Re: [nvo3] Poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06
"T. Sridhar" <tsridhar@vmware.com> Thu, 18 April 2019 06:40 UTC
Return-Path: <tsridhar@vmware.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB65E1200C5 for <nvo3@ietfa.amsl.com>; Wed, 17 Apr 2019 23:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=vmware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WgUOi8Cwzjxo for <nvo3@ietfa.amsl.com>; Wed, 17 Apr 2019 23:40:52 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680067.outbound.protection.outlook.com [40.107.68.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 048711200B6 for <nvo3@ietf.org>; Wed, 17 Apr 2019 23:40:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oSPIWx6uAO0DSRb1aEbZJQ8ysQ9Rd7LDr5w1OmmqZi0=; b=JFOxSIt4f4OKRoEZxk15T5a03L6LC7NePvp4+TngYWfIXulozxvZGr9MwGz7/Ix5BlIkuvub0TECsuF+d7ok8sPe69ZUKAcsEL4aFjn+bbgbnUx8LSVU9IM4HorDRFMIgdIFnWx5S52DWkZqdzW7OH7OUWsSfCQoogMqDYhi+nE=
Received: from CY4PR0501MB3828.namprd05.prod.outlook.com (52.132.100.140) by CY4PR0501MB3890.namprd05.prod.outlook.com (52.132.100.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.9; Thu, 18 Apr 2019 06:40:48 +0000
Received: from CY4PR0501MB3828.namprd05.prod.outlook.com ([fe80::e936:db8e:d2d4:7dee]) by CY4PR0501MB3828.namprd05.prod.outlook.com ([fe80::e936:db8e:d2d4:7dee%7]) with mapi id 15.20.1813.009; Thu, 18 Apr 2019 06:40:48 +0000
From: "T. Sridhar" <tsridhar@vmware.com>
To: "Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com>, "nvo3@ietf.org" <nvo3@ietf.org>
Thread-Topic: [nvo3] Poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06
Thread-Index: AQHU9bGoujle5E/hy0i+pTJZdoDYVg==
Date: Thu, 18 Apr 2019 06:40:48 +0000
Message-ID: <229C8F61-9402-4712-BC48-10F3E2FA031A@vmware.com>
References: <C4BF72BA-A692-4032-85E7-2A20992CCA37@nokia.com>
In-Reply-To: <C4BF72BA-A692-4032-85E7-2A20992CCA37@nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tsridhar@vmware.com;
x-originating-ip: [2601:647:4802:65d0:15a9:7d86:82a9:3b0a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c0ecc23-86d8-42c1-5d9a-08d6c3c8cac9
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR0501MB3890;
x-ms-traffictypediagnostic: CY4PR0501MB3890:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <CY4PR0501MB389002109E6A1752132686EAAC260@CY4PR0501MB3890.namprd05.prod.outlook.com>
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(346002)(39860400002)(136003)(366004)(189003)(199004)(486006)(36756003)(256004)(7110500001)(86362001)(6116002)(6246003)(316002)(15650500001)(71200400001)(14454004)(58126008)(478600001)(83716004)(25786009)(71190400001)(53936002)(5660300002)(14444005)(606006)(2420400007)(2501003)(97736004)(236005)(6512007)(6306002)(102836004)(46003)(11346002)(7736002)(68736007)(6436002)(8936002)(54896002)(229853002)(2616005)(33656002)(296002)(81156014)(6486002)(8676002)(6506007)(76176011)(99286004)(2906002)(110136005)(81166006)(53546011)(82746002)(186003)(476003)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR0501MB3890; H:CY4PR0501MB3828.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: vmware.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 2t00lZ4td81m8xlBALCOXKqpl5xz8beTsXbFEZTpBU1P2fvwppFS1m3v4VKw/KE1lZtAEjw7wSxBH/VoeWXBND4yrXybzGthz1GXo7yZzL6S9SE58gy31YIn9VAaD9ol7UYrG8IuOlRhEVq0ylNASTecHzcwRP5eDWlIokEv8C+NoRBkoY0zT4sYiZHDzllnaJrqVPAXOR4DDNgB3vRYtYLI2kw1H0LYlnlGOkKpPYhGM4E4KZujngTB2K7bpra1rYnvxRNW4+IN0TmfGNqPkkcLdzAf1UBseQIOW/5XxoLiJaz1CBMga2xhyPIdBjNX/wWTyQK91666y3rUBWJg9rFlAiIHR/ZMmsGF2EuF5hiluA03x7iILfFjRjxidtOpEb1qAxyVxjLThOBGVSv5xrCFb1XPfrFHkhDMP6wmkkU=
Content-Type: multipart/alternative; boundary="_000_229C8F6194024712BC4810F3E2FA031Avmwarecom_"
MIME-Version: 1.0
X-OriginatorOrg: vmware.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c0ecc23-86d8-42c1-5d9a-08d6c3c8cac9
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2019 06:40:48.1014 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0501MB3890
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/PqE3wwXoBL7VNTe-P9xppn-a35E>
Subject: Re: [nvo3] Poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 06:40:57 -0000
There is already another working group draft on NVO3 security (https://tools.ietf.org/html/draft-ietf-nvo3-security-requirements-07) which would be a good place to include information about Geneve specific security requirements. This draft has not been updated in a while but includes content which is broadly applicable to NVO3 including NVE-NVE data plane (i.e. Geneve) communication. My vote is for the draft-mglt-nvo3-geneve-security-requirements authors to include relevant sections of their draft in the existing nv03-security-requirements draft instead of the WG adopting another draft related to security. Section 6.2 of draft-ietf-nvo3-security-requirements is the section which can be enhanced to include information about Geneve security since it already details several areas common to both the drafts. I would also suggest not using the current categorization of draft-mglt-nvo3-geneve-security-requirements (SEC-OP and SEC-GEN – see below) when including text from draft-mglt-nvo3-geneve-security-requirements into draft-nvo3-security-requirements SEC-OP: requirements to evaluate a given deployment of Geneve overlay. Such requirements are intended to Geneve overlay provider to evaluate a given deployment. SEC-GEN: requirements a security mechanism need to fulfill to secure any deployment of Geneve overlay deployment In summary, I don’t support the adoption of this draft as a new WG document – we should add relevant content from here into the existing security requirements draft and continue to progress that. Thanks, Sridhar From: "Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com> Date: Wednesday, April 10, 2019 at 7:38 AM To: "nvo3@ietf.org" <nvo3@ietf.org> Subject: [nvo3] Poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06 This email begins a second two-week poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06 in the NVO3 working group. Please review the draft and send any comments to the NVO3 list. Please also indicate whether you support adoption of the draft as an NVO3 working group document. Note that supporting working group adoption indicates that you think the draft is headed in the right direction and represents a piece of work that the working group should take on and progress. It does not have to be technically perfect at this stage. This poll closes on Wednesday 24th April 2019. Regards Matthew and Sam
- [nvo3] Poll for adoption of draft-mglt-nvo3-genev… Bocci, Matthew (Nokia - GB)
- Re: [nvo3] Poll for adoption of draft-mglt-nvo3-g… Daniel Migault
- Re: [nvo3] Poll for adoption of draft-mglt-nvo3-g… Greg Mirsky
- Re: [nvo3] Poll for adoption of draft-mglt-nvo3-g… T. Sridhar
- Re: [nvo3] Poll for adoption of draft-mglt-nvo3-g… Daniel Migault
- Re: [nvo3] Poll for adoption of draft-mglt-nvo3-g… Ganga, Ilango S
- Re: [nvo3] Poll for adoption of draft-mglt-nvo3-g… Daniel Migault