Re: [bess] Secdir last call review of draft-ietf-bess-bgp-sdwan-usage-19
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 06 February 2024 19:44 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 601AFC14F60E; Tue, 6 Feb 2024 11:44:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyBYHLHaldPa; Tue, 6 Feb 2024 11:44:31 -0800 (PST)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2109.outbound.protection.outlook.com [40.107.249.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED348C14F686; Tue, 6 Feb 2024 11:44:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rq1KZ2ezCpnHGoL7cagyP+D3h2sASKJbKG27VugY7yDaZWkuu7vQVYaqW3J89lfZGCU+KF1Zo0K1VOKjm1yNO5MfUUvk/IFqhSXTvNSYxJxWGUr1HOyX+EwxxUBnWP40CRUpt53rg5pKlLD5lDqBW/vqErbVAw06i+8d13O40N98nePyu5sCEDW1JNA+YUFB5IuYpdk94wUfTp0pDWbqCKXz6YRFlaUCGLXbG1R6NdVIzICkhHcHXfmy/5Z6j1x8FbAWbtH4XXBhoA7jR+lEioGy+4Y9V14W3bsrI1wLsI5mz4kcSocjsNe4V/jMQ9O20guawIcufKTzEmvRnlDLsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ojYayfJoTy0JARVMi88aRab/MzN9I3pSoNnxSk9pTDU=; b=mpPV9h/4wqcMuP+GCe3GhPvXKb1vI2CdYFzdRkeW300y2g1aroIo0K8ZGni9+pdNbWXrMz2wYOfDsNN9qSZjd9ysvZMzCTSpE10aHfnGH5BIjF6IW8PtU5iuprFOAsK2ZkNC3TbHyQyL3KkXIk0AuXcU3jxJiQH3OdSiFJPNXVhppRwAZnlej0af3XJKQ/AcAeHqaOsaUk2j2BIJuDE3vJY1wN793gXxGdc7tBhQFGEk5LIKOYc/uTWj88BS+qdXJBILUeVk9Mml/JdIQdg+g/DMDKmxczu3GTlGgPvmEXIJqQS1+HfNJjr2u2V3j9zsCJpjBtRgHLWsQidePX5r+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ojYayfJoTy0JARVMi88aRab/MzN9I3pSoNnxSk9pTDU=; b=cgLAffAIWVY+OEU+7CGN5C875tXR8GyWJa5qXVGmWVKE5/w8H0oLoC2mAtHIe/6E7sFp4cs3XjyzGtn3FGBzhm8zBSTGMlRt15g8vndrrjxlu5Q4/QGzgoORk7Dx/8+loaGIfhHpbsGEA22NEl/NI2UtQflFy3++5Mb+Y30YrG1M4Ae9RiMXe6JyQsPFZR/C4D8GQCFr1uoJ7Z5lLseU2o5kI+Fpv4BGrY6ZgkCUp4GgEgENwxINZJuHPp2JMA9b4vwFSNu5bHexA/wRokBg9sKN1hl/TCA/IXlGo71cF/uSr5jMaGi6polCg2sbs5GxLKhQwQHyQ6nwJigh9K0skA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AM7PR02MB6356.eurprd02.prod.outlook.com (2603:10a6:20b:1b7::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.36; Tue, 6 Feb 2024 19:44:25 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7249.035; Tue, 6 Feb 2024 19:44:25 +0000
Message-ID: <724b98c3-9fe1-4c81-acf3-319e6eea974b@cs.tcd.ie>
Date: Tue, 06 Feb 2024 19:44:23 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Linda Dunbar <linda.dunbar@futurewei.com>, "secdir@ietf.org" <secdir@ietf.org>
Cc: "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-bgp-sdwan-usage.all@ietf.org" <draft-ietf-bess-bgp-sdwan-usage.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
References: <170688255428.29934.10272482596067024408@ietfa.amsl.com> <CO1PR13MB49207C24DDCDA6DA13516DEF85462@CO1PR13MB4920.namprd13.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CO1PR13MB49207C24DDCDA6DA13516DEF85462@CO1PR13MB4920.namprd13.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------09WyuEomYFseppZNOkGL2UzM"
