Re: [Teas] I-D Action: draft-ietf-teas-yang-rsvp-16.txt authentication

t petch <ietfa@btconnect.com> Mon, 09 August 2021 09:29 UTC

Return-Path: <ietfa@btconnect.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E0153A0BA9; Mon, 9 Aug 2021 02:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.029
X-Spam-Level:
X-Spam-Status: No, score=-0.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FAKE_REPLY_A1=1.871, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWEOXK569YGv; Mon, 9 Aug 2021 02:29:28 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2106.outbound.protection.outlook.com [40.107.22.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DD7B3A0B28; Mon, 9 Aug 2021 02:29:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OXCr/f/eG9lDRZNYYfjhdvAroS7+Cnd4kQ8UY+LO5UYWO1o/BG7L8PwB6Di1h/PhGvnPfanw3f+ec5qUD5ayITy3vCuZ9caj4Q6kjZxkJ4g4hx3TVr+nSnqoB6qAZYqTt4WZfNdbHiPpFw4ptxJBNxIOx8RvJjJ3yujag/FzzMXxEnJeg13EhlnRmShgmxjryPC1WBpdcN7TnS+HBQDFKLOAOC3XitFHfBZuXXvXxVMkeaflx/3Hdpt60Z9sqBazy3SKzvB0ogn+RUFzp0fzuPAxNKDmJPNTmCNFteI611sUlXDozI3zPoGvlXTjn080IFnVGcla+hwI3HPVPybv+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A36f5d7CC0/Su1s1R4ungOhNIimw5gF4prlCbjIMsIc=; b=a4tsiCnh0BxMuI90kYa4na3XOCt00qRC0lhxbZ6Gw7iGU8DFESxuGUK3R8a1oPA0Wd3pJrQ5oRgYKqkXC1SCTYgUPkfKrSurgElkg6OYgf5+OrKlIuEelg/trY4b4HXQ/d3ePrQkhIVsD2Rv34M0bDNd49HzOH7gWosTf4ycA9sPf0xvBmXu2/Lyfn/LP8mHxBRxu00iOvQZQqgZybFQqXJYH9IZ5r0CfqKaDxxfAcyO3OmooBIKJ7EksuLjcHR86LMpvecP7XMRCylKGyDaj6T5foIpIh5/egjA/sMvQRJ0JpsrG+apZFNkITmk+nPl25tqh/rKN5U+dQvcEPX5fg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A36f5d7CC0/Su1s1R4ungOhNIimw5gF4prlCbjIMsIc=; b=Ohcg2mgc2oL3lRIx8csYLC0coI+VVb3p9y4PhcEOSmPhthQOe4UYSiFdWk6bHbwLS5Kwb2wh2w1hssxY2C7FhpSvFnt6J/eBVsoB0cfmY3D7500cMfcOGGwfYlI/HlD/zs1ZHFhFW6fIZdVlzUiMUrHmeIk+iOiKu/2+tTaoj2c=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from DB7PR07MB5546.eurprd07.prod.outlook.com (2603:10a6:10:73::23) by DBBPR07MB7386.eurprd07.prod.outlook.com (2603:10a6:10:1ef::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.9; Mon, 9 Aug 2021 09:29:24 +0000
Received: from DB7PR07MB5546.eurprd07.prod.outlook.com ([fe80::51be:6d5a:9b3f:ac8c]) by DB7PR07MB5546.eurprd07.prod.outlook.com ([fe80::51be:6d5a:9b3f:ac8c%5]) with mapi id 15.20.4415.012; Mon, 9 Aug 2021 09:29:24 +0000
From: t petch <ietfa@btconnect.com>
To: Tarek Saad <tsaad=40juniper.net@dmarc.ietf.org>, teas@ietf.org, teas-chairs@ietf.org
Message-ID: <6110F56C.8000304@btconnect.com>
Date: Mon, 9 Aug 2021 10:29:17 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO2P123CA0008.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:a6::20) To DB7PR07MB5546.eurprd07.prod.outlook.com (2603:10a6:10:73::23)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.231) by LO2P123CA0008.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:a6::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4394.15 via Frontend Transport; Mon, 9 Aug 2021 09:29:24 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bee41e0d-62a4-4646-3af7-08d95b182cff
X-MS-TrafficTypeDiagnostic: DBBPR07MB7386:
