Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 12 July 2021 19:38 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319EC3A1360; Mon, 12 Jul 2021 12:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.899
X-Spam-Level:
X-Spam-Status: No, score=-0.899 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kLHUC8d_QHf7; Mon, 12 Jul 2021 12:38:05 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EA003A1404; Mon, 12 Jul 2021 12:37:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4GNvDv0R9gz1nscD; Mon, 12 Jul 2021 12:37:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1626118671; bh=i4xsu7nPZHtdQGmB5AAa8p/pFOuR/m9nOMwFv049kZQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=QgDiJstfarc680AAliZ1xWSAvqGr01pe4sEIpYlTTfi01XKASZ0M1MJggWFR7u8UC UFNw+rhgtKHsqx3zPOsyCaDDk5qKKhceNOiL8OMMFcxfP8bCUWjSivflhxLaX2Yjp4 ecZKdUiDge5oaSOSY4Wr0doVnZJDdQXfCq/JdpV0=
X-Quarantine-ID: <rKF1N7Yo_eWW>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.64] (50-233-136-230-static.hfc.comcastbusiness.net [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4GNvDt1hD5z1nsQX; Mon, 12 Jul 2021 12:37:50 -0700 (PDT)
To: Alvaro Retana <aretana.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: gregimirsky@gmail.com, draft-ietf-sfc-nsh-integrity@ietf.org, sfc@ietf.org
References: <162611498183.7775.3562397379733537345@ietfa.amsl.com> <f5961690-4496-7f85-74ca-f3705d5a1c2e@joelhalpern.com> <CAMMESszF+jc7WKkAwmzAFs0A7bsDqXJKA3p5+cyexdU3fvNnDQ@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <1a5ae768-bf12-6d94-819c-7923e1f816ee@joelhalpern.com>
Date: Mon, 12 Jul 2021 15:37:48 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAMMESszF+jc7WKkAwmzAFs0A7bsDqXJKA3p5+cyexdU3fvNnDQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/vgevwIxdF2GxbF-cwyNVmXk9LiE>
Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 19:38:10 -0000
Depending upon what you mean, either 1) The discussion never happened, because the action was not suggested. or, with a longer view 2) The discussion happened when 8300 was being approved. We agreed with the IESG that we would not define a mandatory-to-implement NSH security mechanism, but that we would add an optional NSH security mechanism. Which this draft does. Yours, Joel On 7/12/2021 3:29 PM, Alvaro Retana wrote: > Joel: > > Hi! > > I guess I missed where that discussion happened — probably buried in one > of the threads. Can you please point me to it? > > Thanks! > > Alvaro. > > On July 12, 2021 at 3:23:28 PM, Joel M. Halpern (jmh@joelhalpern.com > <mailto:jmh@joelhalpern.com>) wrote: > >> I find your description of this as a "required update to 8300" rather >> odd. The working group did not agree to make implementation of this >> mandatory for 8300. That would, indeed, be an update to 8300. This is >> just another feature that can be used with NSH. A useful feature. >> >> The security considerations do give lots of reasons to do this. But that >> is not the same as making it "required" for all implementations of 8300. >> >> Yours, >> Joel >> >> On 7/12/2021 2:36 PM, Alvaro Retana via Datatracker wrote: >> > Alvaro Retana has entered the following ballot position for >> > draft-ietf-sfc-nsh-integrity-06: No Objection >> > >> > When responding, please keep the subject line intact and reply to all >> > email addresses included in the To and CC lines. (Feel free to cut this >> > introductory paragraph, however.) >> > >> > >> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> <https://www.ietf.org/iesg/statement/discuss-criteria.html> >> > for more information about DISCUSS and COMMENT positions. >> > >> > >> > The document, along with other ballot positions, can be found here: >> > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ >> <https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/> >> > >> > >> > >> > ---------------------------------------------------------------------- >> > COMMENT: >> > ---------------------------------------------------------------------- >> > >> > >> > (1) Given the required behavior specified in the Security Considerations >> > section... >> > >> > NSH data are exposed to several threats: >> > >> > o A man-in-the-middle attacker modifying the NSH data. >> > >> > o Attacker spoofing the NSH data. >> > >> > o Attacker capturing and replaying the NSH data. >> > >> > o Data carried in Context Headers revealing privacy-sensitive >> > information to attackers. >> > >> > o Attacker replacing the packet on which the NSH is imposed with a >> > bogus packet. >> > >> > In an SFC-enabled domain where the above attacks are possible, (1) >> > NSH data MUST be integrity-protected and replay-protected, and (2) >> > privacy-sensitive NSH metadata MUST be encrypted for confidentiality >> > preservation purposes. The Base and Service Path headers are not >> > encrypted. >> > >> > Why doesn't this document formally update rfc8300? Concerns that eventually >> > led to this solution have been expressed for several other documents, including >> > rfc8459 and rfc8979. >> > >> > It looks like the WG didn't consider the question of Updating the base NSH >> > specification. I believe that this document specifies a required update to >> > NSH, and would like the WG to consider formally Updating rfc8300. [My search >> > of the archive didn't find any related discussion -- did I miss it?] >> > >> > [Even though I consider this omission a serious oversight, I don't think this >> > issue raises to the level of a DISCUSS.] >> > >> > (2) §3: I find the use of normative language to describe requirements (that are >> > met in this same document) not the best use of rfc2119 language because any >> > interoperability concerns would result from the specification itself and not >> > the requirements. >> > >> > The use of rfc2119 keywords to describe requirements may result in confusion. >> > For example, "The solution MAY provide integrity protection for the Base >> > Header." -- as described later, protecting the Base Header is optional, but the >> > solution *does* provide integrity protection for it. IOW, the specification is >> > what is reflected in the requirement, but referring to the solution, not the >> > protection: providing integrity protection is not optional, using it is. A >> > better working would be: "The solution must provide optional integrity >> > protection for the Base Header." >> > >> > >> > >> > _______________________________________________ >> > sfc mailing list >> > sfc@ietf.org <mailto:sfc@ietf.org> >> > https://www.ietf.org/mailman/listinfo/sfc >> <https://www.ietf.org/mailman/listinfo/sfc> >> > > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc >
- [sfc] Alvaro Retana's No Objection on draft-ietf-… Alvaro Retana via Datatracker
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Alvaro Retana
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel M. Halpern
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Joel Halpern Direct
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy
- Re: [sfc] Alvaro Retana's No Objection on draft-i… mohamed.boucadair
- Re: [sfc] Alvaro Retana's No Objection on draft-i… Murray S. Kucherawy