[nvo3] Review of draft-ietf-nvo3-geneve-13
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 02 July 2019 19:43 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35F0B12016D for <nvo3@ietfa.amsl.com>; Tue, 2 Jul 2019 12:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoRXyCbNp90s for <nvo3@ietfa.amsl.com>; Tue, 2 Jul 2019 12:43:24 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CDB9120712 for <nvo3@ietf.org>; Tue, 2 Jul 2019 12:43:24 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id n5so18468478otk.1 for <nvo3@ietf.org>; Tue, 02 Jul 2019 12:43:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=E2X9v0xQOAur6R5Ao+cyKhISa2VwkfvbiivsdIfytfA=; b=LuYfaXuuCxlvA0tKwYZotJwGqeV1iKXPeCotZPZn6+2pexs780aSJ7+CMEAi16tRWm l55bToRKolfjbWr3bl07XZOi5oT3FJuNOLKDQW8Sv2AnsyOsZp41KwubSRC0DQnl+Hgq K6SdjbTvXWstGlVA6T4PyBSahEvv2dGEzAxRYXxVnNPZFd5RCkDMwd2WBywk8SZmJ7YO QcV3Dl3x3ssuvTbWGindOiKbD/PVSWxw9sT2iWMpFl5QQut9mc1QGUgNd91T8pBNiPQD uHTUsbVL0EhL3uf6W0Ubn48UZfnkM2Opb1w+mJC8uwobEpsLS1e21jIcf2Bnrto6hEre RHMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=E2X9v0xQOAur6R5Ao+cyKhISa2VwkfvbiivsdIfytfA=; b=jLv3MREwZ8WNC7z2bDPXD4fCtwxR0NupoHxOhA2kkS+HxwJCl6VIBhlL3aao6iyk9K I+KapKu30RjlOG4zILxAayNETb5QSCl2Mvwr4rldvPdOIIFg47RI3C/kI9DeBjkqvV4D ZAYYaLE32KhCfIZniFIGNcHGou6QKyChmupPAKCFaKE/4pvbrV7BCw7q2KqvAkgQClCL LmJXSkSBVihsVYbeEpGu1+6kr47eqZfCIpaeORTpPvbRiwd2Efk9traiG6TQ7K8aM9J3 k7OsuWOFDiqNFVt/Opt4ZyLzniSd+QMb40cdOkPvsMYHblTimKH/wSthE4Nng+mKIxU2 bSzA==
X-Gm-Message-State: APjAAAUAcyb/ndswO4vNbP9z7kelZnCYqvQ+eTjIRLUEPAeVTEy+4SHk KVfSoHEPcR63OprhmGAVUABgbZw6uBfE62BKyJk8ZGd+
X-Google-Smtp-Source: APXvYqyH7hFfn3v1/WmpWTIZjQ43n6bZuvacodK1OhVl3jd27HmiS3B3wWA7Jg79Vt4IQ3WkYbs78GDa1nIb9mdESEk=
X-Received: by 2002:a05:6830:1319:: with SMTP id p25mr16891482otq.224.1562096603393; Tue, 02 Jul 2019 12:43:23 -0700 (PDT)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 02 Jul 2019 15:42:47 -0400
Message-ID: <CAHbuEH66JZd1KOi5_mL8nzdTZ7WjSsOQP8a3B+oSwA6wNnfDKw@mail.gmail.com>
To: nvo3@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002672b4058cb7f589"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/fVBvcDhP1evI-HcVlWdJHji0emo>
Subject: [nvo3] Review of draft-ietf-nvo3-geneve-13
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 19:43:26 -0000
Hello, I just read through draft-ietf-nvo3-geneve, sorry I am out-of-cycle in the review process, but it looks like it has not started IETF last call yet. I have what's really just a nit and request for a little more text. Section 4.3.1 The value of the UDP checksum is overstated. The text should note that corruption is still possible as this is a checksum and not a hash with low collision rates. Corruption happens and goes undetected in normal operations today. The security considerations section does address the recommendation to use IPsec, but making the connection on the UDP checksum being inadequate could be helpful. Reality: The way this is written, I suspect there really are no plans to use IPsec with GENEVE, are there? The MUST statements around not altering traffic can only be achieved with IPsec, so if the intent is really to enforce the early MUST statements in the document, sooner mention of IPsec would be good. If this is more for detecting corruption (and not having that be 100% or close) that should be clear up front. I'm just envisioning use cases where the virtual path is set differently to the physical path for expected operations to route through desired security functions, then an attacker alters checksums to avoid detection of these changes. Thanks and sorry for a late review! -- Best regards, Kathleen
- [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Daniel Migault
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Daniel Migault
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Ganga, Ilango S
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Dale R. Worley
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Daniel Migault
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Greg Mirsky
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Greg Mirsky
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Kathleen Moriarty
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Ganga, Ilango S
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Anoop Ghanwani
- Re: [nvo3] Review of draft-ietf-nvo3-geneve-13 Ganga, Ilango S