X-Microsoft-Antispam-PRVS: <DBBPR07MB7386854B8BAA67AA8A09D145A2F69@DBBPR07MB7386.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: DRE4lCqQqSBftAie2+rg+60BPps/TGId7LckK0JJA7oSC8PAJGS2glIBorq1+aY4DK45ideNY9ko2w+kgFgX5zJFdOs3EZMvUFM/V9E6ZV+Qe0WwfsZkYoPaP5Ydrc6IkkOZenEADmQG3wJWFrlvc6pz8vl8ypU2sdlLUqP0BE7/A7GjWz4v7XqmukD7qZKRvRFVZMJti4yBs/fvgiRblSI1b3Nj5QOztXhGjrqnHIiPLDh9qXii83bKqqr0nOrKV2Z/HR2J+eoRLB3Qw43WSIixevtDCJ7L9TtWOEdGx3VfLXzZlBITxnf8AALUm0F5P6epwY8jztAtEBTbTHOY9Dg7aGAxgOBLCskVIAM5zJCjeboC9/iCgKpXOmXNmwO8QoKpM40FLE2x+ANkTbAoMAZLc7fvKVN7i9EzExlZ/JDfS1KyenyZzkhPXCQpV7KfUSszEDvifg1KK6M0g3eTpeCnaWWh1HiGHyU3jr8KmWp+21zVMhY5mpW38F5eyRR5G2j23Qg4E9Md8wxjXyhpaLU30OYkxalz7P2Zvd6VP80cMmaJoK8akZ0mwzZTnrwvAHwxx4Y+x3pRCnxLXw1B7HhIN5HPRSYFZtTnubCsdsEKsLcbatcOj4hZ8/5HEcUugikPDJXaRJKcu4I67DcOjL6dI135fg7viaDh+o5OMtXtu4aWcDjgqzMsv7kCc/0sKOO0ypetiTD2WoCpCgRdJQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR07MB5546.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(396003)(366004)(136003)(346002)(39860400002)(66556008)(66476007)(87266011)(6666004)(66946007)(2616005)(956004)(8936002)(66574015)(26005)(16576012)(53546011)(316002)(8676002)(52116002)(38100700002)(38350700002)(5660300002)(186003)(2906002)(6486002)(478600001)(36756003)(83380400001)(86362001)(33656002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?Windows-1252?Q?RtpNdAboaoMOC22AM6wLNd5UggrTslZF6InrRJWt8eikeWo09Zi76pT2?= =?Windows-1252?Q?4YnHjiwVyzxp+Di+L36srvPJ8nJKVMWJ4xy8XbzmHvcJj6hMyJeNCwDa?= =?Windows-1252?Q?UMdC8KlUCYkR5EnL3c/wxA04ohzjuhTiYSGj7kFYayOQB290B1/EHPJd?= =?Windows-1252?Q?OKvFftUejYTl3kuP6PszSn1Ksdjvp+0kUogIEcrXcNj6reLr5dODb2qx?= =?Windows-1252?Q?DjJO+GYNtvBo8BJx/8lsQVQi8g017omX1O7Rioivsb+I/de7E6zwSupx?= =?Windows-1252?Q?TxJfpkkt4qarBK64V6zcovjBpTgzzVklvnCygeEY/fchjNmNFqdMDzQG?= =?Windows-1252?Q?YuQ8ooIWxUxLGXFpUAYtZYYUtmvzBZpubtlZ8p5PVhQ+F8Xd12rpkK98?= =?Windows-1252?Q?JNMJ43OzEkzPj7vBHqXiF3WtOxGhMTVvAuoCG4rLt3dqPaY6lUS4WgjT?= =?Windows-1252?Q?tjsBaZiZLo2TolJDLVIK3u7LELU4NJSvW9UZa5XghjH3+jLPDsYQS7zq?= =?Windows-1252?Q?aVsriAicVSdpNBYvCwOo4HkGk6Gv8R/J99bKiDOKf/q0o08vxJ1xxBSw?= =?Windows-1252?Q?DTPklFcOdzYbWGhzhybSvWwnCU2Yx/CENssfN2BJnIOyuE3p3/wyUuAS?= =?Windows-1252?Q?eNEoRzhYY8VBTc8O7asgeB2tNDFx5YQz70+VsUTgqSn5ZaqYxNjL3Mvt?= =?Windows-1252?Q?b8F2hy54T0BRTA23R/A8BRP/CM+lUWS4/xpCOs4RMdeR+bqH6hMiJPot?= =?Windows-1252?Q?TMBOzNT4YzNX6SXi1NRyY0KaxJiZdJTRzCbDGIzcd1gZTWkrTbGtPNAq?= =?Windows-1252?Q?ETqlJEI/kJIzaMgYq0nCti+TvD7BeIHo40YudwM6S9+BrKYbmCY8F7Gi?= =?Windows-1252?Q?4CVgdwE6+X9uVpwy5SsHhZscpCWIKu4t/2TXIOftIfnXqgionlklXAWt?= =?Windows-1252?Q?f68OCQZ7jJ6c74x+ZbQ/LBbDk+gpBL+0hs7JmALNUTWcV63ESvYRLZnw?= =?Windows-1252?Q?SIqqgDeMEXEQU5sND2l5+jxIHQrN7PsYk1WlEvw7vkffzUA7k8+RXl0W?= =?Windows-1252?Q?ba7S9wHEpIw5qikUTmHKuJZq4qOy+T6ZA3KQU4k6mGJq6hXyba20R35W?= =?Windows-1252?Q?Roc+eg+5QN8J3Iao5ezUcBfFGYQAnHy86tOwxp5hnckXIu/8U2HtFalQ?= =?Windows-1252?Q?XiqRwubBd7YcQuouy7772XS6ecvK9GxBEtkRwZEeNrd6m0b90sdwR/fV?= =?Windows-1252?Q?R7Joof2ty3w7aqGkQDHv+aLDT4G7QmxtMYTiyxd7i8Q4xCV+4Ze8cY47?= =?Windows-1252?Q?kbS98Zh3hiz1oGbUXE+L5UaU7n2RU1ASnNuwivF6C9LbaZ3SGfBoWyFL?= =?Windows-1252?Q?oycv4k8Ce//J5zEYxLBt8J3PbdKG+b1isKZy0wn47CJv6lBFmxnKP9a7?=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bee41e0d-62a4-4646-3af7-08d95b182cff
X-MS-Exchange-CrossTenant-AuthSource: DB7PR07MB5546.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2021 09:29:24.3312 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 5Q/qagRarmxDgkOXDHCXma3B1P6Narkl4HLWGozZPU0RSL1+D+TNIzDzwSapN5BROqrKZqspyRacoNoi3+2igw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR07MB7386
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/dL3lVYHM3KDRZxH6RlkZ6QcqBJM>
Subject: Re: [Teas] I-D Action: draft-ietf-teas-yang-rsvp-16.txt authentication
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 09:29:34 -0000

