hfc.comcastbusiness.net [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4GNvDt1hD5z1nsQX; Mon, 12 Jul 2021 12:37:50 -0700 (PDT)
To: Alvaro Retana <aretana.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: gregimirsky@gmail.com, draft-ietf-sfc-nsh-integrity@ietf.org, sfc@ietf.org
References: <162611498183.7775.3562397379733537345@ietfa.amsl.com> <f5961690-4496-7f85-74ca-f3705d5a1c2e@joelhalpern.com> <CAMMESszF+jc7WKkAwmzAFs0A7bsDqXJKA3p5+cyexdU3fvNnDQ@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <1a5ae768-bf12-6d94-819c-7923e1f816ee@joelhalpern.com>
Date: Mon, 12 Jul 2021 15:37:48 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAMMESszF+jc7WKkAwmzAFs0A7bsDqXJKA3p5+cyexdU3fvNnDQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/vgevwIxdF2GxbF-cwyNVmXk9LiE>
Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 19:38:10 -0000

Depending upon what you mean, either

1) The discussion never happened, because the action was not suggested.

or, with a longer view

2) The discussion happened when 8300 was being approved.  We agreed with 
the IESG that we would not define a mandatory-to-implement NSH security 
mechanism, but that we would add an optional NSH security mechanism. 
Which this draft does.

Yours,
Joel

On 7/12/2021 3:29 PM, Alvaro Retana wrote:
> Joel:
> 
> Hi!
> 
> I guess I missed where that discussion happened — probably buried in one 
> of the threads.  Can you please point me to it?
> 
> Thanks!
> 
> Alvaro.
> 
> On July 12, 2021 at 3:23:28 PM, Joel M. Halpern (jmh@joelhalpern.com 
> <mailto:jmh@joelhalpern.com>) wrote:
> 
>> I find your description of this as a "required update to 8300" rather
>> odd. The working group did not agree to make implementation of this
>> mandatory for 8300. That would, indeed, be an update to 8300. This is
>> just another feature that can be used with NSH. A useful feature.
>>
>> The security considerations do give lots of reasons to do this. But that
>> is not the same as making it "required" for all implementations of 8300.
>>
>> Yours,
>> Joel
>>
>> On 7/12/2021 2:36 PM, Alvaro Retana via Datatracker wrote:
>> > Alvaro Retana has entered the following ballot position for
>> > draft-ietf-sfc-nsh-integrity-06: No Objection
>> >  
>> > When responding, please keep the subject line intact and reply to all
>> > email addresses included in the To and CC lines. (Feel free to cut this
>> > introductory paragraph, however.)
>> >  
>> >  
>> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html 
>> <https://www.ietf.org/iesg/statement/discuss-criteria.html>
>> > for more information about DISCUSS and COMMENT positions.
>> >  
>> >  
>> > The document, along with other ballot positions, can be found here:
>> > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ 
>> <https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/>
>> >  
>> >  
>> >  
>> > ----------------------------------------------------------------------
>> > COMMENT:
>> > ----------------------------------------------------------------------
>> >  
>> >  
>> > (1) Given the required behavior specified in the Security Considerations
>> > section...
>> >  
>> >     NSH data are exposed to several threats:
>> >  
>> >     o  A man-in-the-middle attacker modifying the NSH data.
>> >  
>> >     o  Attacker spoofing the NSH data.
>> >  
>> >     o  Attacker capturing and replaying the NSH data.
>> >  
>> >     o  Data carried in Context Headers revealing privacy-sensitive
>> >        information to attackers.
>> >  
>> >     o  Attacker replacing the packet on which the NSH is imposed with a
>> >        bogus packet.
>> >  
>> >     In an SFC-enabled domain where the above attacks are possible, (1)
>> >     NSH data MUST be integrity-protected and replay-protected, and (2)
>> >     privacy-sensitive NSH metadata MUST be encrypted for confidentiality
>> >     preservation purposes.  The Base and Service Path headers are not
>> >     encrypted.
>> >  
>> > Why doesn't this document formally update rfc8300?  Concerns that eventually
>> > led to this solution have been expressed for several other documents, including
>> > rfc8459 and rfc8979.
>> >  
>> > It looks like the WG didn't consider the question of Updating the base NSH
>> > specification.  I believe that this document specifies a required update to
>> > NSH, and would like the WG to consider formally Updating rfc8300.  [My search
>> > of the archive didn't find any related discussion -- did I miss it?]
>> >  
>> > [Even though I consider this omission a serious oversight, I don't think this
>> > issue raises to the level of a DISCUSS.]
>> >  
>> > (2) §3: I find the use of normative language to describe requirements (that are
>> > met in this same document) not the best use of rfc2119 language because any
>> > interoperability concerns would result from the specification itself and not
>> > the requirements.
>> >  
>> > The use of rfc2119 keywords to describe requirements may result in confusion.
>> > For example, "The solution MAY provide integrity protection for the Base
>> > Header." -- as described later, protecting the Base Header is optional, but the
>> > solution *does* provide integrity protection for it.  IOW, the specification is
>> > what is reflected in the requirement, but referring to the solution, not the
>> > protection: providing integrity protection is not optional, using it is.  A
>> > better working would be: "The solution must provide optional integrity
>> > protection for the Base Header."
>> >  
>> >  
>> >  
>> > _______________________________________________
>> > sfc mailing list
>> > sfc@ietf.org <mailto:sfc@ietf.org>
>> > https://www.ietf.org/mailman/listinfo/sfc 
>> <https://www.ietf.org/mailman/listinfo/sfc>
>> >  
> 
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc
>

v2.23.0 | Report a Bug | By Email