Re: [sfc] Warren Kumari's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
mohamed.boucadair@orange.com Thu, 15 July 2021 05:02 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 3E4473A1BE8;
Wed, 14 Jul 2021 22:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jH3F14lLNAJf; Wed, 14 Jul 2021 22:02:08 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 8AD883A1BE6;
Wed, 14 Jul 2021 22:02:02 -0700 (PDT)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by opfednr24.francetelecom.fr (ESMTP service) with ESMTPS id 4GQMfs25J3z1y7P;
Thu, 15 Jul 2021 07:01:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com;
s=ORANGE001; t=1626325317;
bh=ShfCveJcEKObaJGFItLlrYuX8tVA9P2Y+fnsRoUjQFk=;
h=From:To:Subject:Date:Message-ID:Content-Type:
Content-Transfer-Encoding:MIME-Version;
b=LGjY8rcHi+Puk8M5Ki0y8YdouaWYfDO7vQDuex/4DZQ1/dEyjDZMV3Ebd3bTrZrR8
ZyMF2cczOjPZtDge9MxkLu7cqC9YzRjISLOqNRJ/BPs0j7s7NGuy2xHCKS+4brAg8C
swKP/hMKh1RmFds5Sq2FZUbX9VhmUCzAtWDEKwPSGeZL2wsWvxEZ/oI3o9z9+QxP7c
FsyUur8wOpSyVWmIuXC7/qbVSpOC5kM6hZqyAmC633d4l+b74L/ixJ3lPW+dbNNe5X
4kfiZ0qaviS75o354EN7M8FUNzVd7xG2ipq3L8xRsM1Z1z8Afc/FR9s7pAU0wKvLTD
AzbyqM2+DTbMA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.48])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by opfednr03.francetelecom.fr (ESMTP service) with ESMTPS id 4GQMfs1HKmzDq82;
Thu, 15 Jul 2021 07:01:57 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: Warren Kumari <warren@kumari.net>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sfc-nsh-integrity@ietf.org"
<draft-ietf-sfc-nsh-integrity@ietf.org>, "sfc-chairs@ietf.org"
<sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "gregimirsky@gmail.com"
<gregimirsky@gmail.com>, "j.schoenwaelder@jacobs-university.de"
<j.schoenwaelder@jacobs-university.de>
Thread-Topic: Warren Kumari's No Objection on
draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
Thread-Index: AQHXeNl9pqahg1HTVUi989FEVTTQtKtDewuw
Date: Thu, 15 Jul 2021 05:01:55 +0000
Message-ID: <28315_1626325317_60EFC145_28315_39_1_787AE7BB302AE849A7480A190F8B9330353BF439@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <162628534840.21882.4452533905992394703@ietfa.amsl.com>
In-Reply-To: <162628534840.21882.4452533905992394703@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/wc0UfZ02GgW2SzZ4DeGMfhtwD9U>
Subject: Re: [sfc] Warren Kumari's No Objection on
draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 05:02:13 -0000
Hi Warren, Thanks for the comment. Will see how to tweak that sentence. If we don't have a better alternative, we will leave it to the RFC editor. Cheers, Med > -----Message d'origine----- > De : Warren Kumari via Datatracker [mailto:noreply@ietf.org] > Envoyé : mercredi 14 juillet 2021 19:56 > À : The IESG <iesg@ietf.org> > Cc : draft-ietf-sfc-nsh-integrity@ietf.org; sfc-chairs@ietf.org; > sfc@ietf.org; gregimirsky@gmail.com; gregimirsky@gmail.com; > j.schoenwaelder@jacobs-university.de > Objet : Warren Kumari's No Objection on draft-ietf-sfc-nsh- > integrity-06: (with COMMENT) > > Warren Kumari has entered the following ballot position for > draft-ietf-sfc-nsh-integrity-06: No Objection > > When responding, please keep the subject line intact and reply to > all email addresses included in the To and CC lines. (Feel free to > cut this introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ > > > > -------------------------------------------------------------------- > -- > COMMENT: > -------------------------------------------------------------------- > -- > > I support Roman and Eric's DISCUSS points. > > I also found: > "Note that some transport encapsulations (e.g., IPsec) only provide > hop-by-hop security between two SFC data plane elements (e.g., two > Service Function Forwarders (SFFs), SFF to SF) and do not provide > SF-to-SF security of NSH metadata. For example, if IPsec is used, > SFFs or SFs within a Service Function Path (SFP) that are not > authorized to access the privacy-sensitive metadata will have access > to the metadata." to be incredibly hard to read/parse. I think that > my confusion comes in around the "that are not authorized to access > the privacy-sensitive metadata will have access to the metadata." > test, and thing that the last sentence should be rewritten to start > with "Because IPsec does not... it exposes privacy-sensitive > metadata to..." > > Also, thanks to Jürgen Schönwälder for the OpsDir review, and to the > authors for addressing the comments. > > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Warren Kumari's No Objection on draft-ietf-… Warren Kumari via Datatracker
- Re: [sfc] Warren Kumari's No Objection on draft-i… mohamed.boucadair