[tsvwg] Re: Deb Cooley's Discuss on draft-ietf-tsvwg-sctp-zero-checksum-10: (with DISCUSS and COMMENT)
Deb Cooley <debcooley1@gmail.com> Wed, 19 June 2024 19:42 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A3F0C1D4CC3; Wed, 19 Jun 2024 12:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.853
X-Spam-Level:
X-Spam-Status: No, score=-1.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfZ7X8ZOfANI; Wed, 19 Jun 2024 12:42:54 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F88FC180B75; Wed, 19 Jun 2024 12:42:54 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id e9e14a558f8ab-3760121ad45so408985ab.0; Wed, 19 Jun 2024 12:42:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718826173; x=1719430973; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KFPEnR6rXuqX3sLnZxhiRCvSgfxGz1CErf7DkMK5dqk=; b=cotnbLIIDShzlbWT5ReIm9DlTIFEIxzBs5S5lq6tGRmyfRQSc++oAZzvW6LjhzbW4Y Y3zyqfrczydVGP5CEJ0P+l6OSXsCvPWnHCoN/2KM0Zw56S+KVRULZLEW7JJnhoZ5wnP6 8biTUY2zpsVidjujIn/SAVTxvI3+lVyiMvONoCW1XiNIyXBUuOtQHgUsJIc298IDSF6V MympxG5X16HeqI3MCmoSAUyZMg9zpL6kgmkmU0H3k64RC8E2qEVXDbQE3e77HNP1+jA5 216prn3tDon42mLl8oifhe1+cz8HM7zeeY0OUpY4jww2J1Z/HnGvW7c/AjSvJl8fGzzo TgeA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718826173; x=1719430973; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KFPEnR6rXuqX3sLnZxhiRCvSgfxGz1CErf7DkMK5dqk=; b=U9UjXhJoREovhX/0+KZF3FrGeg0q+VSgjjqKkbITYrp8B7vyePfr8HS5TM4dkLIs3x OxssL0hy5Ulc7NZATWV7JVlxu31BLNksbqUuxSIyc+fCstOExc3JS7Yd+GIyw2kOD7Ni YtwnqoW39ps0IDMhUjpQCIWHmD3ihieeA+of25LKoYfnROQrLdKLhvnRj3EevFZn2bVx dKkYdBD+xBejQZZ9NLzm6nYNO4m/5/CehW7544eTuGan1lCjWLv3+vAEeWXxYPWw4DZk WZMnyE8JhIV6ACu7pn9HQ8NIB5/YEkaPW0tDCqZ9JMGMafvG7OqkJ+22x1sewZQRYV50 y70w==
X-Forwarded-Encrypted: i=1; AJvYcCX74pdCp5Qz4DHHOzMfNdURngS/HnJkzHybfZpQnZ0Bi+qkPV9yznWzz36pzQKldP7gmrGCT5pNNcel6pHfMhIIgUJCxdP7AIBkVhZgnjtG4kcVdqnWghV00tQlIyvGaLOVkzIHSv2tszn0KUg5Xyl8Jz0LXw7Y3vSbEZe5BJZo4chBvQ==
X-Gm-Message-State: AOJu0Yw3Kq/l1KK8SczQC7DXzrHPdpC1Al0YhopXAeLm2s7IzmqtFLIM 5SwuO/026wJjrjzTO0RX6lDnQagW2opSQ9EEjeBfWd6zfY8RAoizXDJrvigeypCmQavgebDfN1r 1Uz11NYi/Ea0MYGqGNjXomPCRzgSYt6Q=
X-Google-Smtp-Source: AGHT+IEsz24C1+sAe8k2Ry4GbOEbbezyXZ96TCtugF6vuzHQ9lO8BPbAmTos4yOwcrI4ZQKS5dxDL5Tw1j6bxxhPT8U=
X-Received: by 2002:a92:c269:0:b0:374:abf8:4f65 with SMTP id e9e14a558f8ab-3761d74e1d1mr34905085ab.32.1718826173579; Wed, 19 Jun 2024 12:42:53 -0700 (PDT)
MIME-Version: 1.0
References: <171777230482.20251.8346371564760157384@ietfa.amsl.com> <A20D6FE1-2120-48C0-BDF3-6413FE9E50A4@lurchi.franken.de> <CAGgd1Oc_5wot62=i_-5TMXb2DB0JjZcoj1ufjZCy7zYtv8dHjw@mail.gmail.com> <08D9D3F9-DF0E-493A-833D-0ACC1414F230@lurchi.franken.de> <CAGgd1OfdomkJig01ehqPhZXXGtiizXQMK2Op3s4g1Z7CRhM3+g@mail.gmail.com> <3309F3EA-2871-4D5E-9C08-8F5C001983AA@fh-muenster.de> <CAGgd1OcFfK42S3o4bCoGfbKDiQ5RKb9A_hwK28TjC6LZAui=0w@mail.gmail.com> <9BF506E8-F6FC-4C0A-9606-87DA4E7AF9B6@fh-muenster.de>
In-Reply-To: <9BF506E8-F6FC-4C0A-9606-87DA4E7AF9B6@fh-muenster.de>
From: Deb Cooley <debcooley1@gmail.com>
Date: Wed, 19 Jun 2024 15:42:41 -0400
Message-ID: <CAGgd1OfY8Or_8nLVzA22RNSPy32D0OujQODB0WQ5+e7uAJ0mSA@mail.gmail.com>
To: tuexen@fh-muenster.de
Content-Type: multipart/alternative; boundary="00000000000081cd54061b436744"
Message-ID-Hash: 4J7FD53JYJVJHCP6V2QY53SMQDSY6NIA
X-Message-ID-Hash: 4J7FD53JYJVJHCP6V2QY53SMQDSY6NIA
