Re: [Lsvr] security against what?
"Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com> Tue, 04 September 2018 08:16 UTC
Return-Path: <gunter.van_de_velde@nokia.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12C1C130DFB; Tue, 4 Sep 2018 01:16:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ci3XjUib4LX4; Tue, 4 Sep 2018 01:16:38 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0096.outbound.protection.outlook.com [104.47.1.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C585130DEF; Tue, 4 Sep 2018 01:16:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SKpd5OWd1kQQsDkwIj3qSglpbqhZkJneJZUu+22k6HI=; b=Uc6+3dJ4GYTf0srFhY5YnzXUZblZfOh4OP/Wj0R4ZPnOxUvxbcNiQixOGvnzuOG6JWaQK5WU8bWOiIv1zR+beJoFeVlFcA5hsVGddXZbmI5d5Y2e+PSxX4P7VNR4kQM1zzg5jLFwj0ywv1x9G5WclpulRhNEkK9I/81Rw7F7zDQ=
Received: from AM5PR0701MB1729.eurprd07.prod.outlook.com (10.167.215.136) by AM5PR0701MB2899.eurprd07.prod.outlook.com (10.168.156.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.8; Tue, 4 Sep 2018 08:16:33 +0000
Received: from AM5PR0701MB1729.eurprd07.prod.outlook.com ([fe80::6108:19f1:f3a:7125]) by AM5PR0701MB1729.eurprd07.prod.outlook.com ([fe80::6108:19f1:f3a:7125%2]) with mapi id 15.20.1122.009; Tue, 4 Sep 2018 08:16:33 +0000
From: "Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>
To: "lsvr@ietf.org" <lsvr@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
CC: Randy Bush <randy@psg.com>
Thread-Topic: [Lsvr] security against what?
Thread-Index: AQHUKIRnB1utw2csLUuWDeq/IlDMM6Tf/Duw
Date: Tue, 04 Sep 2018 08:16:33 +0000
Message-ID: <AM5PR0701MB172966DC99841C55D5E26CA2E0030@AM5PR0701MB1729.eurprd07.prod.outlook.com>
References: <m21sbkjba8.wl-randy@psg.com>
In-Reply-To: <m21sbkjba8.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=gunter.van_de_velde@nokia.com;
x-originating-ip: [2a02:1810:4d67:a00:840:cf05:9be2:59ff]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM5PR0701MB2899; 6:cLxagXzLA5NQs+vEJMy68M9UOrwypcjtMoNLbfoFfn6pIfnupnAAyFWTG4Q3B8qGmd6dy4skqEjUi2Nb2lqlGIF01ADB32FyUVr2RTcOQOBCmqvSDguHYGTFpfITFJzsJ2G47sOdXtgeu4NiFb5dhLQGGNMhXzHxPnirNhGmYk++l6tGUFeEjswkBjR5/ekk4rMhbBW44q596xZanab/+Y7vGee0h5QVydkyNNt9HpdsQIi+0R+ZOrVz3APyOA+I8N81t+J5zvEQ3bu05HVhitURbNV1FOn+DQ6L2QhRq7akvv1dS6QrnJGkZr5E2zY7keLTOa6nChGPWbqkEGjmI7nC5FVLynzcAaIKRPSEEOBHsePgrQMxMwIBPW8jvvg73ryHqvbTYgG07ZmIzw5kHegPkTW2enkcL8PF4grSdvifrtNhj8dOJoZ9bRBSC0fGmsa5V7gP5ln+BclGCRuC/w==; 5:GW6j0958yJsF0IJNAmzv+bEbrI0E1KGCtV6wYNEy8VoPJAytoriClAVuigP4OLweYl5U1wTwIs8mHfV0n93cjv1IciEcmvp6lLsEDPfhXNtmLb7eHXahib4XhZns5uVNZQMT1sL+L/Kem2etPDWzCHu8XtbXtdLSpzkxtn9Bz20=; 7:/SlvLCwNmyuMGRa7yVyo5P5qLNCU9i+XyPuTmbtjddg6hSZypA3bTyrmASF1D7LdP2z3Ilmr90jkCRpNhYibIPgRpoOeZBn9AL6LeT/tZH3Xpdx0kAl4oE8hCR+3ggL+86OiINs8fw3jc1LPoVRopI4ouX1fMhvEfGVE1egFIF3W0KR+rEyELDtWHUGBuwXM3EBnozpucwhLSjSc7lQLDVNCQaFADo5VsRcXNgCiuxP++Qek9cJOmQVVPPoGOLgj
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f404bffa-2c8c-4ab2-b787-08d6123eb9c3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:AM5PR0701MB2899;
x-ms-traffictypediagnostic: AM5PR0701MB2899:
x-microsoft-antispam-prvs: <AM5PR0701MB28997FCACD6E29190B7300A1E0030@AM5PR0701MB2899.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231311)(11241501184)(806099)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699016); SRVR:AM5PR0701MB2899; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0701MB2899;
