Re: [bess] Eric Rescorla's Discuss on draft-ietf-bess-evpn-etree-13: (with DISCUSS)

Eric Rescorla <ekr@rtfm.com> Tue, 26 September 2017 09:59 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95CA1132F3E for <bess@ietfa.amsl.com>; Tue, 26 Sep 2017 02:59:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k8TnU0lPFqxC for <bess@ietfa.amsl.com>; Tue, 26 Sep 2017 02:59:49 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B85C13293A for <bess@ietf.org>; Tue, 26 Sep 2017 02:59:49 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id q80so6672542ywg.2 for <bess@ietf.org>; Tue, 26 Sep 2017 02:59:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NWqJA/qSu9bqJbEBuXdqwq7Bugehd9f6c4YU8IrAMnQ=; b=hmqrQKqjbjhDaupczAtav0jfKuVBWFLFD7OYVR9Q5PRgM9guykR/zwivH+VDO9qpzz gbyyo0LAfRdYk11GbxlJjLhPqPPcOvq1eN/ARyVp0pO6sIWbiMsokhS4BWC6YmkKlZQt DbuaRnCrNSLI2vpNRcDwAlrh6nFIb/fx4/t+OLMRt5HpXvuh+BBQM2qKDsY8GXdtnRXh IImLct5qphOSrQpj6FLvPhtqkaFgo+fUQedIlCHHrGa0kKjra3HSFrMvv21TGSja5WOA qhSBmQ3/2rDYK9ElTTLP3xCXC9RENHI6VZIT5ZfF6HpobVErSKir5zBNrGSEnV8PXyAN dd9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NWqJA/qSu9bqJbEBuXdqwq7Bugehd9f6c4YU8IrAMnQ=; b=NGDkgmClyIsFHPClJ5Y02wRI3kgHM36bW4amNdlW52p0GEV92vOhPxDkHedH8kLUr7 FnigiyzWqxoak+4xxZHWjvsnBS1ehW6SOSlL5ohoINEcBv3KC70C0LuNv2hZ1vJMfdun bF6ZPhH/s3iNYa+BL2XaKQa3S7UNhHw2Aig/D4B6PyOPCJoIqcyWB0zXkUkgeZvbvVCT dh17lib626PSisweAd80EywPka7mJUOIyklY4WVtde5L5eR4HTiUOrBaAi13wjtUqTyV sfA1CBZKgJCfAe75WKvBWLcLjGmdVy+lJvkwzWUTSOqRdmCv1QKs+iSOuxn4Guky6QN1 HacA==
X-Gm-Message-State: AHPjjUjybpgsqllf5nOS6/oXV3roaAYp4wHyo39Z+Nxi62yZwYtZZ38c PIK/HAKOsQnLcWenzn9+Fok4UkVgvbXX7m+iOA/abA==
X-Google-Smtp-Source: AOwi7QDV5H8BwRXNhByDFOa2yHs/jAHcD8c/BRIU9uDisp2EJqZDKP0xMsAw6N+1WBLlkLxNzUxtyGsXDrwYLXxaHJ4=
X-Received: by 10.37.170.203 with SMTP id t69mr5912648ybi.99.1506419988624; Tue, 26 Sep 2017 02:59:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.17 with HTTP; Tue, 26 Sep 2017 02:59:08 -0700 (PDT)
In-Reply-To: <150498212906.8167.3812629658977416528.idtracker@ietfa.amsl.com>
References: <150498212906.8167.3812629658977416528.idtracker@ietfa.amsl.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 26 Sep 2017 02:59:08 -0700
Message-ID: <CABcZeBP=vnWupC2FAw51M1MYPyc0kPt+xx5d3T1Q8soPC6rHkQ@mail.gmail.com>
To: The IESG <iesg@ietf.org>
Cc: Alvaro Retana <aretana@cisco.com>, thomas.morin@orange.com, bess-chairs@ietf.org, draft-ietf-bess-evpn-etree@ietf.org, bess@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c056e904e0e7f055a14bc8d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/NB9r4l44eMrrBkSnBtZwiPm-G5A>
Subject: Re: [bess] Eric Rescorla's Discuss on draft-ietf-bess-evpn-etree-13: (with DISCUSS)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 09:59:52 -0000

I have some memory that someone responded that this wasn't a security
requirement, but I can't find that now.

-Ekr


On Sat, Sep 9, 2017 at 11:35 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> Eric Rescorla has entered the following ballot position for
> draft-ietf-bess-evpn-etree-13: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-etree/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> It's not clear to me if the prohibition on leaf-to-leaf communications is
> intended to be a security requirement. If so, it seems like it needs to
> explicitly state why it is not possible for ACs which are leaf to pretend
> to be
> root. If not, then it should say so. Additionally, this solution appears to
> rely very heavily on filtering, so I believe some text about what happens
> during periods of filtering inconsistency (and what the impact on the
> security
> is).
>
>
>
>
>