IETF Logo Mail Archive

Re: [bess] Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20

Linda Dunbar <linda.dunbar@futurewei.com> Sun, 17 March 2024 23:33 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64F04C14F683; Sun, 17 Mar 2024 16:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.761
X-Spam-Level:
X-Spam-Status: No, score=-0.761 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJRF1vS15viM; Sun, 17 Mar 2024 16:33:08 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2137.outbound.protection.outlook.com [40.107.93.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 928EDC14F680; Sun, 17 Mar 2024 16:32:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HKPbKTsZO/7RZuIPh8fuXvEfrRvn6nlJdG8+p06k1s/1k4YA3Lw5LwKhvtbUydfHjmUyAOx7rKXponuXisIjS/9yy1OUcDGFq762GGWXD9VCanp0JQHMrTyoHT/+kZ/xaUulPDqVfFbe32gsUkJYajg+DoVXE7Nq2OC+O66iK7FDVGByWuZtwIG568hBf2p13iz0zhaa23+f/+nIoMnnIyVqSCccbOBOf35JbMXyjSilrhTerwQeJbTYkNMXATOhP/p0kaMoRuNMcKDGZSeEkNrtERvT/1EPF9YskrYq2Zk5BFxDKqigzWik1RyGxo8C82lmVM6xRNrhgBvYv1OsSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+x+O7jqiaeK4R0MdWIaZeqWlfiNPnnvXuzDD/iK1sMU=; b=Oh0nXi8X86D4+S3OelV6eTa3wL7UIMjV0jxQx0LEl2xRdgVmNCZsMEjvg6IXbVNOYAhnN4DKrRhcVnApxgI3AVvRtjlQJZHlBQabgmZqIzl2oHkjMZDsuZ6PE7xfdOz7YM9ZL+HxW4S4IbqjSDQiuQgf043VbBaAApopyFW52SALXe3byrjyNa9RLC/8o34S6EiHuhX7kfgKLWB75cXqT/VD8D/zrXXqVCflNYidHi625Pb1plCRzNVfdCWce8X9ybUREAjtcu2NvMMuj7WZaNzlymy4aPvfKmKVaRJ62WhKkIIWs/BoePXGOB/wXkq/37XNUvISZ/c5c03QjSMuSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+x+O7jqiaeK4R0MdWIaZeqWlfiNPnnvXuzDD/iK1sMU=; b=psGwam+Du8XtnL5vzruGjm/zo6lMzOH9FP4DPe/nz9UyprTcIRNFNAkI+0kQTmRo8g9O9S+vikRyb155WtpW/5kMKSbWXJuFwYaekMKO4rXRiqHGTvshzCq2hKyUUjipZXOMkkAlHgaPrKOBr0r7rhyucXwTYPdfp2ofK5Bu7jw=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by PH7PR13MB5480.namprd13.prod.outlook.com (2603:10b6:510:131::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.24; Sun, 17 Mar 2024 23:32:33 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48%7]) with mapi id 15.20.7386.025; Sun, 17 Mar 2024 23:32:33 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>
CC: "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-bgp-sdwan-usage.all@ietf.org" <draft-ietf-bess-bgp-sdwan-usage.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
Thread-Index: AQHaYCw6SGZ5rFJMF0mM/hSmJoOOoLELqGnQgDEdbwA=
Date: Sun, 17 Mar 2024 23:32:33 +0000
Message-ID: <CO1PR13MB4920C39EC4234C8307A14EF9852E2@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <170801460098.63559.14958554152761679042@ietfa.amsl.com> <CO1PR13MB4920B20694AEF350AD0D372C854D2@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB4920B20694AEF350AD0D372C854D2@CO1PR13MB4920.