Re: [Sframe] Éric Vyncke's Block on charter-ietf-sframe-00-00

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 15 September 2020 05:53 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7BF3A0BB9; Mon, 14 Sep 2020 22:53:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.619
X-Spam-Level:
X-Spam-Status: No, score=-9.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=H176ZanI; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=u5vI9RhA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWw3apWmzlKH; Mon, 14 Sep 2020 22:53:37 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 111893A0E6C; Mon, 14 Sep 2020 22:53:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14537; q=dns/txt; s=iport; t=1600149217; x=1601358817; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=eXf4SGHvMNJ0Y/NyluIDFc3YrvtHvjlMiT1xYAN6e0Y=; b=H176ZanIeEArPZ7sTeGmObFGK5l1A4i/vH62EhHKGz3lIzTUiXaMKSdG jYhf3BwEdct/9SEGdE43SXCyMUH+JJMWqaLejPwbiaF19YS0MxICs+4V0 C3q7ScIq0KdwAx9V9xE2MphFlF0/p+sMVGXAftZ85sl+KbGVmx2K8gBu5 k=;
IronPort-PHdr: =?us-ascii?q?9a23=3AUOAfVxyMOU/LxCjXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5ZRSPt/R1khnSTdaT5/FFjr/QtKbtESwF7I2auX8POJpLS1?= =?us-ascii?q?ceiMoQkgBhZazNCUDyIPPwKSBvGsNEWQxk52/9KlgGUMr7bkfZ93u16zNaEx?= =?us-ascii?q?7jNA1zc+LyHIOaj8m+2+2ovZPJZAAdjzumarQ0JxKz/gg=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CFBwBkVmBf/4QNJK1gHgEBCxIMggQ?= =?us-ascii?q?LgSMvUQdwWS8shDmDRgONcJQEhG6BLoElA1ULAQEBDQEBIwoCBAEBhEsCF4I?= =?us-ascii?q?RAiQ1CA4CAwEBCwEBBQEBAQIBBgRthVwMhXIBAQEBAxIRHQEBLAsBDwIBCA4?= =?us-ascii?q?DAwECKwICAjAaAwgCBA4FIoMEAYF+TQMuAQ6rBAKBOYhhdoEygwEBAQWFOhi?= =?us-ascii?q?CEAMGgTiCcYNpgiaCaYEmHRuBQT+BESccgk0+glwBAQIBgXwNgmozgi2QD4M?= =?us-ascii?q?YhnCccwqCZYhxkU8DHqBthESYdJUOAgQCBAUCDgEBBYFWAjaBV3AVZQGCPlA?= =?us-ascii?q?XAg2OH4NxhRSFQnQCNQIGAQkBAQMJAXuPVAEB?=
X-IronPort-AV: E=Sophos;i="5.76,428,1592870400"; d="scan'208,217";a="815883241"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Sep 2020 05:53:32 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 08F5rWLU007962 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 15 Sep 2020 05:53:32 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Sep 2020 00:53:32 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Sep 2020 00:53:31 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 15 Sep 2020 00:53:31 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C15DlP5VC7AOxofQq6p1Xq1IscU/KrvbAFGra+Ye+GvDf+M3WuU2xNbUURHwwDOMEkYk5+1FU1uyc6izPGAq3iLIHbyjYpCzq7XoP7liMc+B1XKpert+ne4Mojr+vNBg3Ij0qkZug+gEkH69+0wpS7X3snPwK9uLASerGglRHn7y55gfkyNH17SNvYRxWjCkKAuzvG2+wSN3fv7MoO6ErFIYeWSgtnJwEl1fL2X+EJpPE669qMQYiB7tys655uAoqNHfY0hDjw9Pkr/R1BUjm6EedojG+f+yLCM97R6auOE2Rm8D8WY0fO/8jBkrcwAOVJGCZR2pxSu5Bb8ageK/LA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eXf4SGHvMNJ0Y/NyluIDFc3YrvtHvjlMiT1xYAN6e0Y=; b=QUSUl/+moJXpbWfGEy4JeleNCNdMMFSUXoMjdXmxulFlCREZjwXiXSg93tY6fcta/JlNzhcTxk1/YYYjytmctoRNV/7/rzhiISm8qqc6zrlm9NKHbNw4ya7js03np8IkmJCm8z/VtBznkda1gtlQNLF5iKxeCByhWjgxUCrKHX4vh6naWLhqZa3VYWfnf/8eX1wEd2lZaAS666tKBPCUaafyL8eWcLQhxKoIiMJjOKAJ9Lw/b528d9kHubcYrMrz5YzTPyn/Mo0YZRl7cbTgK1e3CdlyKr6Dsqs/3swy8YaUdzaUAJu8mKgBihfSg+zah2CxSDOQjHxE7owEpYceIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eXf4SGHvMNJ0Y/NyluIDFc3YrvtHvjlMiT1xYAN6e0Y=; b=u5vI9RhAl1pcJjKCamw4N1JHnicqk9HquvkdsAi228UZw7kRSRdn5v1Xt3tNYURyqkaE9XXnbXsAT2toFsdoyLy+iP+G3T3vSvwlHMp7FtNgnkTsr26XtTW0H/cDDeGiaSmymZ2+P+AGbJUGzY1NLH7KIrN81bLeQb/5UihpraQ=
Received: from BN6PR11MB1844.namprd11.prod.outlook.com (2603:10b6:404:103::20) by BN6PR11MB0034.namprd11.prod.outlook.com (2603:10b6:405:6b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24; Tue, 15 Sep 2020 05:53:29 +0000
