Re: [bess] Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
Linda Dunbar <linda.dunbar@futurewei.com> Sun, 17 March 2024 23:33 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64F04C14F683; Sun, 17 Mar 2024 16:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.761
X-Spam-Level:
X-Spam-Status: No, score=-0.761 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJRF1vS15viM; Sun, 17 Mar 2024 16:33:08 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2137.outbound.protection.outlook.com [40.107.93.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 928EDC14F680; Sun, 17 Mar 2024 16:32:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HKPbKTsZO/7RZuIPh8fuXvEfrRvn6nlJdG8+p06k1s/1k4YA3Lw5LwKhvtbUydfHjmUyAOx7rKXponuXisIjS/9yy1OUcDGFq762GGWXD9VCanp0JQHMrTyoHT/+kZ/xaUulPDqVfFbe32gsUkJYajg+DoVXE7Nq2OC+O66iK7FDVGByWuZtwIG568hBf2p13iz0zhaa23+f/+nIoMnnIyVqSCccbOBOf35JbMXyjSilrhTerwQeJbTYkNMXATOhP/p0kaMoRuNMcKDGZSeEkNrtERvT/1EPF9YskrYq2Zk5BFxDKqigzWik1RyGxo8C82lmVM6xRNrhgBvYv1OsSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+x+O7jqiaeK4R0MdWIaZeqWlfiNPnnvXuzDD/iK1sMU=; b=Oh0nXi8X86D4+S3OelV6eTa3wL7UIMjV0jxQx0LEl2xRdgVmNCZsMEjvg6IXbVNOYAhnN4DKrRhcVnApxgI3AVvRtjlQJZHlBQabgmZqIzl2oHkjMZDsuZ6PE7xfdOz7YM9ZL+HxW4S4IbqjSDQiuQgf043VbBaAApopyFW52SALXe3byrjyNa9RLC/8o34S6EiHuhX7kfgKLWB75cXqT/VD8D/zrXXqVCflNYidHi625Pb1plCRzNVfdCWce8X9ybUREAjtcu2NvMMuj7WZaNzlymy4aPvfKmKVaRJ62WhKkIIWs/BoePXGOB/wXkq/37XNUvISZ/c5c03QjSMuSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+x+O7jqiaeK4R0MdWIaZeqWlfiNPnnvXuzDD/iK1sMU=; b=psGwam+Du8XtnL5vzruGjm/zo6lMzOH9FP4DPe/nz9UyprTcIRNFNAkI+0kQTmRo8g9O9S+vikRyb155WtpW/5kMKSbWXJuFwYaekMKO4rXRiqHGTvshzCq2hKyUUjipZXOMkkAlHgaPrKOBr0r7rhyucXwTYPdfp2ofK5Bu7jw=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by PH7PR13MB5480.namprd13.prod.outlook.com (2603:10b6:510:131::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.24; Sun, 17 Mar 2024 23:32:33 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48%7]) with mapi id 15.20.7386.025; Sun, 17 Mar 2024 23:32:33 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>
CC: "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-bgp-sdwan-usage.all@ietf.org" <draft-ietf-bess-bgp-sdwan-usage.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
Thread-Index: AQHaYCw6SGZ5rFJMF0mM/hSmJoOOoLELqGnQgDEdbwA=
Date: Sun, 17 Mar 2024 23:32:33 +0000
