Re: [secdir] Secdir review (early review) of draft-ietf-nvo3-geneve
"Ganga, Ilango S" <ilango.s.ganga@intel.com> Wed, 31 October 2018 01:12 UTC
Return-Path: <ilango.s.ganga@intel.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17C021292F1; Tue, 30 Oct 2018 18:12:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lBRY-LxMKWGF; Tue, 30 Oct 2018 18:12:37 -0700 (PDT)
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 018CB1277CC; Tue, 30 Oct 2018 18:12:36 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Oct 2018 18:12:36 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.54,446,1534834800"; d="scan'208,217"; a="92530154"
Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by FMSMGA003.fm.intel.com with ESMTP; 30 Oct 2018 18:12:35 -0700
Received: from orsmsx152.amr.corp.intel.com (10.22.226.39) by ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 30 Oct 2018 18:12:35 -0700
Received: from orsmsx116.amr.corp.intel.com ([169.254.7.124]) by ORSMSX152.amr.corp.intel.com ([169.254.8.87]) with mapi id 14.03.0415.000; Tue, 30 Oct 2018 18:12:35 -0700
From: "Ganga, Ilango S" <ilango.s.ganga@intel.com>
To: Magnus Nyström <magnusn@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-nvo3-geneve@ietf.org" <draft-ietf-nvo3-geneve@ietf.org>
Thread-Topic: Secdir review (early review) of draft-ietf-nvo3-geneve
Thread-Index: AQHUa05O1lkJPkWghUmTeaMFlyPdI6U4khKA
Date: Wed, 31 Oct 2018 01:12:34 +0000
Message-ID: <C5A274B25007804B800CB5B289727E3583D0AC78@ORSMSX116.amr.corp.intel.com>
References: <CADajj4Y82CwZSNC0pEYimpx4MGfDTfMD_LCzX5-Vnr1foe3vJA@mail.gmail.com>
In-Reply-To: <CADajj4Y82CwZSNC0pEYimpx4MGfDTfMD_LCzX5-Vnr1foe3vJA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODhiYzg2MDYtZmZmMy00ZGEzLTg2MWUtMThmYTNmNmY3ODI3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibnFpb29wRjlxTVF3NWdtSEhQcEFaSHR2TW9xd3lyNWMxVUJMVUk2amVHRU9NdktORmxkYVpBWUd0bXJHeUNXRSJ9
x-ctpclassification: CTP_NT
x-originating-ip: [10.22.254.140]
Content-Type: multipart/alternative; boundary="_000_C5A274B25007804B800CB5B289727E3583D0AC78ORSMSX116amrcor_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SSOmYnJdFdNGKs4gDTLs79ONicY>
Subject: Re: [secdir] Secdir review (early review) of draft-ietf-nvo3-geneve
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 01:12:41 -0000
Hi Magnus, Thanks for your review and feedback. Please see inline for my responses. Regards, Ilango From: Magnus Nyström [mailto:magnusn@gmail.com] Sent: Tuesday, October 23, 2018 9:01 PM To: secdir@ietf.org; draft-ietf-nvo3-geneve@ietf.org Subject: Secdir review (early review) of draft-ietf-nvo3-geneve I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes "Geneve," a protocol for GEneric NEtwork Virtualization Encapsulation. The document is written in a clear manner and with a thorough Security Considerations section. I have just a few questions/comments: - Section 3.4: The "MUST ignore" for the reserved bits should presumably state "SHALL be ignored for this version of the Geneve protocol." - as I imagine that in a future version, these bits may not be ignored? <Ilango> In theory, a future version may change the behavior of any of the header fields including the reserved bits. The header definition is for this version of the protocol. Please see if the following text would satisfy the intent of your comment. “Reserved field which MUST be zero on transmission and MUST be ignored on receipt.” Or let us know if you still want to have this qualified with “for this version of the protocol” </> - Section 3.5.1: I wonder about the simultaneous requirement that one option must not affect the parsing or interpretation of another option but that the sequencing (order) of options may be significant - they seem to be contradictory since if the sequencing *is* significant, then some option must be impacted by a previous one's value? From a security perspective, I also wonder if there could be security consequences of re-ordering options (and how to tell if someone did re-order - see below)? <Ilango> You raise a good point. The intent of this statement is, parsing and interpretation of options should not be dependent on one another. We are discussing among the authors to see how we can include appropriate clarifying statements to address your point. I will update you shortly. </> - Section 6.2, shouldn't such an Option be defined to reduce the risk of under-specified or subpar specifications of such integrity mechanisms? Or also from an interop perspective? <Ilango> Using a Geneve option for the purpose of data integrity is more of an optimization. Otherwise data integrity could be provided by using existing mechanisms like IPsec (as stated in second paragraph of 6.2). We included the last paragraph to show other possibilities. We could remove this paragraph if it may cause any confusion. We would like to keep the Geneve base specification independent of options specifications, options could be a defined in a future standards action. </> Thanks. -- Magnus
- [secdir] Secdir review (early review) of draft-ie… Magnus Nyström
- Re: [secdir] Secdir review (early review) of draf… Ganga, Ilango S
- Re: [secdir] Secdir review (early review) of draf… Magnus Nyström
- Re: [secdir] Secdir review (early review) of draf… Ganga, Ilango S
- Re: [secdir] Secdir review (early review) of draf… Magnus Nyström
- Re: [secdir] Secdir review (early review) of draf… Ganga, Ilango S
- [secdir] Secdir review of draft-op3ft-leaptofroga… Magnus Nyström
- Re: [secdir] Secdir review of draft-op3ft-leaptof… Benjamin PHISTER
- Re: [secdir] Secdir review (early review) of draf… Ganga, Ilango S