Received: from BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7]) by BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7%12]) with mapi id 15.20.3370.019; Tue, 15 Sep 2020 05:53:29 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Richard Barnes <rlb@ipv.sx>
CC: DISPATCH <dispatch@ietf.org>, "sframe@ietf.org" <sframe@ietf.org>, "The IESG" <iesg@ietf.org>
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgQmxvY2sgb24gY2hhcnRlci1pZXRmLXNmcmFtZS0w?= =?utf-8?Q?0-00?=
Thread-Index: AQHWh36duAaYmG3ptEWrbhiRtd6hkalpW5oA
Date: Tue, 15 Sep 2020 05:53:29 +0000
Message-ID: <385163A7-A32D-48CF-B38E-A4D44253E33D@cisco.com>
References: <CAL02cgRE8LjzNX-PF=iz+FEH0JkCpzaLyCO=zbKAgUTvV2hwYA@mail.gmail.com>
In-Reply-To: <CAL02cgRE8LjzNX-PF=iz+FEH0JkCpzaLyCO=zbKAgUTvV2hwYA@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: ipv.sx; dkim=none (message not signed) header.d=none;ipv.sx; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:1c8d:b3b5:5e1c:1d8d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c813498-7a84-4fcf-a5c9-08d8593bac12
x-ms-traffictypediagnostic: BN6PR11MB0034:
x-microsoft-antispam-prvs: <BN6PR11MB0034BB3489D84A7F9A712B1BA9200@BN6PR11MB0034.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EPQR4DOIaF8lEpydwaETbEJs5BMQqnZ/hOWOWNeA9wXRiAJK2IppKDrA27H7Gt99syuciNXWWrFC5PEOxaJoP2llSKoOgwSqWE9S3cACGyqYYUsun3UtN3IRREvO6xNkNPRKUh9gqSqgOa0X/GMQof1ywb097ArfYYaR4e/qSCCa3yJDKKqebtmEIvujrawnK8W4DCBFi/8r0dOdjd2mW+vKWHczABz2u1awl4V9eT012lIo6LhH/gXDriKzTFxS7ZxNhVZgQas/KyVYp/015kJQ7X7InTSiHHqXnXQfs0Ljok9J0UWPjZOK6Q3ezNWCXDSwPiNANDMwnT1qBwuesqNjGkr793zQ/J2dROPXE7++1RmN1FPiyoSvn5HHymEHJ2gh42SFou8P8dKKnAHNIg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1844.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(366004)(376002)(346002)(136003)(396003)(2616005)(186003)(6916009)(478600001)(966005)(2906002)(33656002)(54906003)(36756003)(316002)(224303003)(83380400001)(86362001)(4326008)(66574015)(76116006)(91956017)(66946007)(66476007)(64756008)(6512007)(8936002)(6506007)(53546011)(71200400001)(66446008)(66556008)(5660300002)(166002)(6486002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: r8lLd2jzLEH1yHFcgzq9lLmvMOfT6jpI0jWkwsYw560z3jUXVZAdt4l6PUabJas8lU2NTY2KcTWJ+cZwjJdbxW6+XMmzQkgOJiGn/LNxKCfwKxZz3ZdZE5qOD6lkbMZCE0y7ntYeESORF/vW8jKPxujIEbRyl645qWsqWw2VkH3UQFP9la6aH3fnldVUCVoNq0FNZd1hNFapRyn/591opBDh+UJVTyE046C32eg4zBEbUewULQW4pCHNKviyLMrIHRh6iHxtDiL1ZpcWgLRwzk0r2UbSLcjYBtdZ3wlgbQcuS+mGC16gxLE2OEtA9KOQd1NDz/0CY46S6F4uexCt70ccMBiZ83WIe9pQ9B/9E39zXnGCSX2D4HbvWJfP/ACPBSLv1eA4Pre+//n03VoN3/zXyOSl9iv9rNCwyndXGpu8meRQyFC4GWHlbkPd2nFS2Ni+9C3pouqzoeKSr3TA5oyrp6so5kdlx/vfRcgT8wLJLcOMGOc4J1tBOi524Gapu4/lQr8c/dm7cqyGDoZPU91lm9zNdFhas2szXZG6iGcoMUkO4dUTb6oUDCOi/K1MXg/1xNZTtLo8KS/3J65niwEZ+9bk5hkKmRDHEipW3vUpPvvn8ODfCHogLJE1ZklaqNTIGcQh6KnI8n8LQpiivEJaee2/Kgv0/PR0YW5NwjzoNrFCveJrh5qVDANVQNRZSfl5bL07UCjxbfSRT4KFZA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_385163A7A32D48CFB38EA4D44253E33Dciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1844.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c813498-7a84-4fcf-a5c9-08d8593bac12
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2020 05:53:29.5312 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wJ2iWo4MinZcCZzQqmqvFt5NTjRqLzSsEE+CmBIhLlqoR168G6p8XRG2bTclU1/YE/zg57ggICgfIe7R+7BTFg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB0034
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/jQMO9wkSzpnmcqqFn-3WxI7g5fY>
Subject: Re: [Sframe] =?utf-8?q?=C3=89ric_Vyncke=27s_Block_on_charter-ietf-sf?= =?utf-8?q?rame-00-00?=
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 05:53:40 -0000

