Re: [secdir] secdir review of draft-ietf-l2vpn-pbb-evpn-09
"Adrian Farrel" <adrian@olddog.co.uk> Sun, 18 January 2015 18:18 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 082771ACDC6; Sun, 18 Jan 2015 10:18:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.899
X-Spam-Level:
X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWenuVoH4VJX; Sun, 18 Jan 2015 10:18:20 -0800 (PST)
Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C8901ACD73; Sun, 18 Jan 2015 10:18:19 -0800 (PST)
Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id t0IIIH1T001709; Sun, 18 Jan 2015 18:18:17 GMT
Received: from 950129200 (91-115-32-217.adsl.highway.telekom.at [91.115.32.217]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id t0IIIF61001700 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Sun, 18 Jan 2015 18:18:16 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Catherine Meadows' <catherine.meadows@nrl.navy.mil>, secdir@ietf.org, iesg@ietf.org, draft-ietf-l2vpn-pbb-evpn.all@tools.ietf.org
References:
In-Reply-To:
Date: Sun, 18 Jan 2015 18:18:15 -0000
Message-ID: <00cd01d0334b$21531080$63f93180$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00CE_01D0334B.21553360"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdAydxp23s1ZdmfGSdynkv0Qges2oQA03Vfw
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1018-21262.001
X-TM-AS-Result: No--14.513-10.0-31-10
X-imss-scan-details: No--14.513-10.0-31-10
X-TMASE-MatchedRID: yebcs53SkkCzdvUwRugvBa8+ihL49RByGbJMFqqIm9yo+b+yOP0oGFiN xVLlNmEJ5Lrq5GvXDdumB9SRxa/C5/DZOKmFLlvI/O70vD0Lt8Bm43Ht6SePHrDpEoP54K7OJ6h vUW0aekQaPfPDdbx4Lyj0q+S3oHr5/SHWB8mv3EGQTsyupo9izSlayzmQ9QV0Z5yuplze9psDU2 Y76gUbDskE8KgAEcqnNzIunSJO7CZzQU+u3L25OfSG/+sPtZVkIcCiCHZJTlfNQVzhfYY5srppS wuYPeB72zNSZa9o4CQktVCwRQiA4xiQc5OixN2zox5cBdU3pAf+paX6bXuNYcXt25YNeIUSM5II ZqvQNz5zmshRjvs1rUmlX2scVfeP7a7m7fE5C+HBtFDYGmaWKrRfRjDbtW6i5DjmdW0+qbGuwVT xTDkELrK2YHb/kidP/PEgL0tqyq50bnu2kHqixLMsPmSZxbpkE7JInT4wddoTjfkO3pb+WD0msI gSyun3H/Z71HJDNaFacyhB9L1arxJ3qw6ad/ljABhihvAhvAJIeNYTP8OmTPk3SjZMcZFkUlBh+ kbitM8/DUc/B6QpkmRGSnUqeCO9OQRl+99vaMkMH4SsGvRsA1qvZZ9/gpIhj2iyfwmt0k9o4tOB Mzo2OOvcLcwP4DFd6uAmoYaXRSDr0sYJGIQqWkHrI6vFzzG7l2F9+KxZd8cL/50zj0KL7BY+750 9sPX7ZLNHiJlyaWEtY3smclWYCYIiDu0n/+6x2MMmxTWvrZv8Xh935PYSDpd9j+WYn72G89EK+x ictMteLYq/LangxG5zP/FSQ4TNuwz3k5k2QyCeAiCmPx4NwGmRqNBHmBvevqq8s2MNhPB9j2Gwz TE3vbyah9aCYUCHVxVyJLA+Rp5XYF+FL+qKPbTNasAJng86tKRxSNDYENnbWGWBiiDqeSoyD/np HYCbm/6zSQZMJ29UD+b1U+lvwxUmBnLsAUB0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/XHc4o3SHeGe_mRgxRSCMTza8qGs>
Subject: Re: [secdir] secdir review of draft-ietf-l2vpn-pbb-evpn-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jan 2015 18:18:25 -0000
Further tweak to tools address to get it delivered! From: Adrian Farrel [mailto:adrian@olddog.co.uk] Sent: 17 January 2015 17:01 To: 'Catherine Meadows'; 'secdir@ietf.org'; 'iesg@ietf.org'; 'draft-ietf-l2vpn-pbb-evpn.all@tools.org' Subject: RE: secdir review of draft-ietf-l2vpn-pbb-evpn-09 Thanks Cathy, [Note tweak to subject line to capture draft name] adrian From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Catherine Meadows Sent: 16 January 2015 22:32 To: secdir@ietf.org; iesg@ietf.org; draft-ietf-l2vpn-pbb-evpn.all@tools.org Cc: Catherine Meadows Subject: secdir review of draft-ietf-12vpn-pbb-evpn-09 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes a method for integrating Ethernet Provider Backbone Bridge (PBB) with Ethernet VPN (EVPN) to improve the delivery of MAC addresses, in particular with respect to scalability. I don't see any security concerns with this draft, but I do have some comments on the Security Considerations section. It is very short, and all it says that the security considerations in the EVPN draft apply directly to this draft. I assume that it is also the case that this draft introduces no new security considerations. If so, you should say so, and you should also say why. Also, I was wondering if the mechanisms introduced in this draft, by introducing a greater degree of organization in the delivery of MAC addresses, makes it easier to detect duplicated MACs, which were mentioned as a security risk in the Security Considerations of the EVPN draft. If this is the case, it would be a good thing to mention here. I'd consider the draft somewhere between ready with nits and ready with issues. I don't see any real security issues here, just a Security Considerations section that needs to be expanded a little, but this seems to be a little more than what the secdir guidelines would call a nit. Cathy Meadows Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- Re: [secdir] secdir review of draft-ietf-l2vpn-pb… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-l2vpn-pb… Adrian Farrel