X-ClientProxiedBy: DUZPR01CA0216.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b4::14) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AM7PR02MB6356:EE_
X-MS-Office365-Filtering-Correlation-Id: 0986a610-7805-4a4f-e6df-08dc274c0628
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: i5MDH6mzJWlMPrIenBzYjaYe+fzj5TYYHsZ8gf+nsTt1MzL1qPrtrvat5VmjoeB9VGNbifnTm6ER044JmdIUqVzrB857fU9hB3Vo4PmwjU9ieEJ1tdKOOSrQ8rasmnpqcv3cjako48yopPEnzOPgc0kfbLUPkxQudocsgyd0IoxreZj05iTrYe2AmZmzo7yvyIS1rtaqrGiOlXBDUd+4KIR7Pp7MPLLzKAwWjWwWgURNNYy1ex2mlclEwUtPhHIgoIDiscGwWlYZ411l4Bxobf8MTfCrq/a+MxQle+jcOIFl7AGn3+xaDK/HCiKcxfIpvsYckBmodrk0mEEqd8aKyCkHfN77XtqX8+9V89N/i3DgZdWJHsiESh1WC6X+/okTRTQ8TY0yZw+UVd8GRNPzQM81jNf10Niw3dwSU5uSYZ/AgGlHCaA9z2HT0jThCkFYGiXhlB8qCQYitjfO24xteRETnGPOsel4/LsH2m/UFHSFe3YDhSJ31UWXm6RgcTu7K6lFu1n6A/MsI0WwtQDbQ2vzdrdFBYUds1wKwBqxZD6ZgFpYwdG/7WCyobdVjGKu4nS+xnd6bhqh3JJrJjEhvZTKXzpuZ7bE9ao2UQ4+PcDhj5CQ+lxLeVAJiHD6YZRRA1ZJ8qSZJCXQVabHjoM0Lw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(376002)(346002)(396003)(39860400002)(136003)(230922051799003)(1800799012)(64100799003)(451199024)(186009)(31686004)(38100700002)(53546011)(33964004)(21480400003)(6506007)(83380400001)(86362001)(31696002)(41300700001)(2616005)(4326008)(8936002)(6512007)(36756003)(8676002)(45080400002)(2906002)(478600001)(6486002)(235185007)(66476007)(5660300002)(316002)(786003)(66556008)(66946007)(44832011)(54906003)(110136005)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Lcx+OOAntwYYveNlFJJwmgQpFVYMgi4LaSYwi/a04O5omWlm6RtRPirR0Vq4lybHxj7ZL/A00FYBVjyhh2cdfemMjJVnaH2H4fkkQLZwzUCayW6ybyNHj3zfYZocuJshXmrpo3oPOEFNeTRhcOs7Yd1KAxVMqQKLbcSe5omVMV+mvKK288tHSZEPCylD+XWCYx0lZvdgepOF6l3WViLpBQAGVn5NqqfoQIYnOe17gefizlOk4OPPD346dCLee7mAdrIvhfcwO/iJwWi7gemg/J5B0JVXfGuqRJ/t12Xsipydrqs+jeGK7M3Or+BGUuMW4CgL77QC1wnHEP9PxwIAup2gUdnvSAczvjdSPUUre4A1Emug/QSHZ1oDsCBXwuGWCh2Vb+HCNmNcC7m3686RIAfEaK0rC1IJP3mBkPY6UauA6Y+vC64+7twtG5XbljmJq12Liup0O571RGDH4HaFz2gLRu5uA15TColBWPYw+2JBhDaHws2puJj14LJ+/hsZ+2WfBQH/Y7hIVcioHn+yQKqadaZcx1Av1cSjkFIcCz+kueIswM7/I4sFIxZYYQGJyyHNnxUmUBbYdLcINtEYBaoPIFLMLH0uOTbCk9fLflzaE+ThSQEiYQqG3s5wVTA6BrTxhV0Ib2w7TRUqdcpMxizCNtW5rp8l7P0uuMg7kn/Tp8UCQ+P42cZsNG3je816e/w0gsSV+mvelNzyDO2cvJCS1Uanx/LCHCxG0XTf6Oh+jSgbzRVaoecz7O3z8XcpZvGOpRHbH9yWbeO4q5CBpAw3XV53WLePODAZ4gcoMiGTiZjLP3xWKui4LVCh/rlY8solC95gnDEYGuR07ozC6kHZnQTJ9V430Tnxi6/VEzZbvyZGpuVVw/pxeWFDeX6HTKNmiMemwX3EJdlkDfl5WxGqHJoMuW6f8+o0y+SRFqEzfiKJmxAVgCY5Htyct1b92Zn59487YGA+9Mmw/438bNCwRqtfVyszzZEWRVk9dyDOfG+ws522TNu2dfHlEun7iOtXSff0pt6dVf4T3SM40dtAFlx8Anz/j9MJG8iSb0cEW1xtolR4xyX/sjj3qO7qf8D6oGB+r0cbIOGykxarQ2tr3QyEq7MEPycr65RNHQ1PAMALUrwHugT5cs9TUElXn1h0