Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07

"Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com> Thu, 08 February 2018 19:15 UTC

Return-Path: <jorge.rabadan@nokia.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D9F127337 for <secdir@ietfa.amsl.com>; Thu, 8 Feb 2018 11:15:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9XKskeszSFFi for <secdir@ietfa.amsl.com>; Thu, 8 Feb 2018 11:15:52 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0701.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::701]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60A9D126E3A for <secdir@ietf.org>; Thu, 8 Feb 2018 11:15:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=P8Z+cwqQirELvLkmyEOzuTtuhedNTkWNw1eBbuwX1ik=; b=L3ZP1DDIOL1i5gDUMcRbbOw0xkHe1rF8AmwlARwELF4D4b0C1bNPR9+YG+vKqKCeC8wyBcqHx/1gs74v9cI4zo7Hq/3Vj1TxmuOtDyaI8ZuQJtp+qIL9m88DJ4Ei3QNTXo5oUAqisiJS4boGGOyO9vE7srd+w6ujVGAiIbP2t+k=
Received: from AM4PR07MB3409.eurprd07.prod.outlook.com (10.171.189.158) by AM4PR07MB3379.eurprd07.prod.outlook.com (10.171.189.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.7; Thu, 8 Feb 2018 19:15:47 +0000
Received: from AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085]) by AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085%2]) with mapi id 15.20.0506.007; Thu, 8 Feb 2018 19:15:46 +0000
From: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
To: Stephen Kent <stkent@verizon.net>, Alvaro Retana <aretana.ietf@gmail.com>, "Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com>, "sajassi@cisco.com" <sajassi@cisco.com>, "uttaro@att.com" <uttaro@att.com>, "stephane.litkowski@orange.com" <stephane.litkowski@orange.com>, "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" <martin.vigoureux@nokia.com>, "secdir@ietf.org" <secdir@ietf.org>, "Palislamovic, Senad (Nokia - US)" <senad.palislamovic@nokia.com>
Thread-Topic: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07
Thread-Index: AQHTnFHz0wf12N+xhkuJ9V8mooRWQaORnxaAgAAMgwCACPeYgP//93+AgABf34A=
Date: Thu, 8 Feb 2018 19:15:46 +0000
Message-ID: <AA54F427-E09D-4E49-BE03-051EDAF5EEC7@nokia.com>
References: <e507416e-202b-defb-b8e9-cd3cb75c877a@verizon.net> <CAMMESsyfe=NL-HwMES5yCUgDhSzkdrN6cpycV3WjNKEJscPo3w@mail.gmail.com> <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> <e9be0bd4-4c82-75ec-ec3c-7b8677c93fd8@verizon.net>
In-Reply-To: <e9be0bd4-4c82-75ec-ec3c-7b8677c93fd8@verizon.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.a.0.180204
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorge.rabadan@nokia.com;
x-originating-ip: [135.245.20.28]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR07MB3379; 7:JGsXj72bLZJQDiNlLYTKJw5LjlbbLkwkNhxN7uxgLUxsrbArRNm9Q+nxpKTrZlMKk1YOI7Yd0odbZTA2ln3AJyfwE1ig3QpngWeJTGoz8Vcb1aFDxXfgAHWzKpX7hWWKpck5p9zLBMMJ3FY694URRQxt538ZpowU+d5PN4XqxZemd68JQYXx11KdWYSMPVJqj8wfxTMDgzucfAi5WR3vvFd1sq45pCtnl/j3Z8AZ1Gaxg8Cgp/b67nqZ0f9khdU0
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(366004)(346002)(376002)(396003)(189003)(199004)(6512007)(186003)(6486002)(81156014)(83506002)(2950100002)(25786009)(14454004)(82746002)(5250100002)(5660300001)(2501003)(316002)(39060400002)(229853002)(6246003)(6306002)(53936002)(6436002)(54896002)(97736004)(6636002)(2906002)(68736007)(36756003)(106356001)(478600001)(66066001)(2900100001)(7736002)(105586002)(93886005)(3280700002)(3660700001)(102836004)(8936002)(59450400001)(81166006)(26005)(8676002)(3846002)(86362001)(6116002)(9326002)(99286004)(110136005)(6506007)(2201001)(33656002)(83716003)(58126008)(53546011)(76176011)(8656006)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB3379; H:AM4PR07MB3409.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 4915c9be-9de7-4937-ccb1-08d56f285b8d
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:AM4PR07MB3379;
x-ms-traffictypediagnostic: AM4PR07MB3379:
x-microsoft-antispam-prvs: <AM4PR07MB3379A7DA894FDDD56CE6010EF7F30@AM4PR07MB3379.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(82608151540597)(85827821059158)(97927398514766)(88262167912993)(95692535739014)(18271650672692)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231101)(11241501184)(806099)(2400082)(944501161)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:AM4PR07MB3379; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3379;
x-forefront-prvs: 0577AD41D6
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: CGZn0rkmLxqCBCv5QTpIa4dzLWc2/NXvagqEVw38yawZVGc9uJ7jmz9a+mooKK3pqmiR0+MZZ0V3VWMjeQfpYr8Rs4uC0+4azrigojQYNcX6gOSAnUDydGNd7Pg9hNBy
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AA54F427E09D4E49BE03051EDAF5EEC7nokiacom_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4915c9be-9de7-4937-ccb1-08d56f285b8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2018 19:15:46.7406 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3379
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/LTUHpyYGKffVXW8A1U6eD-dtG0g>
Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2018 19:15:55 -0000

Hi Steve,

Please see in-line.
Thank you!
Jorge

From: Stephen Kent <stkent@verizon.net>;
Date: Thursday, February 8, 2018 at 3:32 PM
To: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>;, Alvaro Retana <aretana.ietf@gmail.com>;, "Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com>;, "sajassi@cisco.com"; <sajassi@cisco.com>;, "uttaro@att.com"; <uttaro@att.com>;, "stephane.litkowski@orange.com"; <stephane.litkowski@orange.com>;, "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" <martin.vigoureux@nokia.com>;, "secdir@ietf.org"; <secdir@ietf.org>;, "Palislamovic, Senad (Nokia - US)" <senad.palislamovic@nokia.com>;
Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07


Jorge,
Kent,
Steve is my first name.
[JORGE] Sorry about that! I should have paid more attention.



Thank you very much for your comments.
I have fixed the grammar errors, added PE to the terminology section
great

and added this to the security section:

“The procedures described in this document are a subset of the procedures in [RFC7432] and thus no new security concerns arise.”

fine.

How about adding a couple of sentences after that, noting why the SIDR BGP origin authentication and route security RFCs are not relevant, e.g.,

"The standards produced by the SIDR WG, which address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11) do not apply here. This is because EVPNs  rely on BGP to convey information about Ethernet address space, not IPv4/v6 address space."
[JORGE] hmm... how about this instead:
“The standards produced by the SIDR WG, which address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11) do not apply to the EVPN family, hence they are not relevant to [RFC7432] or this document.”

The reason is because EVPN conveys Ethernet address space but also some other information.


Steve