Re: [secdir] secdir review of draft-ietf-l2vpn-pbb-evpn-09

"Adrian Farrel" <> Sat, 17 January 2015 17:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E29E01ACE7B; Sat, 17 Jan 2015 09:00:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -100
X-Spam-Status: No, score=-100 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ri0G0Bxs5oq4; Sat, 17 Jan 2015 09:00:38 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DB1C31ACE71; Sat, 17 Jan 2015 09:00:37 -0800 (PST)
Received: from (localhost.localdomain []) by (8.13.8/8.13.8) with ESMTP id t0HH0Zi3006957; Sat, 17 Jan 2015 17:00:35 GMT
Received: from 950129200 ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id t0HH0X4r006937 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Sat, 17 Jan 2015 17:00:33 GMT
From: "Adrian Farrel" <>
To: "'Catherine Meadows'" <>, <>, <>, <>
Date: Sat, 17 Jan 2015 17:00:33 -0000
Message-ID: <06af01d03277$1c3421e0$549c65a0$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_06B0_01D03277.1C4ADE30"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdAydxp23s1ZdmfGSdynkv0Qges2oQ==
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-
X-TM-AS-Result: No--16.420-10.0-31-10
X-imss-scan-details: No--16.420-10.0-31-10
X-TMASE-MatchedRID: yebcs53SkkCnykMun0J1wpVRzPxemJL0R0SX1OwlZFo4YKAM3oRt9mn7 AlTb8W2xmbgtFJbseiaV2J8ChOmkcy3WqVyn1cYBGAZMT5SLmAm4fXb7uySbzLy37eagx/pvrJD z6eZqMHYMlKaC3KZu2GOGs1uLOfcTF9xhZeaQOFUdxBAG5/hkW8MdI0UcXEHz67U1wiTxyXlDrM KVfV1MUnWE2glTdWtcxckmBxoBooptNLAj8DYO8GOho7buv7d94B7aueLmU0AJW4Re2U2py7E+h khRyJ1VOQkvNhjaeOVrGYgnc86ReRP2tmfV1UdzsFkCLeeufNsNgFUqZt55A5pQzIv0XTM8oKjh CxtQoO822uoEm245fkFWCvm86w840sXpjQvtH9B3vIzA7XyIiCEF1RdqrHVdtdx2lXHjF1Ii/B2 gujrEHzB6EdCmNDGVVbEDP0uzojXyTBeqcpWTVlRe8joruKtpIFb2VdwQdkDROhK+RFWo5lthOg NFYwZakNCK/RB7QjECSHHGjA3FAhfyTevQtfkQkdcpJKX5Jwr8BlbXy+O/WnKuL8SC59l3YCowK SvpI+95QzetarMsxEgF6uuiHQ769Z8q6rO+Ih6Ycl4BgqVyk3cF/0kiqyh4DxjBugJBzzyS21KK zy8r6aJ3RIkxSexf0xDOrcQ7AZwh3ud9DyO68BIMDPFEv6Uxf6/Md8Lb2l8no0smd1GLZADH+SZ FBrRqJIPFmqDDlsqSU848M/hs6Ei8wUMZL0vvi+m1DDPm2yL/fHyH+MCF5RUZTfM00s4+akcq2R AHKcoguuCAVXi57q5R9aoXimHApwl9Ih7YezSeAiCmPx4NwGmRqNBHmBvevqq8s2MNhPB9j2Gwz TE3vXkguuQorcgMphuwoOnPhKbFW9RPK59Z/uIWOFdm04oIBtgm2FaYSOR+3BndfXUhXQ==
Archived-At: <>
Subject: Re: [secdir] secdir review of draft-ietf-l2vpn-pbb-evpn-09
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 17 Jan 2015 17:00:43 -0000

Thanks Cathy,
[Note tweak to subject line to capture draft name]
From: iesg [] On Behalf Of Catherine Meadows
Sent: 16 January 2015 22:32
Cc: Catherine Meadows
Subject: secdir review of draft-ietf-12vpn-pbb-evpn-09
I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.
This draft describes a method for integrating Ethernet Provider Backbone Bridge
(PBB) with Ethernet VPN (EVPN) to
improve the delivery of MAC addresses, in particular with respect to
I don't see any security concerns with this draft, but I do have some comments
on the Security Considerations section.
It is very short, and all it says that the security considerations in the EVPN
draft apply directly to this draft. I assume that
it is also the case that this draft introduces no new security considerations.
If so, you should say so, and you should
also say why.  Also, I was wondering if the mechanisms introduced in this draft,
by introducing a greater degree of organization
in the delivery of MAC addresses, makes it easier to detect duplicated MACs,
which were mentioned as a security risk in the
Security Considerations of the EVPN draft.  If this is the case, it would be a
good thing to mention here.
I'd consider the draft somewhere between ready with nits and ready with issues.
I don't see any real security issues
here, just a Security Considerations section that needs to be expanded a little,
but this seems to be a little more than what the
secdir guidelines would call a nit.
Cathy Meadows
Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942