[secdir] Review of draft-ietf-bfd-vxlan-09

"Shawn M. Emery" <semery@uccs.edu> Tue, 10 December 2019 00:51 UTC

Return-Path: <semery@uccs.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 801A412002F; Mon, 9 Dec 2019 16:51:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.489
X-Spam-Level:
X-Spam-Status: No, score=-1.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.4, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xVXms2fiCSlH; Mon, 9 Dec 2019 16:51:48 -0800 (PST)
Received: from exchange.uccs.edu (uccs-ex1.uccs.edu [128.198.1.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF076120020; Mon, 9 Dec 2019 16:51:44 -0800 (PST)
Received: from mail-ed1-f45.google.com (209.85.208.45) by UCCS-EX1.uccs.edu (128.198.1.101) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 9 Dec 2019 17:51:42 -0700
Received: by mail-ed1-f45.google.com with SMTP id r21so3787978edq.0; Mon, 09 Dec 2019 16:51:42 -0800 (PST)
X-Gm-Message-State: APjAAAULFwWxMI+FS7GHEzxhKoKIUN9nS6PQSWPFlGJnF+9h9/l8GgFJ PuqeRWRcjQ9DArdHqdd5AI9RaUNwOXbVqexPSmA=
X-Google-Smtp-Source: APXvYqzffZlOsluialHaQK4iAkNFFZHUqo0B2XACqgAhX5taXfPI1+JGyxL8sO2+Ls3hfXxSqa9kIs+ZZbteHFSikrA=
X-Received: by 2002:a05:6402:1435:: with SMTP id c21mr35958275edx.1.1575939101160; Mon, 09 Dec 2019 16:51:41 -0800 (PST)
MIME-Version: 1.0
From: "Shawn M. Emery" <semery@uccs.edu>
Date: Mon, 9 Dec 2019 17:51:30 -0700
X-Gmail-Original-Message-ID: <CAChzXmaj-fBb5D8EPy7C4nU0mO0+yPGux51-Xxvu22oyUVh4Ag@mail.gmail.com>
Message-ID: <CAChzXmaj-fBb5D8EPy7C4nU0mO0+yPGux51-Xxvu22oyUVh4Ag@mail.gmail.com>
To: <draft-ietf-bfd-vxlan.all@ietf.org>, secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004ffae405994eeacb"
X-Originating-IP: [209.85.208.45]
X-ClientProxiedBy: UCCS-EX3.uccs.edu (128.198.1.103) To UCCS-EX1.uccs.edu (128.198.1.101)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/P7kKBc8i9dUz91RX_Ela0EYe6XY>
X-Mailman-Approved-At: Mon, 09 Dec 2019 17:30:24 -0800
Subject: [secdir] Review of draft-ietf-bfd-vxlan-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 00:51:50 -0000

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This is a review of the changes since my original review of the 07 draft.
Most of my comments have been addressed, thank you.  The remaining
questions were:

1. Relating to privacy:
I believe that this section [security considerations] should also document
the security impact of deploying BFD on VXLANs for monitoring tunnel
traffic.
Which additional information, if any, can now be obtained with BFD usage?

2. Editorial:
Echo BFD is out of scope for the document, but does not describe the
reason for this or why state this at all?

They were discussed in the thread of the review but I don't know why the
draft was not updated with this information.

Shawn.
--