IETF Logo Mail Archive

Re: [nvo3] Poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06

Daniel Migault <daniel.migault@ericsson.com> Tue, 23 April 2019 17:48 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81A3D12011D for <nvo3@ietfa.amsl.com>; Tue, 23 Apr 2019 10:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UzuB6YmZuXdo for <nvo3@ietfa.amsl.com>; Tue, 23 Apr 2019 10:48:01 -0700 (PDT)
Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5052612009C for <nvo3@ietf.org>; Tue, 23 Apr 2019 10:48:01 -0700 (PDT)
Received: by mail-qk1-f176.google.com with SMTP id c190so5355009qke.9 for <nvo3@ietf.org>; Tue, 23 Apr 2019 10:48:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e8q6BoSu4Yvi3nO1O5pff9Apm3ZUjcELs6DvGzE0Nhc=; b=SwgwTeNiOgQEdGQuvakYbbcBbj76pMdGP7F5K6oxErG1tK/68imXZSZN+BMtESwWGF NPK9NlVhUd7N7LCryS+vB6MxwWtzrCoZr/MJXKE4imWHYRJRgl/Pzlr3qIKf20Qcmv5l OuK4LMtI7CmiDDquGHmn8oELbdISRxls5V1BRGaktu7uFoA43z9EeZCD2me+gHFkKF9m lx/OQaB+ldjOY307adESN8ERcLQDAmXWYLXIB3s085u7rCmqBQx/iDdf+KjwD5qE8HuG M6PI4wRJSVQWyrxVYztu0JfquZp/a+sbDhZz5If5pRQ25R8hUvNd2xuX5fZcBuiJamI2 1qUQ==
X-Gm-Message-State: APjAAAXti1jJy8EnXWgJXDGEvTAKuaG+yAoiYOX+JD4+tRYnBVfOwtRE jwc90p6R+zVlwHIvr37lussiuVieMJzLQILRFQU=
X-Google-Smtp-Source: APXvYqxQOWh0OT6cyuQ61NZFSRcZRrQKzU3q6s0wSzQstXy94g7ePrHy3wQkq/PCOYr2qeUT1aE3O23POpLyAzCtnA8=
X-Received: by 2002:a37:73c3:: with SMTP id o186mr20545297qkc.71.1556041680212; Tue, 23 Apr 2019 10:48:00 -0700 (PDT)
MIME-Version: 1.0
References: <C4BF72BA-A692-4032-85E7-2A20992CCA37@nokia.com> <229C8F61-9402-4712-BC48-10F3E2FA031A@vmware.com>
In-Reply-To: <229C8F61-9402-4712-BC48-10F3E2FA031A@vmware.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 23 Apr 2019 13:47:49 -0400
Message-ID: <CADZyTkmS9H8dZNfY2n6+LgDZs8=AZ4fdehKouWRxwvR4A2C_nQ@mail.gmail.com>
To: "T. Sridhar" <tsridhar=40vmware.com@dmarc.ietf.org>
Cc: "Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com>, "nvo3@ietf.org" <nvo3@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009ad74e0587362f9d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/WyfwJXh04DKjlE9ZR_X7K-PlxqI>
Subject: Re: [nvo3] Poll for adoption of draft-mglt-nvo3-geneve-security-requirements-06
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 17:48:04 -0000

Hi T. Sridhar,

Thanks for the feedbacks.

My reading of your feedback, is that you are supporting a security
analysis for Geneve, however, you would have prefered it to be part of a
document
expired since 2016 dealing another topic written by a different team of
co-authors. You are correct that is not what happened and since then,
you comment might be interpreted like a support for adopting the document.

As far as I understand, you do not have technical concerns. That reality
could have been otherwise might not be sufficient to oppose adoption of
a document. If there ever have been any technical concerns, we would
be pleased to heard them clearly.  I believe raising them would be more
 appropriated for a call for adoption -- as well as helpful for the
co-authors
of the document.

Note also that we checked the Geneve security document was aligned with
the more generic recommendations of NVO3. It has been decided by the WG
and the chairs to include the relevant NVO3 recommendations that apply
to Geneve in the current document rather than building on top of the
NVO3 requirements.

Note also that the notation SEC-OP/SEC-GEN have been proposed as a way to
address the WG concerns:
* How to evaluate a Geneve deployment is secure
* What are the requirements for a Geneve Security mechanisms to secure
Geneve deployments.
Are you suggesting after adoption, these two questions should be provided
in two
different documents ?

Yours,
Daniel



On Thu, Apr 18, 2019 at 2:41 AM T. Sridhar <tsridhar=
40vmware.com@dmarc.ietf.org> wrote:

>
>
> There is already another working group draft on NVO3 security (
> https://tools.ietf.org/html/draft-ietf-nvo3-security-requirements-07)
> which would be a good place to include information about Geneve specific
> security requirements. This draft has not been updated in a while but
> includes content which is broadly applicable to NVO3 including NVE-NVE data
> plane (i.e. Geneve)  communication.
>
>
>
> My vote is for the draft-mglt-nvo3-geneve-security-requirements authors to
> include relevant sections of their draft in the existing
> nv03-security-requirements draft instead of the WG adopting another draft
> related to security.
>
>
>
> Section 6.2 of draft-ietf-nvo3-security-requirements  is the section which
> can be enhanced to include information about Geneve security since it
> already details several areas common to both the drafts.  I would also
> suggest not using the current categorization of
> draft-mglt-nvo3-geneve-security-requirements (SEC-OP and SEC-GEN – see
> below) when including text from
> draft-mglt-nvo3-geneve-security-requirements  into
> draft-nvo3-security-requirements
>
>
>
> SEC-OP: requirements to evaluate a given deployment of Geneve overlay.
> Such requirements are intended to Geneve overlay provider to evaluate a
> given deployment.
>
>
>
> SEC-GEN: requirements a security mechanism need to fulfill to secure any
> deployment of Geneve overlay deployment
>
>
>
> In summary, I don’t support the adoption of this draft as a new WG
> document – we should add relevant content from here into the existing
> security requirements draft and continue to progress that.
>
>
>
> Thanks,
>
> Sridhar
>
>
>
>
>
> *From: *"Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com>
> *Date: *Wednesday, April 10, 2019 at 7:38 AM
> *To: *"nvo3@ietf.org" <nvo3@ietf.org>
> *Subject: *[nvo3] Poll for adoption of
> draft-mglt-nvo3-geneve-security-requirements-06
>
>
>
> This email begins a second two-week poll for adoption of
> draft-mglt-nvo3-geneve-security-requirements-06 in the NVO3 working group.
>
>
>
> Please review the draft and send any comments to the NVO3 list.
>
>
>
> Please also indicate whether you support adoption of the draft as an NVO3
> working group document.
>
>
>
> Note that supporting working group adoption indicates that you think the
> draft is headed in the right direction and represents a piece of work that
> the working group should take on and progress. It does not have to be
> technically perfect at this stage.
>
>
>
> This poll closes on Wednesday 24th April 2019.
>
>
>
> Regards
>
> Matthew and Sam
>
>
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3
>

v2.23.0 | Report a Bug | By Email