IETF Logo Mail Archive

Re: [secdir] Review of draft-ietf-sfc-architecture-08

"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 26 May 2015 03:15 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 091B01AD353; Mon, 25 May 2015 20:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kfh9e9b8R2J1; Mon, 25 May 2015 20:15:26 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE0961AD352; Mon, 25 May 2015 20:15:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id BC8E22464B7; Mon, 25 May 2015 20:15:26 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (75-146-28-117-Richmond.hfc.comcastbusiness.net [75.146.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id DF258240E3A; Mon, 25 May 2015 20:15:25 -0700 (PDT)
Message-ID: <5563E54C.60800@joelhalpern.com>
Date: Mon, 25 May 2015 23:15:24 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Benjamin Kaduk <kaduk@MIT.EDU>, "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
References: <20150524211041.52cde768@latte.josefsson.org> <02FCDA94-FCC3-4875-AFBE-D07CC792B0C9@cisco.com> <alpine.GSO.1.10.1505252257290.22210@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1505252257290.22210@multics.mit.edu>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/8H_GxeXALEgh5x-_FDufeElyCMc>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sfc-architecture.all@tools.ietf.org" <draft-ietf-sfc-architecture.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] Review of draft-ietf-sfc-architecture-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 03:15:28 -0000

I have no problem if someone wants to add link protection because they 
use someone elses resources as part of their domain.
But that is not SFC's problem, and not something, as far as I can tell, 
for the SFC architecture to address.

We have already had to make clear multiple times to folks that we do not 
expect to require the kind of encryption that you are agreeing we don't 
need to require.  Given that, I am very concerned that we not add words 
which will lead readers to think we are making such a requirement.

Yours,
Joel

On 5/25/15 11:01 PM, Benjamin Kaduk wrote:
> On Sun, 24 May 2015, Carlos Pignataro (cpignata) wrote:
>
>> It is true that this new architecture introduces a model in which there
>> is a more dynamic service application, decoupling it from network
>> topology path; however, there is no administrative domain changes or
>> admin fragmentation. In other words, taking it very concrete, there is
>> no change in expectations regarding for example encryption. The service
>> is potentially applied in another part of the network and a chain can be
>> created dynamically, but all within the same admin domain as before.
>
> As I attemted to say in my secdir review of the sfc-problem-statement
> document
> (http://www.ietf.org/mail-archive/web/secdir/current/msg05351.html), it is
> not clear that being within the same administrative domain excuses one
> from considering whether encryption is necessary.  I seem to recall that,
> e.g., Google is encrypting all inter-datacenter traffic (I don't remember
> about intra-datacenter traffic, though).
>
> I do not think it is realistic to think that one can protect a network at
> the boundary -- there are always ways for sufficiently advanced attackers
> to get in, and some form of defense in depth is needed.  Now, I grant that
> encryption may not always be needed, and it is not the place of SFC to
> insist that encryption always be used, but please do not claim that being
> in a single administrative domain excuses the operator from considering
> whether encryption is necessary.
>
> -Ben Kaduk
>

v2.23.0 | Report a Bug | By Email