Re: [nvo3] Review of draft-ietf-nvo3-geneve-13
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 30 July 2019 17:20 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647CB12019C for <nvo3@ietfa.amsl.com>; Tue, 30 Jul 2019 10:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PhQYKHH4zoMS for <nvo3@ietfa.amsl.com>; Tue, 30 Jul 2019 10:20:33 -0700 (PDT)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35B3E120196 for <nvo3@ietf.org>; Tue, 30 Jul 2019 10:20:33 -0700 (PDT)
Received: by mail-ot1-x32c.google.com with SMTP id z23so38764945ote.13 for <nvo3@ietf.org>; Tue, 30 Jul 2019 10:20:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7neRYmbgFEHOLm+ou678fot3PmUc75s35GFI9kYOjX4=; b=Fby6ngJCrSkiTr76FVRp4Lk2s9Rqt3LNwuP8PaanRfBFS0xne3nwuYq96cBkaGRh8r wonPlNpAqtBDAvUOvUAi0rs5ZxtS10YLz+u6X5KGz99ZP8CVzPA1kuViXvtsd5x3vyb3 yjJgI2BzgI4jmUATIeeoMxsnhlk2DATyPqtMcpVV2G6r3tELfadFc6jAFzcpjJvl9TZn hDNxe9NiwTDeZBoL7/xWNCh26rpajt2olbKGR0/S0PbfOlaGFD0DyimEHPfA1kwJrDtk 8szAeKWl8g1VJMgckGI8dh6AkBDMDfFMXr8yLXDJmj1Q1vqW8yP5zh5zXXK4vV4uKBmt FmZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7neRYmbgFEHOLm+ou678fot3PmUc75s35GFI9kYOjX4=; b=Vhx8zauQpdpKr9e/z+xTpyKV4ooNNDECufGZoSjGW519kNRzTr01c8hVUy2UBrh0eh LwYSJlyRiSbxg5V0UBriLjqLgm7hE6QZiuspKgTi4m4Jk5tBnT6z6JpASdGXIt+TxZJn lJ6m8cueGY+C1aww9SutHLnX8l7aV6t6/TayrltRNp92Ms5FIfYjwK9L9WuEVehfqKzE D+cvjWVqglD2BPiErQKH69AtyLXpBzwXL8eidR7aCQ6A/FkmrKH+9eLndJXP/AnNWeUX ru6u69S+FbOOsk4kBv7ZOMHvk5vntbH2K/x8TGNnmsFuu4J4ts31kiMLSvaVtX8P773M V75w==
X-Gm-Message-State: APjAAAVPzz3enwGeEFLtr1e7htN4REM0RON4o0Bkyr9Jl+IA4+A38CDG 7/vRBwZ5uZryu+F9Ef37dEdjLxGaeeZdVcHBfqw=
X-Google-Smtp-Source: APXvYqx48rEewj+XdXZG0chjAGCh+BSzJ9OIly37fykgAq5rthnHvvh0xbol/pXDSJbtVXg6xEyUtikJOOeVymqMx1c=
X-Received: by 2002:a05:6830:1319:: with SMTP id p25mr58015473otq.224.1564507232553; Tue, 30 Jul 2019 10:20:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbuEH66JZd1KOi5_mL8nzdTZ7WjSsOQP8a3B+oSwA6wNnfDKw@mail.gmail.com> <C5A274B25007804B800CB5B289727E35905C4AA0@ORSMSX116.amr.corp.intel.com>
In-Reply-To: <C5A274B25007804B800CB5B289727E35905C4AA0@ORSMSX116.amr.corp.intel.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 30 Jul 2019 13:19:56 -0400
Message-ID: <CAHbuEH7gwqG+4-MrZv3ZCA18rSWAwrJZDXHdU_9guxq2FTWURQ@mail.gmail.com>
To: "Ganga, Ilango S" <ilango.s.ganga@intel.com>
Cc: "nvo3@ietf.org" <nvo3@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d89221058ee9397c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/Um50hf-dybpYQXr1fcKGYfylhXE>
Subject: Re: [nvo3] Review of draft-ietf-nvo3-geneve-13
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 17:20:35 -0000
Thank you, Ilango, inline. On Thu, Jul 25, 2019 at 5:18 PM Ganga, Ilango S <ilango.s.ganga@intel.com> wrote: > Hello Kathleen, > > > > Thanks for your review of draft-ietf-nvo3-geneve-13. We could provide > additional clarification in section 4.3 to address your comment. Please let > us know if this satisfies your comment. > > > > Current text in Section 4.3, first paragraph: > > In order to provide integrity of Geneve headers, options and payload, > > for example to avoid mis-delivery of payload to different tenant > > systems in case of data corruption, outer UDP checksum SHOULD be used > > with Geneve when transported over IPv4. An operator MAY choose to > > disable UDP checksum and use zero checksum if Geneve packet integrity > > is provided by other data integrity mechanisms such as IPsec or > > additional checksums or if one of the conditions in Section 4.3.1 <https://tools.ietf.org/html/draft-ietf-nvo3-geneve-13#section-4.3.1> a, > > b, c are met. > > > > Proposed text to 4.3 that we believe