Re: [secdir] secdir review of draft-ietf-l2vpn-pbb-evpn-09 (resend)
"Adrian Farrel" <adrian@olddog.co.uk> Wed, 21 January 2015 10:38 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD8021A19F4; Wed, 21 Jan 2015 02:38:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.899
X-Spam-Level:
X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TvRKvlonQ2Bj; Wed, 21 Jan 2015 02:38:49 -0800 (PST)
Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A5471A0673; Wed, 21 Jan 2015 02:38:48 -0800 (PST)
Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id t0LAckwS002438; Wed, 21 Jan 2015 10:38:46 GMT
Received: from 950129200 (089144193178.atnat0002.highway.a1.net [89.144.193.178]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id t0LAchUJ002377 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 21 Jan 2015 10:38:44 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Catherine Meadows' <catherine.meadows@nrl.navy.mil>, secdir@ietf.org, iesg@ietf.org, draft-ietf-l2vpn-pbb-evpn.all@tools.ietf.org
Date: Wed, 21 Jan 2015 10:38:43 -0000
Message-ID: <000001d03566$6ec169d0$4c443d70$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01D03566.6EC3B3C0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdA1ZWaEfMjyiXELS/mHwgf0UNsWcA==
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1018-21270.000
X-TM-AS-Result: No--16.989-10.0-31-10
X-imss-scan-details: No--16.989-10.0-31-10
X-TMASE-MatchedRID: yebcs53SkkDP9+wiKyUgQJVRzPxemJL0R0SX1OwlZFqdI/DikZ1UPInV 4FKib7SLBmhTsRS1l4JDnqZ83klHV56U7joP1tmOBfKxbfcZgylA8JZETQujwtCmiQVJO8KAPCp MgiMTEhO3ygdyzB5NhWiz3IFUtmP/YqmUd3tOErVjHWM8krL4PHmzXIkkZMA26ouYUIynB9SkwF TCCpbFRzjWB0c64C3n/BT+yHEF9+/i+TeO1Px/S05GBIYERk6jTLQEUv3ZO7hXPwnnY5XL5K1D1 JxlOmwp9YGm7MUvbd02vCyeqlq0kiz21p1lvsf3sU+l9160C1O/PqtexhSykXjwkzrYHfhD5z25 NZlW0T1rJU9eEeMYc9U7hedAu9sCf/9oLiCflNj9KXlxhBAZb4N12XKYbuJLVxt8iPZNr2yALjq nIlNKdNXjKfop/WvT3wqC9Qsu3hf9+rKlRf1WaEtzk37SzX4NlPV6Vaqi4bDxxaAXDrCns4j7J3 jzONjdJa6rGJR4RfowuiDzT/FFiVHi+vC6FxL8BU4uU+5y12ot0t+aIVLt+5KzWy3+GmBuXM4pV Hn2LwM/makG0+v97t639oRBFUkeQ0pFGvYttetYKMMlFh4BnQEv9fM0UWYfFLXUWU5hGiFdqWvm iTG8mv/55Kkc+9/6c91xMYNqHkWwiaGmybzRh+9vqjAuwk2wkBfdTMRAXUalF7MF/8ayEnii5kS OR4tGVCir/P/HlBCexSLBWoM4BFISCbZIzCBZIj0zFI5DoJJeCrB32KOS0DVeBpP/c9O+4Kt4MZ 4uB8KNIndKSIasU9eS5VWUkyw9nHoiWJ/w7MaeAiCmPx4NwGmRqNBHmBvevqq8s2MNhPB9j2Gwz TE3vXkguuQorcgM6+WMDQkryviPN6xro6Ww0LoM55fqYUjzdsZhVXX8QuB+3BndfXUhXQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/2DOrTPPg5NbnQ6p8Z1ZSy92RotU>
Subject: Re: [secdir] secdir review of draft-ietf-l2vpn-pbb-evpn-09 (resend)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 10:38:53 -0000
Again, re-sending with fixed subject line for people who auto-file. From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Catherine Meadows Sent: 20 January 2015 21:49 To: secdir@ietf.org; iesg@ietf.org; draft-ietf-l2vpn-pbb-evpn.all@tools.ietf.org Cc: Catherine Meadows Subject: secdir review of draft-ietf-12vpn-pbb-evpn-09 (resend) I messed up the authors' address when I sent this review last week, so I'm trying again. Cathy I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes a method for integrating Ethernet Provider Backbone Bridge (PBB) with Ethernet VPN (EVPN) to improve the delivery of MAC addresses, in particular with respect to scalability. I don't see any security concerns with this draft, but I do have some comments on the Security Considerations section. It is very short, and all it says that the security considerations in the EVPN draft apply directly to this draft. I assume that it is also the case that this draft introduces no new security considerations. If so, you should say so, and you should also say why. Also, I was wondering if the mechanisms introduced in this draft, by introducing a greater degree of organization in the delivery of MAC addresses, makes it easier to detect duplicated MACs, which were mentioned as a security risk in the Security Considerations of the EVPN draft. If this is the case, it would be a good thing to mention here. I'd consider the draft somewhere between ready with nits and ready with issues. I don't see any real security issues here, just a Security Considerations section that needs to be expanded a little, but this seems to be a little more than what the secdir guidelines would call a nit. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- Re: [secdir] secdir review of draft-ietf-l2vpn-pb… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-l2vpn-pb… Kathleen Moriarty