Message-ID: <CO1PR13MB4920C39EC4234C8307A14EF9852E2@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <170801460098.63559.14958554152761679042@ietfa.amsl.com> <CO1PR13MB4920B20694AEF350AD0D372C854D2@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB4920B20694AEF350AD0D372C854D2@CO1PR13MB4920.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|PH7PR13MB5480:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7vUTkhOmO1WFo/OWPNZlT8B5YuLUjbc7/p8LBJWFnZ4tky3CrmeVpceYNQPW3qFgdlCWd/XtHRNa3jxYQEXgOseFsyrwV6rekuwtEYuUivU8Z9I0/hi7+47d41XslhjqLChInU9ZsGykZ/awXAFLh5gseNx/FHZwjktx5UG4LKZhztJqwO6t/dY8Ia57JlLvMMYc2sB3PuwgVSyRlLj0weBm+TUklO90/8CyjltFcojvetUhNPgTS8RRlCi+6hlqzx6ghJ0joVOJlnJAu3/IuzLV0MXwOL9rFXt+h0ACDw2KDKxb8CLLIylvZFc4lAb8qvyZ7dbBAEuavKzwFLg1KDldFc+mKHWyzJP7BWFH58eniQW/g4XyYKzRc8r/SpLsiNILbaI5oXEyBWUa7TISFWVqQlPBuF3DzVrk7uCF3ObKGDknQEhl7ud1HWAvVf9aEcJRv4+h3BvkB13pM+0n7qrxB0EL5D3GRHMwN0Sn1ubmgC2XfggCQeZNbOKU7XpaftcTpCdlY2GeRQB/2IcGAxHsHAi7lmUvXfnhZ4yUdav5pd2NX4w8MTLTT9H1Ik/8knvAhPOErlmkWkTBVOY9V3gBFusUw8lfZPx/2U9gKapdTLLEuKhHXQqYZhmzg+3X6ks5BI+6HlKi7b76B7pq6/Whh+wCWuzAkOnw5sUdiyQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +EWWYeQ66YabG6JhgfaH0IcHTbmRqu2Tv/qhRPN4y9/LDGpTB4n+ocAo/P+kvecU/7SRLn7WJfN8FMSjxTCkmNZFNcSX+jjQ1C0SIm+X7C6iCrMqYFsK+UwROKCk7KbvD3wvS5gK6Fdr7IDgRfJv7C+uNYWSI2qcX3VavLNLfIIN3XVlTWz3A1pwukvbgh2GNlESuMQj2tH5dLoU1aQVqKyH/819ptXDPNhIo4AJ9sAWdWeb0ZORPlABZjyRsm3hPsJllEJnx9Y534WAKrtcCc7zgLZn98ogadmYfcLYyTdsJjrpWpi7rDpyZgzcUV6vE674kg0ifjqX9bFRFJt+wwzyZRvQDh5+mc4Zm1UtkU++8gVlFjO3e/IueB8W1oV4GinQkKXPx9zsSMqjeYthks3Aj2j+If+MGmcgWSBugDCigGmquxN1iLXWxfEDP/3Si0k/Ih8eHBM5VJ5JtzxVUOwadggY+TIKR2Os+f6R7UXYFCpXj7UDatFHjZD/+IsNIN5gR0Ya9+yx9qubmJRsrR+SEEah7KynTInv2ApxGm4dX1qPjzHm17TidQBYnZWooZkHkCklTUWOVJUo23+cSjRwG9UwrtqY0fMoyfwRGY/PkKBYZLB2sBmyi28ICeaiev1ltrSpoTFrUItNQlJILSBk8lDMLn5CpGGASXzbFMPQ61JjIEJL5F7jfHsNlaJqBLLwxyvEXK5HmdV9xj/7X+dNUuS6SVHmp5EnHY03OHz76d27nsowZi/Bt4Id5l77lHodIzbW4CSBSpwkxDwqxPByKkXvR+wPIB7E+e9YJNlZrIDcVISqOw3u5JgDp2P87mb61BAID3jOyJ1aTHr3TTNmkUQm9Y6nvhulRYL//KD0Mka6LQNyqEbIP3q/NGb6/cOUHKg/tJx7GIc+nvLWBXzpbM/71xGoA/0dM3pc2ezRyhsmNP0gukxP9mAB8y5aPgyxQRZ7KzJkYLNwxYq9ZY9ky5xuAKLUZPLV6RuU+ae0bSlbJEzCObzCkDGudN5UU8ngSCyomldx+yDyTykkdL4oxS1vxZQKXaOdWSsK8qRGa/eny+U+uNjXYZnI51KnBvBlPEQOcH+yIoIpAvruVOoUnNVsMco3UbvzlremwGntDT9hla8DOhGtFIhvpRqt+ZAGBgle7ybotQhgert9ouQeL3HLZ78sKK2OyNJAordNBNYPIeczy8kotiF2Q90900Zdds5fyWEU83vZAzCuq2+dGTfsFmNbGulxGnW1R75NzoncTi6U3iC4J+naG3PhqUrR849xyDUvgjrYBPofdswUQrkaaUygtvgBl1sPBEHjUxm44hnFMOiHGOAnOvXZF9UWZYCr9E/M0ke90L+0lbVVh/FQvtAJhF4R4AR6o1E89cftB3hi4qd+/3/zF3S+OjQ1ooRz5UCMbryBxcP1ZMBsKmmITU1Ug6WRRKPirgzGT/pKCEdTikKZmvtPkVOXWqglkcVbwiqcxrWsWHOY+7fmV9cnwdaVZvd8maFJbG5Jz/ngVXL32xUBF4P1la+88f6AGzvvFlZXvhOTNHm920XY6gzbrAogZMFMBrEzVBNUgNDpZFVC04itd5LQkRkYQzkxJcMhlqIHvzY+Vx8vBQ8oXAMc9IArod2jauu/xNlvKCUOoD4PXPeQEuokHk5u
Content-Type: multipart/alternative; boundary="_000_CO1PR13MB4920C39EC4234C8307A14EF9852E2CO1PR13MB4920namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 571fc71c-4925-4ff7-1606-08dc46da8536
