[secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 26 April 2016 12:48 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AD4B12D1B7; Tue, 26 Apr 2016 05:48:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rhjo2-kYNwPf; Tue, 26 Apr 2016 05:48:12 -0700 (PDT)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093B212D1B6; Tue, 26 Apr 2016 05:48:12 -0700 (PDT)
Received: by mail-lf0-x22d.google.com with SMTP id c126so16507881lfb.2; Tue, 26 Apr 2016 05:48:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to; bh=4j7Fqb5x9Sz91jifcn4FfbxosR8OfyAwrndrpW/n9sI=; b=SiVCANasSg4JKkQhVf5EAxc7reHXEaj+8VXjcM12UzHUrR37kB4jX1Z9p0nUEQ3pmp 4RM2H5ecyGBe7s2e/PStBuQoEGZLPS22Ddna4XwlmpjFlYTlE0kqmVaug5hNeHoZTve+ Ogc/kgiW35YpKyghxjhWCoYysUbtULcxLNwP1GjULq9iBdxV1aCIsEPL0wzAUu1jnuYt 1n/yTeWmxuwqdusdqEuEo1eza3nhaiCJ11PPnOf+ZElaUWbT0lx0c+eAGt0gaWgsmJAt u2GzhJJ+yVFgRiQ61yej094U8wmeD7RfBNZKsoZz1eiPH7W7qD+BMwxEtLUf96Pf5Lc0 dimQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to; bh=4j7Fqb5x9Sz91jifcn4FfbxosR8OfyAwrndrpW/n9sI=; b=j7RDBaBClsP+KcwiEVYmqk5xjzkbjVtlP61IaikF/7pKAWMVq6cgriyQPoTAJ9/+rc fwVcekeFiAel2hNz0u/9wjIC8LANKdyFcwvGe7yOyuPBLifbYZpG3jL/LXMLMUPWsaFg Fm9mIw6r9SDqdKIdhaTUwq9wN/xCmNsscEwvOJEpATU/evl02p+ee/9J6YDgpWSp/gcb 6uocAXTBFq9SWXZF+Z0Z1JMOJpL35t+YwF3P4Jdq0u/sdkPvqjyxiPu8ch0i7yIM22O0 zisnA/J5b1ePnKHKOUlCNKj/kc+EAvo3jLRP5YLbQfct1rRxU/2yk/hGIV1UPfokbkFS NP4g==
X-Gm-Message-State: AOPr4FWMme+w5NvG9y0yceUSf5IuhBk8ikIOKsrXC034CRvrljCWAgF37OcsgOu66Wim5MqHkArJ3sqUOTD/mw==
MIME-Version: 1.0
X-Received: by 10.112.135.4 with SMTP id po4mr1245075lbb.112.1461674890025; Tue, 26 Apr 2016 05:48:10 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.3.102 with HTTP; Tue, 26 Apr 2016 05:48:09 -0700 (PDT)
Date: Tue, 26 Apr 2016 08:48:09 -0400
X-Google-Sender-Auth: kYSLYmBHM62py0cRpcUwahmVtIA
Message-ID: <CAMm+Lwho5C8JzQ92Nk4mQjjhwKG0gvus=xH5G0e6s9smEg=DNg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-pals-seamless-vccv.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Pq1B1ZVnVGznwkhjBjGIwOJmdsQ>
Subject: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 12:48:13 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is an incremental change to a layer 2 virtualization layer (Software Defined Networking). As such it properly references RFC5085 for security considerations. That said, I am a bit surprised at the security considerations in RFC5085 which points out that denial of service is an issue but not the introduction of a new set of opportunities for interception. This is surprising given that BGP interception had already been used in international hostilities when the RFC was published. Further the proposed solution is to sprinkle on some magic IPSEC dust or equivalent. While that might be an appropriate approach in an experimental protocol, it is hardly adequate for a production protocol with implications for Internet security as a whole. Given the critical function of this layer and the date of its inception, I would expect to see a comprehensive security architecture developed as part of the overall scheme.
- [secdir] SECDIR review of draft-ietf-pals-seamles… Phillip Hallam-Baker
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Andrew G. Malis
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Carlos Pignataro (cpignata)
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Phillip Hallam-Baker
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Phillip Hallam-Baker
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Carlos Pignataro (cpignata)
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Carlos Pignataro (cpignata)
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Stewart Bryant
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Stewart Bryant
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Stewart Bryant
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Phillip Hallam-Baker
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Carlos Pignataro (cpignata)
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Stewart Bryant
- Re: [secdir] SECDIR review of draft-ietf-pals-sea… Stephen Farrell