IETF Logo Mail Archive

Re: [Last-Call] Secdir last call review of draft-ietf-nvo3-encap-10

Donald Eastlake <d3e3e3@gmail.com> Thu, 23 November 2023 23:38 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6462C19848A; Thu, 23 Nov 2023 15:38:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QBDv55qcLGmv; Thu, 23 Nov 2023 15:38:30 -0800 (PST)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 527F3C198488; Thu, 23 Nov 2023 15:38:30 -0800 (PST)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a02d12a2444so191794666b.3; Thu, 23 Nov 2023 15:38:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700782708; x=1701387508; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eHtXwW3BrMFo2Z7tEVB6p6O1qdsTqN4temAe+pKSxsI=; b=NAh1mH0vbG7hXSHEAyaDMGv1tAh0PSz/gdOpKVpKgjDQE6pGiks/3VXPcfmohfQrVF l+0nyONlIu59S6TFrqI0O7Ozlmjd3kbfyo5mRWmqtqI06qLnofpcTGrXRTuV3mMik5tz JzX66bSh8R7a9pv2tPa+dULLdHyj3s0EvmRZHQoOUIauJiUYXNpVukw9DHigDBDItHs1 HjWIUaACn85far9iDRJx4P18JnM6RBRefMN7/umHJJAEp2Nh+eC1uuxsClomyv+2/jQ/ m55UMZhuStm5iPUYY7XNOVoKa8VV5Q/dDs+h0N0cbIvu4Wp5vGSp2gJmpxN96OQEbxD/ Ob4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700782708; x=1701387508; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eHtXwW3BrMFo2Z7tEVB6p6O1qdsTqN4temAe+pKSxsI=; b=KacjaewIl7U2cBvhN6MLAXmsFC1W44t7Ww8eobSbwMUuYBLMETClaym9OX8rfatrtO KMo4sL0dariEtYvAo3msOqbacugq3+4QfXtiNQhfRT9wj+z5dKsSEwBJH1WZiuFz+qkj ofR52LnEvRNapExR4SvumvcMBAsVFD4oRJ3gQM5cArPiC9Atvtrx0k+frFxB1pJNc+e/ LQRqUG6c4XT9rWzk1Li7hvFlCcnDaYSf/V8bx0lr//mAScnUMSnP94X72s/1GsT5Enpa NlBGHxoVLvr5aumLhbre2AIvErjWCVhlwBwyAt0oUWcZz3nGSFySd1DVVfQHFwi6BetZ TQNw==
X-Gm-Message-State: AOJu0Yw4Xj/HdR9qkBWNpv8BYVmvcy+cDmtP4AXalwObrbGJChctaLxx L+ZGalE/ZoktGXp2sBqMYUytadulQWpcpugqNQUQNZ05
X-Google-Smtp-Source: AGHT+IEkCywsDtvPlWU84GLxQdW2PZaIy7bSPLspLUa/+lHjC2M/5TCBEqWun9AzsuXOZolvfok/KtgsrZVoiOFnBUQ=
X-Received: by 2002:a17:906:1019:b0:9ff:dad:de15 with SMTP id 25-20020a170906101900b009ff0dadde15mr538614ejm.50.1700782708187; Thu, 23 Nov 2023 15:38:28 -0800 (PST)
MIME-Version: 1.0
References: <170076703847.6627.5961940066557253300@ietfa.amsl.com>
In-Reply-To: <170076703847.6627.5961940066557253300@ietfa.amsl.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 23 Nov 2023 18:38:16 -0500
Message-ID: <CAF4+nEEhB5cVXQLubvhpyhaDJuMhFtjr_wREA1+mmsfFeqp=GA@mail.gmail.com>
To: Tero Kivinen <kivinen@iki.fi>
Cc: secdir@ietf.org, draft-ietf-nvo3-encap.all@ietf.org, last-call@ietf.org, nvo3@ietf.org
Content-Type: multipart/alternative; boundary="000000000000296727060ada550d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/RbcG8CfLhCZjnmDN8WsQhgXK6zo>
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-nvo3-encap-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2023 23:38:30 -0000

Hi Tero,

Thanks for these corrections. I have edited them into my working copy and
will upload them with the next revision.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

On Thu, Nov 23, 2023 at 2:17 PM Tero Kivinen via Datatracker <
noreply@ietf.org> wrote:

> Reviewer: Tero Kivinen
> Review result: Has Nits
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This document is the result of the design team chartered to work on the
> common encapsulation that addresses the various technical concerns. It
> does this by comparing three encapsulation protocols: Geneve, GUE, and
> GPE.
>
> The security considerations section say:
>
>    This document does not introduce any additional security constraints.
>
> Which is true, as the document does not review the security (or lack of it)
> in the encapsulation protocols, but section 6.2.2 do discuss about
> security/integrity extensions. It also recommends that the "the WG work on
> security options for Geneve."
>
> Nits:
>
> Typo in section 6.4:
>
>   /svailable/available/
>
> Invalid capitalization of IPsec in section 6.2.2 (twice) and once in
> section 7.
>
>   /IPSEC/IPsec/
>
>
>
>
>

v2.23.0 | Report a Bug | By Email