xMWfOvato9BA//QAe2YUOWdcMToGJZRofDm3TfLm5xVBqD+hU6on1RN5WlwpJOAenSrwHRkDo2KHWCsAtORKpk7TCAuG2Osi49FHbNHG4KyrWMLsMrKt7eaYnRQpxpj5QZq0L+/XhXzf2z9NSya7VAkYS5dcAoLeIXCXIQBUcQ2zhEFT1oiLI5q8WDWYeb6kF5gjylw+K5Kp8zyPl1fP1AwuSxoDomTJONCeN4n1zEmeEDJwuOWyqjWXUBmVrF8kZa70ayAm2finG3ePeANumYT3g73OPmDGDmEEFaJz69ex9GLNZsUEX0mugXjz9gXBm+W55aIiri0j+vO1mAccasKI5s9oLIdMxHUGFdJxYJcwM2Ra5OOuuegvpvn9S6IpLSHWTRAeafgreqX6tu8rqtuD+nUeMvEtvhk6nasyJIeXXYv1mrrOg2pzXLYcRg3rR7Bb9d7UTR8VRuw/LTDVtNPJ0gK18mSPo3jLTrsdAfiRTwkwrOqCiuiUjjf5
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0986a610-7805-4a4f-e6df-08dc274c0628
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Feb 2024 19:44:25.5036 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 8Cl0QO+hjWG6RG/mznwngMp5OQS/e5VwtDwrIdITtRzwd6Juine66mLDUBrlj9H/
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR02MB6356
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/0SGHdNhYK_7SAzPfTI9tMxs7HN8>
Subject: Re: [bess] Secdir last call review of draft-ietf-bess-bgp-sdwan-usage-19
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 19:44:35 -0000
Hi Linda, ...snipping... On 06/02/2024 18:11, Linda Dunbar wrote: > [Linda] Thank you very much for the suggestion. This draft operates > under the assumption that a secure channel exists between the SD-WAN > controller and the SD-WAN edges. Right The challenge you seem to face though is the lack of any real/deployed BGP transporting protocol that meets the security goals for this draft. > In the context of extending an VPN > network to the SD-WAN scenario, this secure channel can leverage the > operator's primary management channel designed for VPN control. > Consequently, there is no strict requirement for BGP over TLS. As a > result, we can remove all references to TLS from the document. I reckon that'd end up being a quite different proposition, from the secdir-review POV at least, so not sure if that's a good/bad plan - probably best to consult with the relevant WG chairs/ADs before doing that. > In the "Security Considerations", is it beneficial to add a > discussion of the security issue of using BGP over TLS? I don't think it's that much a security issue (if BGP/TLS were a realistic deployment option, you'd be ok), so I think what you'd end up adding might be a discussion of why you need a way to run BGP over some secure transport, and the impact of that not being something that exists today or in the near future. It's hard to see that not turning out to have a fairly severe impact. Cheers, S.
- [bess] Secdir last call review of draft-ietf-bess… Stephen Farrell via Datatracker
- Re: [bess] Secdir last call review of draft-ietf-… Linda Dunbar
- Re: [bess] Secdir last call review of draft-ietf-… Stephen Farrell