x-forefront-prvs: 0785459C39
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(396003)(346002)(376002)(39860400002)(366004)(53754006)(13464003)(189003)(199004)(478600001)(316002)(6436002)(186003)(229853002)(8676002)(81156014)(74316002)(46003)(33656002)(4326008)(110136005)(68736007)(81166006)(14454004)(6246003)(53936002)(8936002)(6116002)(55016002)(102836004)(97736004)(106356001)(105586002)(6306002)(966005)(6506007)(2900100001)(7696005)(15650500001)(11346002)(5250100002)(76176011)(53546011)(256004)(476003)(86362001)(305945005)(14444005)(486006)(5660300001)(25786009)(99286004)(446003)(2501003)(2906002)(9686003)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0701MB2899; H:AM5PR0701MB1729.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: GPkyXPhnLi+8rsuDmuuRQzd1UvTMp/COlRYs8m2vdfQoa0G0oqX/dNgSqRdVtyUlno7bWNjMe5OnqckDohpCAm0czA6+F4uXXW1fuxyE5ygdbOfNtjjNDiBmZdO4zlJ7F+HcVIFCCwxdyCDvzQpE80YtsM+WIepmUEYDEiBE7dIS+b1ICJLwWKNMyndTBtyJ7tuMO5Q5p8Rs5QUQ/dV4D0QKG23qV2hCBfckOMNPXwCFNXzaMYgFtmgWr2K13I7+03eG9sng9fkXgnUNpU/90L/k9bWH8U8uzhwm/VsMjVMT9V/qybS5opyO2BpJxWY6Bbr0CpA+i7Wx3hddGLGtvkQK+MI1Ml/nybK8jiHdvHaABs1u6shfyVhgJABC8DWWNDLEUCuMyULcAUzRJTLgYg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f404bffa-2c8c-4ab2-b787-08d6123eb9c3
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2018 08:16:33.2606 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2899
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/lSb9MAM82mACf_be24gIFCWC3Yg>
Subject: Re: [Lsvr] security against what?
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2018 08:16:40 -0000
Hi All, Holiday season is over, maybe time to progress the discussion about DC security properties. Any constructive comments regarding the below "crude guess as a straw" from Randy? Brgds, Gunter VdV LSVR WG co-chair -----Original Message----- From: Lsvr <lsvr-bounces@ietf.org> On Behalf Of Randy Bush Sent: Tuesday, July 31, 2018 06:10 To: Little Strange Very Real <lsvr@ietf.org> Subject: [Lsvr] security against what? at the montréal meeting, a few datacener operators said they were seriously concerned about security. befofe thinking about any solution space, i am interested in the basic question, what is the threat model? here is my crude guess as a straw not so much intentional mitm by an attacker strange/unauthorized device plugs into a port. 92.3% of the problems will be a miswire. datacenter clos miswires are a major issue. someone plugs a (accidentally) poisoned laptop into a clos port. clue bat from the ops, please. randy _______________________________________________ Lsvr mailing list Lsvr@ietf.org https://www.ietf.org/mailman/listinfo/lsvr
- [Lsvr] security against what? Randy Bush
- Re: [Lsvr] security against what? Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [Lsvr] [OPSEC] security against what? Erik Kline
- Re: [Lsvr] [OPSEC] security against what? Randy Bush
- Re: [Lsvr] [OPSEC] security against what? Christopher Morrow
- Re: [Lsvr] security against what? Tony Przygienda
- Re: [Lsvr] [OPSEC] security against what? Randy Bush
- Re: [Lsvr] [OPSEC] security against what? Christopher Morrow
- Re: [Lsvr] [OPSEC] security against what? Randy Bush
- Re: [Lsvr] [OPSEC] security against what? Christopher Morrow