IETF Logo Mail Archive

Re: [sfc] SFC Security

"Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com> Wed, 03 June 2020 22:03 UTC

Return-Path: <naikumar@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C9153A0746 for <sfc@ietfa.amsl.com>; Wed, 3 Jun 2020 15:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=drt6t792; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=cntZehAD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EjOjbh69klSl for <sfc@ietfa.amsl.com>; Wed, 3 Jun 2020 15:03:37 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 941443A0747 for <sfc@ietf.org>; Wed, 3 Jun 2020 15:03:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1314; q=dns/txt; s=iport; t=1591221817; x=1592431417; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=WS50v3DetO+nJXUDMrHOl2muCtZPivgaoIE/la5cEow=; b=drt6t792L8Rt8T90dXCwxhOJidJf30iC85r17FZtv8MjPRdiycUKbqo8 hKWSt7seherZiwyAFCDZKInQKUqcpsdS9QAoKbw76IM+zKQsRNh8dMV7R kXaXXASrVrzJboDhJO6VsmG1zWIHJaGnCe8YB9M9Y8VpHcA9rYKXAVJ9i A=;
IronPort-PHdr: 9a23:X3QScRUv3h7yWlUwxgo45VXf2mzV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBN+FufBDhu7WuqT4VHYGp52GtSNKfJ9NUkoDjsMb10wlDdWeAEL2ZPjtc2QhHctEWVMkmhPzMUVcFMvkIVGHpHq04G0QHRj7NQNxPunvHMjZiMHkn+y38ofYNgNPgjf1aLhuLRKw+APWsMRegYZrJqsrjBXTpX4dcOVNzmQuLlWWzBs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CeCQAEHdhe/49dJa1mH2qDHFIHb1gvLAqEG4NGA6YYglIDVQsBAQEMAQEYCwoCBAEBhEQCF4IEAiQ4EwIDAQELAQEFAQEBAgEGBG2FWwyFcwIBAwEBEBERDAEBLAwPAgEIGgImAgICJQsVEAIEARIigwQBgksDLgEOpFQCgTmIYXaBMoMBAQEFgUZBQoJ9GIIOAwaBDiqCZIloGoIAgREnHIJNPoJnAQEDAYFhgxQzgi2SAaFvCoJZiDSQQAMUCYJnjh6NNZBxiX6UCgIEAgQFAg4BAQWBaiIpgS1wFTsqAYI+UBcCDZQyhRSFQnQ3AgYBBwEBAwl8jF0BgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.73,470,1583193600"; d="scan'208";a="490224039"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jun 2020 22:03:36 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 053M3aNh001528 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 3 Jun 2020 22:03:36 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 3 Jun 2020 17:03:36 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 3 Jun 2020 17:03:36 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 3 Jun 2020 17:03:35 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=anfLy9UDEe80F0OEMFu5Adm0Bj5JvaLTyQmG0GqzuY5NhiKe4IfaWaDxKGAxdKc7GgVdPgI7b/ptw/KjeBsORGlknKkVr771EGamOKQCZYqO+7XwCZFvCRmAeMSncZgEIUqfbaZK6xInfuJ1/ttAZsWmQXpkjYb9QkZwL9IbYMRAtHPo6lHiMk5Vr5sEMR85LgqlS3Z7wjAuPGM0sy+FbiSX7yfvl1rLIJ6MfL1vvpuYOZ6AzL0Or3KDfqUEoIQJ/jrhNMLIsMEBd5wjun9AyXC5/Pe57Ry2rq2GkSqAqeFkaobC9rU3p1HANdECpwuplhKTC1x90UfxmjyEsEv+Sw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WS50v3DetO+nJXUDMrHOl2muCtZPivgaoIE/la5cEow=; b=loKKdD5grr/ordahEmdNhNZ9r3jFeRBFZXeDXC6zCApLfEVeqSNW6XuNfxuHxQSe8l3TxBcoYQ6RwVFxm9ehZuwzO65fdrYsau+Y2ii+DbI2pUzGybfhl5pYXMnn3ald/csmPxYVqprI/ef8bE8OxVFraQhRou5iUa0GBROeA9iUPOadHJQ27+PxHIw5MBfFq5/U7rC8B6/xdtP6+rhuFAlp7xzQHlDPWF6EuYQG7Vel9W6Vu+s3xydjJKfhBdjjMaD0RESovxiVVzZY/JM8kLs8VwZ+Nlzk8ZzKNNrzD/e2yy5T8he9r2ufgYO36uAWwMchNSCibmmePRi9KmvjUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WS50v3DetO+nJXUDMrHOl2muCtZPivgaoIE/la5cEow=; b=cntZehADiJcMXW6fi2rahYocrCdVQlcFLJXdOVZ7z3FcS3rhdfWUntB4elgaJKl9U0C93sAnMYEqLRgCwT9xE5Som/jKy8ep6a2W9+6Bo5UnwXWD+0mWOt0R5Fca7qUvfyq+LF0snygE9qgDxBYEdFSaGzHQZF0Clj8jIR++LKE=
Received: from BN6PR11MB4068.namprd11.prod.outlook.com (2603:10b6:405:7c::31) by BN6PR11MB3938.namprd11.prod.outlook.com (2603:10b6:405:79::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19; Wed, 3 Jun 2020 22:03:33 +0000
Received: from BN6PR11MB4068.namprd11.prod.outlook.com ([fe80::6d40:9e8a:252a:4f34]) by BN6PR11MB4068.namprd11.prod.outlook.com ([fe80::6d40:9e8a:252a:4f34%3]) with mapi id 15.20.3045.024; Wed, 3 Jun 2020 22:03:33 +0000