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-tsvwg-sctp-zero-checksum@ietf.org, tsvwg-chairs <tsvwg-chairs@ietf.org>, tsvwg IETF list <tsvwg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-tsvwg-sctp-zero-checksum-10: (with DISCUSS and COMMENT)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/9m-PgHKRWGovNPaiyKAgXTzSYj4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
This is perfect. I have cleared my discuss. Thank you for your consideration, Deb Cooley On Tue, Jun 18, 2024 at 2:48 PM <tuexen@fh-muenster.de> wrote: > > On 12. Jun 2024, at 00:27, Deb Cooley <debcooley1@gmail.com> wrote: > > > > That addition to the Security Considerations works for me. > > > > If this work continues, we can have the debate on the aside then. > > > > Thank you. When I see the update, I will clear my discuss. > Hi Deb, > > since I have not seen any further correspondence, I updated the > document. It should address your concern, but does not address > Paul's issue (waiting for an answer from him). > > Best regards > Michael > > > > Deb > > > > On Tue, Jun 11, 2024 at 3:55 PM <tuexen@fh-muenster.de> wrote: > > > On 11. Jun 2024, at 20:18, Deb Cooley <debcooley1@gmail.com> wrote: > > > > > > I'm certainly not arguing that CRC32c is the best integrity mechanism > ever, because it isn't. This draft has basically allowed its removal > because there is something better protecting the integrity of the data. > There needs to be something written in the Security Considerations about > that. Even if it is to reference the requirements in Section 3 with a > short rationale. Or it can reference the part of the IANA section where > the requirements are listed, again with a short rationale. It doesn't have > to be long, and it can reference the requirements you already specified. > > OK. What about using: > > > > <section> > > <name>Security Considerations</name> > > <t>This document does not change the considerations given in > > <xref target="RFC9260"/>.</t> > > <t>Using an alternate error detection method provides an equal or better > level > > of data integrity than the one provided by using the CRC32c checksum > algorithm > > due to the first requirement of alternate error detection methods. > > The second requirement of alternate error detection methods ensures that > the > > existence of middleboxes expecting correct CRC32c checksums does not > result in > > permanent path failures.</t> > > </section> > > > > This also deals with the second requirement. Does this address your > concern? > > > > > > An aside: As for tunnels vs auth modes, is it even possible to meet > the two requirements with an authentication mode, where the packet is not > obscured from any device between sender and recipient? I suspect that the > answer is 'no'. > > The answer is 'yes'. > > But the focus on this document is the define the framework and provide > one > > (the most important one in my personal opinion) alternate error > detection method. > > If another one (based on the AUTH, CRYPTO, or DTLS chunk) will be > defined, the > > method to avoid permanent path failures needs to be defined. But this is > not > > needed for SCTP over DTLS. > > Which one of these methods will be defined, or even if one additional > method > > at all will be defined, depends on how the work on securing SCTP traffic > in > > TSVWG will continue. This is not clear to me yet, since IPRs are involved > > on the CRYTO and DTLS