Re: [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR Review
Donald Eastlake <d3e3e3@gmail.com> Wed, 25 November 2015 03:36 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D85FA1ACE8B; Tue, 24 Nov 2015 19:36:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HVtOZAr597Ft; Tue, 24 Nov 2015 19:36:00 -0800 (PST)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17C971ACE89; Tue, 24 Nov 2015 19:36:00 -0800 (PST)
Received: by oies6 with SMTP id s6so22509511oie.1; Tue, 24 Nov 2015 19:35:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=qy0ck2Vc6LhRBAzchao8KFX6yPTM6E3BCEYItnGMi2k=; b=O6QxKDwSYyyJ42GB4UWLw+7wTgtotlVJtR6Q5+ivvqi8ITD+lte7UpL59YmlfhGvF7 IYs7/DuznkzRJtlz1Zn2Seg49dvRSi5c1OwSb/+ZhtJPYLtzcMfTTVpDw9L5h9Jmsn71 MgUWEVhOxhMwBdZnfg+jnZE5kktT6fsVkO64Usb6nAFjWLOH5oyTq/XLdutWrAahGSEF 7GpRJPJY6RQfGr9y5Ug5U/oiJRw8O1VOREpayeFHMEiRmukc6dKZ/kK77IadLudHSU8l zTiYxCSl7WO5Djthpg5IG3Z3VPYiOOFlCLRTtlkB4coz2uHv0fxhBe3psXMZbYN0GoIO vtzw==
X-Received: by 10.202.72.132 with SMTP id v126mr21609710oia.84.1448422559417; Tue, 24 Nov 2015 19:35:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.19.102 with HTTP; Tue, 24 Nov 2015 19:35:45 -0800 (PST)
In-Reply-To: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0CB52228@NKGEML512-MBS.china.huawei.com>
References: <CAF4+nEHEQoLZY0f9B50xTRLM=_CvWfZO8Bh2uVyWGJp3XDkoJw@mail.gmail.com> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0CB52228@NKGEML512-MBS.china.huawei.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 24 Nov 2015 22:35:45 -0500
Message-ID: <CAF4+nEHa91AoCV=LOZvXYL2A2moNzV3PX6jFqojw1wjGQv6PAQ@mail.gmail.com>
To: Xuxiaohu <xuxiaohu@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Zha5VeGRZbbwCt6TERbqjHv3y38>
Cc: "draft-ietf-bess-virtual-subnet.all@ietf.org" <draft-ietf-bess-virtual-subnet.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR Review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 03:36:02 -0000
Hi Xiaohu, On Tue, Nov 24, 2015 at 9:03 PM, Xuxiaohu <xuxiaohu@huawei.com> wrote: > Hi Donald, > > Thanks a lot for your review. Please see my response inline. > >> -----Original Message----- >> From: Donald Eastlake [mailto:d3e3e3@gmail.com] >> Sent: Wednesday, November 25, 2015 2:34 AM >> To: draft-ietf-bess-virtual-subnet.all@ietf.org; iesg@ietf.org >> Cc: secdir@ietf.org >> Subject: draft-ietf-bess-virtual-subnet-05 SECDIR Review >> >>... >> >> Security: >> >> The Security Considerations section in its entirety is as follows: >> >> This document doesn't introduce additional security risk to BGP/MPLS >> IP VPN, nor does it provide any additional security feature for BGP/ >> MPLS IP VPN. >> >> While I don't think the Security Considerations section of this Informational >> document needs to be particularly large or heavy, I believe there is more to be >> said. Perhaps points such as the security of the L2 or IP addresses used by the >> hosts/servers in the data centers or the PE devices seeming like ideal >> concentration points to observe traffic metadata and content so systems along >> the lines of those described here should take that into account. > > How about adding the following text to the security consideration section? > > "Since the BGP/MPLS IP VPN signaling is reused without any change, those security considerations as described in [RFC4364] are applicable to this document. Meanwhile, since security issues associated with the NDP are inherited due to the use of NDP proxy, those security considerations and recommendations as described in [RFC6583] are applicable to this document as well." Adding that would be a good. I have read the security considerations referred to above and they cover most of my concerns. So I would be satisfied if you added that text. Thanks for offering to fix all the things below. Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com >> Other: >> >> While I understand that many disagree with me, I believe that, except in special >> circumstances, front page authors should list a postal address and/or telephone >> number in the Authors Addresses section as well as an email address. In my >> opinion, the Authors Addresses section of this draft is an example of schlock >> corner cutting. > > OK, I will fix it. > >> Trivia: >> >> Section 1, page 3, item b: "challenge on the forwarding" -> "challenge to the >> forwarding". >> item c: "growing by multiples" -> "multiplying" > > Will fix it. > >> Section 1, page 4: "infrastructures and their corresponding experiences" -> >> "infrastructure and experience". > > Will fix it > >> Section 3.4: "Acting as an ARP or ND proxies, a PE routers" -> "Acting as an ARP >> or ND proxy, a PE router" > > Will fix it. > >> I'm not sure what the occurrences of "Infrastructure-as-a-Service (IaaS)" and >> "IaaS" add other than buzzword compliance think the draft would be improved >> by deleting them. > > Will delete them. Thanks a lot again for your review. > > Best regards, > Xiaohu > >> Thanks, >> Donald >> ============================= >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >> 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR… Donald Eastlake
- Re: [secdir] draft-ietf-bess-virtual-subnet-05 SE… Xuxiaohu
- Re: [secdir] draft-ietf-bess-virtual-subnet-05 SE… Donald Eastlake
- Re: [secdir] draft-ietf-bess-virtual-subnet-05 SE… Xuxiaohu