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|PH7PR13MB5480:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7vUTkhOmO1WFo/OWPNZlT8B5YuLUjbc7/p8LBJWFnZ4tky3CrmeVpceYNQPW3qFgdlCWd/XtHRNa3jxYQEXgOseFsyrwV6rekuwtEYuUivU8Z9I0/hi7+47d41XslhjqLChInU9ZsGykZ/awXAFLh5gseNx/FHZwjktx5UG4LKZhztJqwO6t/dY8Ia57JlLvMMYc2sB3PuwgVSyRlLj0weBm+TUklO90/8CyjltFcojvetUhNPgTS8RRlCi+6hlqzx6ghJ0joVOJlnJAu3/IuzLV0MXwOL9rFXt+h0ACDw2KDKxb8CLLIylvZFc4lAb8qvyZ7dbBAEuavKzwFLg1KDldFc+mKHWyzJP7BWFH58eniQW/g4XyYKzRc8r/SpLsiNILbaI5oXEyBWUa7TISFWVqQlPBuF3DzVrk7uCF3ObKGDknQEhl7ud1HWAvVf9aEcJRv4+h3BvkB13pM+0n7qrxB0EL5D3GRHMwN0Sn1ubmgC2XfggCQeZNbOKU7XpaftcTpCdlY2GeRQB/2IcGAxHsHAi7lmUvXfnhZ4yUdav5pd2NX4w8MTLTT9H1Ik/8knvAhPOErlmkWkTBVOY9V3gBFusUw8lfZPx/2U9gKapdTLLEuKhHXQqYZhmzg+3X6ks5BI+6HlKi7b76B7pq6/Whh+wCWuzAkOnw5sUdiyQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +EWWYeQ66YabG6JhgfaH0IcHTbmRqu2Tv/qhRPN4y9/LDGpTB4n+ocAo/P+kvecU/7SRLn7WJfN8FMSjxTCkmNZFNcSX+jjQ1C0SIm+X7C6iCrMqYFsK+UwROKCk7KbvD3wvS5gK6Fdr7IDgRfJv7C+uNYWSI2qcX3VavLNLfIIN3XVlTWz3A1pwukvbgh2GNlESuMQj2tH5dLoU1aQVqKyH/819ptXDPNhIo4AJ9sAWdWeb0ZORPlABZjyRsm3hPsJllEJnx9Y534WAKrtcCc7zgLZn98ogadmYfcLYyTdsJjrpWpi7rDpyZgzcUV6vE674kg0ifjqX9bFRFJt+wwzyZRvQDh5+mc4Zm1UtkU++8gVlFjO3e/IueB8W1oV4GinQkKXPx9zsSMqjeYthks3Aj2j+If+MGmcgWSBugDCigGmquxN1iLXWxfEDP/3Si0k/Ih8eHBM5VJ5JtzxVUOwadggY+TIKR2Os+f6R7UXYFCpXj7UDatFHjZD/+IsNIN5gR0Ya9+yx9qubmJRsrR+SEEah7KynTInv2ApxGm4dX1qPjzHm17TidQBYnZWooZkHkCklTUWOVJUo23+cSjRwG9UwrtqY0fMoyfwRGY/PkKBYZLB2sBmyi28ICeaiev1ltrSpoTFrUItNQlJILSBk8lDMLn5CpGGASXzbFMPQ61JjIEJL5F7jfHsNlaJqBLLwxyvEXK5HmdV9xj/7X+dNUuS6SVHmp5EnHY03OHz76d27nsowZi/Bt4Id5l77lHodIzbW4CSBSpwkxDwqxPByKkXvR+wPIB7E+e9YJNlZrIDcVISqOw3u5JgDp2P87mb61BAID3jOyJ1aTHr3TTNmkUQm9Y6nvhulRYL//KD0Mka6LQNyqEbIP3q/NGb6/cOUHKg/tJx7GIc+nvLWBXzpbM/71xGoA/0dM3pc2ezRyhsmNP0gukxP9mAB8y5aPgyxQRZ7KzJkYLNwxYq9ZY9ky5xuAKLUZPLV6RuU+ae0bSlbJEzCObzCkDGudN5UU8ngSCyomldx+yDyTykkdL4oxS1vxZQKXaOdWSsK8qRGa/eny+U+uNjXYZnI51KnBvBlPEQOcH+yIoIpAvruVOoUnNVsMco3UbvzlremwGntDT9hla8DOhGtFIhvpRqt+ZAGBgle7ybotQhgert9ouQeL3HLZ78sKK2OyNJAordNBNYPIeczy8kotiF2Q90900Zdds5fyWEU83vZAzCuq2+dGTfsFmNbGulxGnW1R75NzoncTi6U3iC4J+naG3PhqUrR849xyDUvgjrYBPofdswUQrkaaUygtvgBl1sPBEHjUxm44hnFMOiHGOAnOvXZF9UWZYCr9E/M0ke90L+0lbVVh/FQvtAJhF4R4AR6o1E89cftB3hi4qd+/3/zF3S+OjQ1ooRz5UCMbryBxcP1ZMBsKmmITU1Ug6WRRKPirgzGT/pKCEdTikKZmvtPkVOXWqglkcVbwiqcxrWsWHOY+7fmV9cnwdaVZvd8maFJbG5Jz/ngVXL32xUBF4P1la+88f6AGzvvFlZXvhOTNHm920XY6gzbrAogZMFMBrEzVBNUgNDpZFVC04itd5LQkRkYQzkxJcMhlqIHvzY+Vx8vBQ8oXAMc9IArod2jauu/xNlvKCUOoD4PXPeQEuokHk5u
Content-Type: multipart/alternative; boundary="_000_CO1PR13MB4920C39EC4234C8307A14EF9852E2CO1PR13MB4920namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 571fc71c-4925-4ff7-1606-08dc46da8536
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2024 23:32:33.0930 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b97cpFHSL5dK1p6UCFoqXIXgjC3SV/ML+rjc7unBwD3qINmFnZlUpYDPITNUPMTWMOQQmryU9JTAnzTQOMdp9A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR13MB5480
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/lLIOMFo4qmMUAXfdSTpbuBYHiyU>
Subject: Re: [bess] Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 23:33:12 -0000