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2024 23:32:33.0930 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b97cpFHSL5dK1p6UCFoqXIXgjC3SV/ML+rjc7unBwD3qINmFnZlUpYDPITNUPMTWMOQQmryU9JTAnzTQOMdp9A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR13MB5480
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/lLIOMFo4qmMUAXfdSTpbuBYHiyU>
Subject: Re: [bess] Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 23:33:12 -0000
Stephen, Can you please check the latest revision https://datatracker.ietf.org/doc/draft-ietf-bess-bgp-sdwan-usage/ has addressed your comments? Thank you, Linda _____________________________________________ From: Linda Dunbar Sent: Friday, February 16, 2024 3:55 AM To: Stephen Farrell <stephen.farrell@cs.tcd.ie>; secdir@ietf.org Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage.all@ietf.org; last-call@ietf.org Subject: RE: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20 Stephen, BGP/TLS has been deployed (see the attached email from Robert Razuk on using BGP over TLS in Sproute's SDWAN solution for years) even though there is only a 00 draft for BGP over TLS in IETF. The document states that analysis of BGP over TLS is beyond the scope. Is the following sentence better? While beyond the scope of this document, conducting a comprehensive analysis might be needed to ensure the security of BGP over TLS [BGP-OVER-TLS] << Message: Re: [Last-Call] Last Call: <draft-ietf-bess-bgp-sdwan-usage-19.txt> (BGP Usage for SD-WAN Overlay Networks) to Informational RFC >> Thank you, Linda -----Original Message----- From: Stephen Farrell via Datatracker <noreply@ietf.org> Sent: Thursday, February 15, 2024 10:30 AM To: secdir@ietf.org Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage.all@ietf.org; last-call@ietf.org Subject: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20 Reviewer: Stephen Farrell Review result: Has Issues Draft-20 seems to dial-back the call for BGP/TLS, but OTOH adds text in the security considerations saying that BGP/TLS "is imperative." I'm not sure of the security pitfalls that might arise if one followed the guidance here whilst BGP/TLS is still just a non-wg -00 draft (and hence aspirational), but it seems to me like a possibly dangerous implement.
- [bess] Secdir telechat review of draft-ietf-bess-… Stephen Farrell via Datatracker
- Re: [bess] Secdir telechat review of draft-ietf-b… Linda Dunbar
- Re: [bess] Secdir telechat review of draft-ietf-b… Stephen Farrell
- Re: [bess] Secdir telechat review of draft-ietf-b… Linda Dunbar