Looking at the coverage of authentication generates the following
thoughts.

The referenced  RFC2747 has HMAC MD5 as MUST  implement.  While this
algorithm does not appear in key-chain, I think that this I-D should
point out that this is no longer considered strong enough, in Security
Considerations and perhaps in the YANG description as well.

The YANG paths in Security Considerations seems to have spurious spaces

'authentication-key' would seem to me to be sensitive enough to warrant
a mention in Security Considerations as well as a nacm deny-all in the
YANG

RFC2747 talks of simplex operation with separate keys for send and
receive.  Only one key seems to be specified here so perhaps worth
spelling out that the same key is used for send and receive in this
model.

If the range for a window size is 1..64, why is it a uint32?

Probably worth a mention in the YANG description that a window of one
means no window.

'leaf retransmits ' I cannot find in the referenced RFC2747.  A section
reference (or another RFC) would help.

Tom Petch


----- Original Message -----
From: "Tarek Saad" <tsaad=40juniper.net@dmarc.ietf.org>
To: <teas@ietf.org>rg>; <teas-chairs@ietf.org>
Sent: Friday, February 19, 2021 8:11 PM
Subject: Re: [Teas] I-D Action: draft-ietf-teas-yang-rsvp-16.txt


> This revision includes editorial updates as well as the addition of
"Appendix A" for example instance data tree using this model.
> With these changes, the authors believe I-D is ready to progress to
WGLC.
>
> Tarek (for authors)
>
> ?On 2/19/21, 3:00 PM, "Teas on behalf of internet-drafts@ietf.org"
<teas-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:
>
>
>     A New Internet-Draft is available from the on-line Internet-Drafts
directories.
>     This draft is a work item of the Traffic Engineering Architecture
and Signaling WG of the IETF.
>
>             Title           : A YANG Data Model for Resource
Reservation Protocol (RSVP)
>             Authors         : Vishnu Pavan Beeram
>                               Tarek Saad
>                               Rakesh Gandhi
>                               Xufeng Liu
>                               Igor Bryskin
>     Filename        : draft-ietf-teas-yang-rsvp-16.txt
>     Pages           : 57
>     Date            : 2021-02-19
>