Stephen,

Can you please check the latest revision  https://datatracker.ietf.org/doc/draft-ietf-bess-bgp-sdwan-usage/ has addressed your comments?

Thank you,

Linda

_____________________________________________
From: Linda Dunbar
Sent: Friday, February 16, 2024 3:55 AM
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>; secdir@ietf.org
Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage.all@ietf.org; last-call@ietf.org
Subject: RE: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20


Stephen,

BGP/TLS has been deployed  (see the attached email from Robert Razuk on using BGP over TLS in  Sproute's SDWAN solution for years) even though there is only a 00 draft for BGP over TLS in IETF.
The document states that analysis of BGP over TLS is beyond the scope.
Is the following sentence better?
      While beyond the scope of this document, conducting a comprehensive analysis might be needed to ensure the security of BGP over TLS [BGP-OVER-TLS]

 << Message: Re: [Last-Call] Last Call: <draft-ietf-bess-bgp-sdwan-usage-19.txt> (BGP Usage for SD-WAN Overlay Networks) to Informational RFC >>
Thank you,
Linda
-----Original Message-----
From: Stephen Farrell via Datatracker <noreply@ietf.org>
Sent: Thursday, February 15, 2024 10:30 AM
To: secdir@ietf.org
Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage.all@ietf.org; last-call@ietf.org
Subject: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20

Reviewer: Stephen Farrell
Review result: Has Issues

Draft-20 seems to dial-back the call for BGP/TLS, but OTOH adds text in the security considerations saying that BGP/TLS "is imperative." I'm not sure of the security pitfalls that might arise if one followed the guidance here whilst BGP/TLS is still just a non-wg -00 draft (and hence aspirational), but it seems to me like a possibly dangerous implement.

v2.23.0 | Report a Bug | By Email