chunks... > > > > Best regards > > Michael > > > > > > Deb > > > > > > > > > > > > On Fri, Jun 7, 2024 at 5:02 PM Michael Tuexen < > michael.tuexen@lurchi.franken.de> wrote: > > >> On 7. Jun 2024, at 20:47, Deb Cooley <debcooley1@gmail.com> wrote: > > >> > > >> Are the only two options DTLS or SCTP AUTH? If so, the draft doesn't > make > > >> that clear. > > > The only option currently being defined is SCTP over DTLS. One > additional > > > could be based on SCTP AUTH, but that will require additional details > for > > > dealing with middleboxes expecting correct CRC32c checksums. This is > > > described in the document. Other additional method could be based on > the > > > DTLS or CRYPTO chunk, currently being proposed by Ericsson. However, > these > > > would also need some mechanisms to deal with middleboxes. > > > Since these mechanisms are not required for SCTP over DTLS (the > middleboxes > > > don't see the CRC32c at all), and this might be the largest deployment > > > scenario (WebRTC), this is left to the document describing such an > > > alternate error detection method. > > > > > > Best regards > > > Michael > > >> > > >> Deb > > >> > > >> On Fri, Jun 7, 2024 at 1:28 PM Michael Tuexen < > > >> michael.tuexen@lurchi.franken.de> wrote: > > >> > > >>>> On 7. Jun 2024, at 16:58, Deb Cooley via Datatracker < > noreply@ietf.org> > > >>> wrote: > > >>>> > > >>>> Deb Cooley has entered the following ballot position for > > >>>> draft-ietf-tsvwg-sctp-zero-checksum-10: Discuss > > >>> Hi Deb, > > >>> > > >>> thanks for the review. Please see my responses in-line. > > >>> > > >>> Best regards > > >>> Michael > > >>>> > > >>>> When responding, please keep the subject line intact and reply to > all > > >>>> email addresses included in the To and CC lines. (Feel free to cut > this > > >>>> introductory paragraph, however.) > > >>>> > > >>>> > > >>>> Please refer to > > >>> > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > >>>> for more information about how to handle DISCUSS and COMMENT > positions. > > >>>> > > >>>> > > >>>> The document, along with other ballot positions, can be found here: > > >>>> > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-zero-checksum/ > > >>>> > > >>>> > > >>>> > > >>>> > ---------------------------------------------------------------------- > > >>>> DISCUSS: > > >>>> > ---------------------------------------------------------------------- > > >>>> > > >>>> Currently Section 9 says roughly that there are no changes to the > > >>> Security > > >>>> Considerations to RFC 9260. I have two comments: > > >>>> > > >>>> 1. Since this draft is proposing to remove an integrity mechanism > in > > >>> SCTP, > > >>>> there should be an update to the paragraph in RFC9260 Security > > >>> Considerations, > > >>>> specifically 12.2.2. Protecting against Data Corruption in the > Network > > > > > > > > > >
- [tsvwg] Deb Cooley's Discuss on draft-ietf-tsvwg-… Deb Cooley via Datatracker
- [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-ts… Michael Tuexen
- [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-ts… Deb Cooley
- [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-ts… Michael Tuexen
- [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-ts… Deb Cooley
- [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-ts… Deb Cooley
- [tsvwg] Re: Deb Cooley's Discuss on draft-ietf-ts… Deb Cooley