would address your comments: > > > > In order to provide integrity of Geneve headers, options and payload, > > for example to avoid mis-delivery of payload to different tenant > > systems in case of data corruption, outer UDP checksum SHOULD be used > > with Geneve when transported over IPv4. "The UDP checksum provides a statistical guarantee that a payload was not corrupted in transit. These integrity checks are not strong from a coding or cryptographic perspective and are not designed to detect physical-layer errors or malicious modification of the datagram (see RFC 8085 section 3.4). In deployments where such a risk exists, an operator SHOULD use additional data integrity mechanisms such as offered by IPSec (see Section 6.2)." > > > > An operator MAY choose to > > disable UDP checksum and use zero checksum if Geneve packet integrity > > is provided by other data integrity mechanisms such as IPsec or > > additional checksums or if one of the conditions in Section 4.3.1 <https://tools.ietf.org/html/draft-ietf-nvo3-geneve-13#section-4.3.1> a, > > b, c are met. > > I think the additional text is helpful to have the full security considerations understood. I appreciate you adding it in the draft. I'll respond to other messages in the thread and apologize for my delay. Best regards, Kathleen > > > Thanks, > > Ilango > > > > > > *From:* nvo3 [mailto:nvo3-bounces@ietf.org] *On Behalf Of *Kathleen > Moriarty > *Sent:* Tuesday, July 2, 2019 12:43 PM > *To:* nvo3@ietf.org > *Subject:* [nvo3] Review of draft-ietf-nvo3-geneve-13 > > > > Hello, > > > > I just read through draft-ietf-nvo3-geneve, sorry I am out-of-cycle in the > review process, but it looks like it has not started IETF last call yet. I > have what's really just a nit and request for a little more text. > > > > Section 4.3.1 > > The value of the UDP checksum is overstated. The text should note that > corruption is still possible as this is a checksum and not a hash with low > collision rates. Corruption happens and goes undetected in normal > operations today. > > The security considerations section does address the recommendation to use > IPsec, but making the connection on the UDP checksum being inadequate could > be helpful. > > > > Reality: > > > > The way this is written, I suspect there really are no plans to use IPsec > with GENEVE, are there? The MUST statements around not altering traffic > can only be achieved with IPsec, so if the intent is really to enforce the > early MUST statements in the document, sooner mention of IPsec would be > good. If this is more for detecting corruption (and not having that be > 100% or close) that should be clear up front. > > > > I'm just envisioning use cases where the virtual path is set differently > to the physical path for expected operations to route through desired > security functions, then an attacker alters checksums to avoid detection of > these changes. > > > > Thanks and sorry for a late review! > > > > -- > > > > Best regards, > > Kathleen > -- Best regards, Kathleen
- [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Daniel Migault
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Daniel Migault
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Ganga, Ilango S
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Dale R. Worley
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Daniel Migault
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Greg Mirsky
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Greg Mirsky
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Ganga, Ilango S
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Ganga, Ilango S