[nvo3] Secdir last call review of draft-ietf-nvo3-encap-10
Tero Kivinen via Datatracker <noreply@ietf.org> Thu, 23 November 2023 19:17 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: nvo3@ietf.org
Delivered-To: nvo3@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 766D9C16F3E8; Thu, 23 Nov 2023 11:17:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Tero Kivinen via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-nvo3-encap.all@ietf.org, last-call@ietf.org, nvo3@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.15.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170076703847.6627.5961940066557253300@ietfa.amsl.com>
Reply-To: Tero Kivinen <kivinen@iki.fi>
Date: Thu, 23 Nov 2023 11:17:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/ft_Ucwh9BxnwDAJwAlJcLgzV-ug>
Subject: [nvo3] Secdir last call review of draft-ietf-nvo3-encap-10
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2023 19:17:18 -0000
Reviewer: Tero Kivinen Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is the result of the design team chartered to work on the common encapsulation that addresses the various technical concerns. It does this by comparing three encapsulation protocols: Geneve, GUE, and GPE. The security considerations section say: This document does not introduce any additional security constraints. Which is true, as the document does not review the security (or lack of it) in the encapsulation protocols, but section 6.2.2 do discuss about security/integrity extensions. It also recommends that the "the WG work on security options for Geneve." Nits: Typo in section 6.4: /svailable/available/ Invalid capitalization of IPsec in section 6.2.2 (twice) and once in section 7. /IPSEC/IPsec/
- [nvo3] Secdir last call review of draft-ietf-nvo3… Tero Kivinen via Datatracker
- Re: [nvo3] Secdir last call review of draft-ietf-… Donald Eastlake