Re: [nvo3] Geneve architecture and question around transit devices
Daniel Migault <daniel.migault@ericsson.com> Sat, 02 March 2019 17:04 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35390128CF3 for <nvo3@ietfa.amsl.com>; Sat, 2 Mar 2019 09:04:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.018, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MGVZgDBxZM4 for <nvo3@ietfa.amsl.com>; Sat, 2 Mar 2019 09:04:43 -0800 (PST)
Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AF96130E16 for <nvo3@ietf.org>; Sat, 2 Mar 2019 09:04:43 -0800 (PST)
Received: by mail-lj1-f181.google.com with SMTP id d14so783003ljl.9 for <nvo3@ietf.org>; Sat, 02 Mar 2019 09:04:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LjtV7VIJbznROfmovUCTB/B/FPF90Gl29M9AbqX/76M=; b=ILHyDnM+Ebq5YxnKshH8+eNvaHpJ3RU9AiAyrJnX8O1oCzFyivnXJeMDNRqv2NWfpd EYL5SkagWWw9OUO7FFpRBMRZ0C+qJ/1kZ9oWjdwlYIM/ykGAAnUhDkPoe5QyNz9wy9zM InRe0jnQpLxOHhgYwxwvJQLxopGUU5g7r8vg0fPM5Z1M2axxfZCqgE/dDiPkqrnFAi+8 HABcbn/dh0DBk6LhYTiq/INTxeDIinexhCTPQTnz1aSq99Ss3MuOD899so/WxBfx3lyd gmQQ6mcbtKQAu1EtlR9iyDJ9cq7vk3XdSMaob/2ZyF1AWbqqf0ki8Ty9DJM88cJvmCwU fkPQ==
X-Gm-Message-State: APjAAAXFk7vPrqRE3x64gXlLB3iC6B+26OSeGRgoVgiew+qsY5ZJhFLS TBOFFhwD/cval1oEZKcuU2V2AVmLVa0RWLdjNz4=
X-Google-Smtp-Source: APXvYqxf7bNyie1OWFhHClOT3Lu9gTa+8s3qHL/mVbBv9Kmzj+VITHmk+2wazljUE9MYKmx4zQSAIPTLyDERAkIEl44=
X-Received: by 2002:a2e:8659:: with SMTP id i25mr6075181ljj.110.1551546281250; Sat, 02 Mar 2019 09:04:41 -0800 (PST)
MIME-Version: 1.0
References: <CADZyTkmzra0wMT_uXakOYkA7DaAvKHqhK8mAyGEWaMBco0H-SQ@mail.gmail.com> <5C7966D4.90704@aon.at>
In-Reply-To: <5C7966D4.90704@aon.at>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Sat, 02 Mar 2019 12:04:30 -0500
Message-ID: <CADZyTkns8EoStVQr4zjm6=wPRm=4rQJmAceHhTHU_rdfiaZ6ow@mail.gmail.com>
To: Michael Kafka <m.kafka@aon.at>
Cc: NVO3 <nvo3@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2543005831f8481"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/ekLofhq8erRLE_Msuk8N_SCdhcs>
Subject: Re: [nvo3] Geneve architecture and question around transit devices
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Mar 2019 17:04:46 -0000
Hi, Thanks for the response. In my view group communication does not address the threat model in the context of Geneve, more especially, I am not sure that group communication considers that some piece of information can be disclosed to a subset of the members of the group. That said, if you believe that could be a way to address the threat model, I am more than happy to hear from you. The mls WG may also have interesting discussions related to group communications. Instead, what I had in mind were all discussions/proposals/academic publications around TLS and the coexistence of middle boxes. Discussions includes but are not limited to an explicit signaling of the middle box, the disclosed information to the middle box versus the information not disclosed... Yours, Daniel ~ On Fri, Mar 1, 2019 at 12:07 PM Michael Kafka <m.kafka@aon.at> wrote: > On 19/03/01/ 17:23, Daniel Migault wrote: > > > As mentioned earlier, this cannot be true and providing end-to-end > > security between three or more party has not yet been solved at the > > IETF. > > Just off the top of my head: > > OSPFv3, 7. Key Management, static keys, > https://tools.ietf.org/html/rfc4552#page-5 > Static keys could be distributed in SDN environments through > central controller. Requires mutual trust. > > Much older GSAKMP from the era of IKE/ISAKMP, still standards > track, not obsoleted > https://tools.ietf.org/html/rfc4535 > > Rgds, MiKa > > _______________________________________________ > nvo3 mailing list > nvo3@ietf.org > https://www.ietf.org/mailman/listinfo/nvo3 >
- [nvo3] Geneve architecture and question around tr… Daniel Migault
- Re: [nvo3] Geneve architecture and question aroun… Michael Kafka
- Re: [nvo3] Geneve architecture and question aroun… Daniel Migault
- Re: [nvo3] Geneve architecture and question aroun… Michael Kafka
- Re: [nvo3] Geneve architecture and question aroun… Daniel Migault