Re: [sfc] Lars Eggert's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
mohamed.boucadair@orange.com Mon, 12 July 2021 19:04 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id CAD023A1082;
Mon, 12 Jul 2021 12:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.899
X-Spam-Level:
X-Spam-Status: No, score=-0.899 tagged_above=-999 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6opVjQI_fEJR; Mon, 12 Jul 2021 12:04:24 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 1E4563A17F1;
Mon, 12 Jul 2021 12:02:32 -0700 (PDT)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by opfednr25.francetelecom.fr (ESMTP service) with ESMTPS id 4GNtS62tclzCr5S;
Mon, 12 Jul 2021 21:02:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com;
s=ORANGE001; t=1626116550;
bh=BW5moahu3aNbV6yCsF8XsKuoCK98Rm1U8OHINgytSQc=;
h=From:To:Subject:Date:Message-ID:Content-Type:
Content-Transfer-Encoding:MIME-Version;
b=If5YN8Tu5Jpm2EAOZ/aFaJJ9UKtCrxhjaBayYjY0SB4hoi1iLQCkoIweyIirM68Gx
Hq7D/HOoT3UveVXqnPxi11HW+3jNAOt0ABS9ylnqtWULkBN4Bo2htnY/JtLa+AFs/V
F8L+YQ4Wst0jNXjAP3oTP06yich/zavYZc7FveHCNhxZ0syjekuSGHvVT0Qs7d9ZYQ
DcKdMUrZkFywasKT80f6hMBK4nPMf67294R8l1PVmwaJgD6a/WyMbC9eMlCkQohK72
N1Uq2lrtDwBwJteJ6CAleRNNlg9HhGOGhwjAsKOT1tbED0g4gqO6RzFoCCJJ8K9yxE
NBZPDv+3MVhzg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.29])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by opfednr07.francetelecom.fr (ESMTP service) with ESMTPS id 4GNtS6248zzFpWX;
Mon, 12 Jul 2021 21:02:30 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: Lars Eggert <lars@eggert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org"
<draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org"
<sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com"
<gregimirsky@gmail.com>
Thread-Topic: Lars Eggert's No Objection on draft-ietf-sfc-nsh-integrity-06:
(with COMMENT)
Thread-Index: AQHXdyy02AmcqC8DpUGKm7cOgjGdDqs/cXBg
Date: Mon, 12 Jul 2021 19:02:28 +0000
Message-ID: <5351_1626116550_60EC91C6_5351_270_1_787AE7BB302AE849A7480A190F8B9330353BD911@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162610118774.23532.4225033232156129750@ietfa.amsl.com>
In-Reply-To: <162610118774.23532.4225033232156129750@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/vnnkCThvrR0_afH-P8JIWEeZCEY>
Subject: Re: [sfc] Lars Eggert's No Objection on
draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 19:04:30 -0000
Hi Lars, Thank you for the review. Please see inline. Cheers, Med > -----Message d'origine----- > De : Lars Eggert via Datatracker [mailto:noreply@ietf.org] > Envoyé : lundi 12 juillet 2021 16:46 > À : The IESG <iesg@ietf.org> > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org; > sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com > Objet : Lars Eggert's No Objection on draft-ietf-sfc-nsh-integrity- > 06: (with COMMENT) > > Lars Eggert has entered the following ballot position for > draft-ietf-sfc-nsh-integrity-06: No Objection > > When responding, please keep the subject line intact and reply to > all email addresses included in the To and CC lines. (Feel free to > cut this introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ > > > > -------------------------------------------------------------------- > -- > COMMENT: > -------------------------------------------------------------------- > -- > > Section 1. , paragraph 6, comment: > > This specification fills that gap. Concretely, this document > adds > > integrity protection and optional encryption of sensitive > metadata > > directly to the NSH (Section 4); integrity protects the packet > > payload and provides replay protection (Section 7.4). Thus, > the NSH > > does not have to rely upon an underlying transport > encapsulation for > > security and confidentiality. > > Given that, I am surprised this document doesn't formally update > RFC8300? [Med] Alvaro raised a similar comment. Not reiterating the same answer here. > > Section 6. , paragraph 16, comment: > > This timestamp format is affected by leap seconds. The > timestamp > > represents the number of seconds elapsed since the epoch > minus the > > number of leap seconds. > > Any particular reason why leap seconds are being excluded here? This > is unusual and also requires care with synchronized clocks (as > identified below). [Med] We are following the guidelines in Section 4.2.1 of RFC8877 (Using a Recommended Timestamp Format). > > Found terminology that should be reviewed for inclusivity: > * Term "master"; alternatives might be "active", "central", > "initiator", [Med] Not sure what is problematic in saying "... master their complexity .." > "leader", "main", "orchestrator", "parent", "primary", "server". > * Term "man"; alternatives might be "individual", "people", > "person". [Med] Made this change: s/A man-in-the-middle attacker/An on-path attacker. Thanks. > See https://www.rfc-editor.org/part2/#inclusive_language for > background and more guidance. > > -------------------------------------------------------------------- > ----------- > All comments below are about very minor potential issues that you [Med] All good ones. Fixed. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Lars Eggert's No Objection on draft-ietf-sf… Lars Eggert via Datatracker
- Re: [sfc] Lars Eggert's No Objection on draft-iet… mohamed.boucadair
- Re: [sfc] Lars Eggert's No Objection on draft-iet… Lars Eggert