From: "Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: [sfc] SFC Security
Thread-Index: AQHWNDynB4/HpgTHM0mxUljY/t7bxajHOhuA
Date: Wed, 03 Jun 2020 22:03:33 +0000
Message-ID: <EDCEFB70-DFA5-4B6A-A2B5-883A6B224209@cisco.com>
References: <9c712682-75ee-f6ea-3355-af2271fc0d75@joelhalpern.com>
In-Reply-To: <9c712682-75ee-f6ea-3355-af2271fc0d75@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
authentication-results: joelhalpern.com; dkim=none (message not signed) header.d=none;joelhalpern.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: addde0b0-b5e2-4547-117a-08d80809f519
x-ms-traffictypediagnostic: BN6PR11MB3938:
x-microsoft-antispam-prvs: <BN6PR11MB3938D30FAE928909B977C56EC6880@BN6PR11MB3938.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 04238CD941
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PG7kLogVBgEcjPM7xNJiYaejUSSbSpZMAw/sUdS1tV9F3R/Hx1rl5GSZ98UMCc7kBOq3FLCbjvCjG/kCIeKe8rpMtPT7EXGtHcBzGu4gQ6xjZLi+LpQzCajXlnCgbkNcr20qhlMXzUc3tPbLJJyxiKlgYoFEwnhPrgU83byA/viKQLspK3G7gq4JL2Z5IoZJ4czlBvElJyk2/oNzpzoY9QEbGOFh5nBl1FfKElBhOKfnOS/pLNspvLBTBx8+kRnavTkNwb5qolUAiW22vGVvjnwGEo/KsI06PPZUmHz7FlMZ5McYAdA44k6oMitR9+gUW87O4Mkiy0X0sN3BODD6Q3bQCmt8iM2+RCHc1yETOWl8qqbsfAf1vE7UlQCzz8RwyynKwxq8zGYN9ZQ63NNurQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB4068.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(396003)(376002)(39860400002)(366004)(346002)(71200400001)(83380400001)(66556008)(91956017)(4744005)(6486002)(478600001)(5660300002)(6512007)(2906002)(36756003)(33656002)(966005)(66946007)(76116006)(15650500001)(2616005)(110136005)(316002)(8936002)(66476007)(6506007)(26005)(66446008)(86362001)(64756008)(8676002)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: kA9V4FBTB1l2W4WsCsuY3/Ci5pMrENAZOJbnXrZ1wud8BjT/ZyDYx9tFAEc03PUexnykr/spRnFxP200QGQgpuQlFY6+mlrsOmhw/c6+/4Yx0lqFqLGppcJZY2MmfNNoLBq8F+UtHzecDL2lIkk40FRv0SBcQnH3llmhRUuB+Y2dsY3bj927NaozBE3OfwqcQfSvucIN9kTI4ZIDxIyXKykTRVUQ1dzf1moJTcUmgAOJQ0UmkcH4oR9lGz3yqu2VpTK5DZl19GnTQX134iYyFEANvjK4AvN0z3OXm9gAlwHp2lC+I0n23kba8m5PckrRAlnzMGulBmevWAQdoOahA8qeEUYg+owUtOg3d86R+uV6026CFBNkeouACmxLPwPVey1LPUHU6BFovy+5i2dHu6GmySzW3ioOAViQ79pDaAGIopvXNAfOEw98OpvIWoFZsDlwbx9LZc4E272HOalsfJYw54WT5S3mjgJvbeMijqY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E1A8C39715E8324CA4D65E132AA400DA@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: addde0b0-b5e2-4547-117a-08d80809f519
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2020 22:03:33.0904 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eaNexgnRgxEXnCjyCUoZE9oET4j9e0PS7/Tx7hPbCLLLzlw0ePV3oPfe1ofYIur0pslNJiut9W0d3nHUyOu09w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB3938
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/yUzkaUY6w77qvlWFgaGNJGDpba0>
Subject: Re: [sfc] SFC Security
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 22:03:39 -0000

Hi,

I read this document and believe that this is a good start. I support this work.

Thanks,
Nagendra

On 5/27/20, 11:36 AM, "sfc on behalf of Joel M. Halpern" <sfc-bounces@ietf.org on behalf of jmh@joelhalpern.com> wrote:

    We as a working group hava milestone which the IESG felt was important, 
    and which we agreed to work on, to provide security mechanisms for NSH.

    We have one individual draft that suggests such mechansims:
    https://datatracker.ietf.org/doc/draft-rebo-sfc-nsh-integrity/

    Do folks think this is a good start?  A bad start?

    For those folks who would like to be working on other things, the chairs 
    note that we are very reluctant to engage in new work items until we can 
    prove we can complete out commitments.

    Yours,
    Joel

    _______________________________________________
    sfc mailing list
    sfc@ietf.org
    https://www.ietf.org/mailman/listinfo/sfc

v2.23.0 | Report a Bug | By Email