Richard

Sorry for belated reply, I am enjoying some days off.

As I in my BLOCK, it is more about being really clear in the charter than having real issues with the charter.

See in-line for EV>



From: Richard Barnes <rlb@ipv.sx>
Date: Thursday, 10 September 2020 at 16:28
To: Eric Vyncke <evyncke@cisco.com>
Cc: DISPATCH <dispatch@ietf.org>rg>, "sframe@ietf.org" <sframe@ietf.org>rg>, The IESG <iesg@ietf.org>
Subject: Éric Vyncke's Block on charter-ietf-sframe-00-00

Hi Éric,

For some reason, your Block didn't get sent to the relevant mailing lists, so I'm crafting my own reply :)

- 'Selection among multiple encryption keys' should there be a way to use different encryption algorithm as well with the encapsulation (I noted that this bullet is explicitly for inside a session)?

No.  The assumption is that the algorithm is fixed for a given flow, but there may be multiple keys (e.g., for different senders), and of course, each encrypted unit needs a different nonce.  We could add some text to clarify this if you think it's really necessary, but this seems like a finer level of granularity than is needed in a charter.

EV> OK, the text is still vague though about “selection” because it is probably “rotation” or “refreshing”

- like Magnus, I find "Information to form a unique nonce" pretty vague and is it 'nonce' or more 'initialization vector' ?

I've revised to be clear that the encapsulation has a standard nonce formation algorithm, and the wire format provides the input to it.  The word "nonce" is standard here (see https://tools.ietf.org/html/rfc5116#section-2.1)

EV> While I know what a nonce is, the text will benefit of a change of wording

- 'This working group will not specify the signaling required to configure SFrame encryption", it is unclear to me whether the WG will specify a control channel to negotiate keys and crypto algorithms as the current sentence appears more generic configuration (e.g., supported crypto algorithms)

No, the WG will not specify a control channel.  That is something the application will have to provide.

EV> What about « This working group will not specify the signaling required to derive the SFrame encryption parameters” ?

- only one milestone ? There is nothing about the RTP mapping document that is mentioned in the charter text

Yep.  Just one thing, the encapsulation.  The MLS mapping and RTP considerations should both be small enough to be sections in that document.

EV> OK, then this is fine
--Richard