Re: [Lsvr] security against what?
Tony Przygienda <tonysietf@gmail.com> Tue, 04 September 2018 14:25 UTC
Return-Path: <tonysietf@gmail.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 079C4130EED for <lsvr@ietfa.amsl.com>; Tue, 4 Sep 2018 07:25:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.098
X-Spam-Level:
X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20p5r3a3QsPG for <lsvr@ietfa.amsl.com>; Tue, 4 Sep 2018 07:25:33 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBD67130EE3 for <lsvr@ietf.org>; Tue, 4 Sep 2018 07:25:32 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id u1-v6so3423611eds.1 for <lsvr@ietf.org>; Tue, 04 Sep 2018 07:25:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gZouCqJ3ZIfvLCfqJ5SzBhLNjmfx4OFlY0mBy8rqVV8=; b=TiyJGxAVEvsX0VJu8epA/z9/8X3TDfc0lVRpTXzdW3LGqJTGLu0+QCQWNdulB5kqu2 d+7MTtCv6uOGraO1nkwLsZOcqKkWo4EwrpR9lR2hsJ9lFCNaUHbRnPezprS3fQYbNPA4 ztuEI3f9WH+h+MezLEXGh0XXBQGl1GvlsNgh0ASKTmLGF7t3egrkOdcXVvxntT8hZBIN 3DEGXOLPIFbje9hIUkMloNHLks5dQBTUgcSd6X7qLMth3AyUXw8/31fbQtzUsMfcqbXC DhXmyd8iNqZo5z/U33p0U9VD2giptQpkx80DIt9jkUoqI1LOEuV/jl2KXfPm++YDhmxo 8JWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gZouCqJ3ZIfvLCfqJ5SzBhLNjmfx4OFlY0mBy8rqVV8=; b=fX8rEty+3GUAddb1LahlBddEsIi4jc7MTGk9WkdGS1Qxx8FfO79TPTwQxdrR/7nOC3 ORZ06GaET7zG1GgaHz7348aHJf3DdwLQvo0pJTVCFdDBVPaIA1gF/hA05Y+dh3Ol4emP HJSXYv/Q4p1G3rskaXQiNxDYFPpHf6IKwlwnoFdqH+960jQejXhTkg6V8Suaa6VtcdSu lAEgMErsAJ/NCAqx5/V8mo1++mxBKg6YxZFvQ2a/qbkzYFZS0R7xfblOw/rn3wd4hlra rY9+a0yWMfXcpYr34XKVmyD1xnq0NCnKBb4zC8rwcwWGL0Ecq27SrCTAPpz5s3fzt97o xqXw==
X-Gm-Message-State: APzg51CCJTbb6sIyrJ8qhQTs69vu7EnQFWAoNbqI/Dl8QlejG47G8ROg NEvUKtNeUqupEnVvlnOgPv4tOwOlrNv55pV/WYQ=
X-Google-Smtp-Source: ANB0VdYdap8uMdIwSEqSC4xchxV4bIy1OFL2wjlqt1J5nnmXFHXCcdHxH3UrqYMu6EP55w6lXjJLcGzoIEtdGhyUi0o=
X-Received: by 2002:a50:8d5e:: with SMTP id t30-v6mr37549379edt.256.1536071131342; Tue, 04 Sep 2018 07:25:31 -0700 (PDT)
MIME-Version: 1.0
References: <m21sbkjba8.wl-randy@psg.com>
In-Reply-To: <m21sbkjba8.wl-randy@psg.com>
From: Tony Przygienda <tonysietf@gmail.com>
Date: Tue, 04 Sep 2018 07:24:56 -0700
Message-ID: <CA+wi2hOLVKZjnsX-qFi-V995h_VuN+drtke_Ayye46fOqEawTw@mail.gmail.com>
To: Randy Bush <randy@psg.com>
Cc: lsvr@ietf.org
Content-Type: multipart/alternative; boundary="000000000000222c1b05750c6ec9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/8tMa6vUIJub0QniEfaVKfaOMPcU>
Subject: Re: [Lsvr] security against what?
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2018 14:25:35 -0000
agreed, very interestig discussion if it can be had. the miswire/rogue laptop was what I heard muttered since a bit. whether solution is authenticated address asignment (what if they show up with static?), some mac security, insisting on some flavor of L3 adjacency with authentication and so on seemed to be in the eye of the beholder ;-) ... There are some ideas around ND in groups like 6lo btw. other flavor was link snooping & there MACSEC is probably a viable answer. yes, operators please ... thanks --- tony On Mon, Jul 30, 2018 at 9:10 PM Randy Bush <randy@psg.com> wrote: > at the montréal meeting, a few datacener operators said they were > seriously concerned about security. befofe thinking about any solution > space, i am interested in the basic question, what is the threat model? > > here is my crude guess as a straw > > not so much intentional mitm by an attacker > > strange/unauthorized device plugs into a port. 92.3% of the problems > will be a miswire. datacenter clos miswires are a major issue. > > someone plugs a (accidentally) poisoned laptop into a clos port. > > clue bat from the ops, please. > > randy > > _______________________________________________ > Lsvr mailing list > Lsvr@ietf.org > https://www.ietf.org/mailman/listinfo/lsvr >
- [Lsvr] security against what? Randy Bush
- Re: [Lsvr] security against what? Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [Lsvr] [OPSEC] security against what? Erik Kline
- Re: [Lsvr] [OPSEC] security against what? Randy Bush
- Re: [Lsvr] [OPSEC] security against what? Christopher Morrow
- Re: [Lsvr] security against what? Tony Przygienda
- Re: [Lsvr] [OPSEC] security against what? Randy Bush
- Re: [Lsvr] [OPSEC] security against what? Christopher Morrow
- Re: [Lsvr] [OPSEC] security against what? Randy Bush
- Re: [Lsvr] [OPSEC] security against what? Christopher Morrow