[secdir] Secdir review of draft-ietf-nvo3-arch-06

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 12 August 2016 15:11 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id ED4CA12D186; Fri, 12 Aug 2016 08:11:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.147
X-Spam-Status: No, score=-3.147 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id OGLyydudKNXC; Fri, 12 Aug 2016 08:11:08 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) by ietfa.amsl.com (Postfix) with ESMTP id 28B5C12B05F; Fri, 12 Aug 2016 08:11:05 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2.nict.go.jp []) by ns2.nict.go.jp with ESMTP id u7CFB4ST081976; Sat, 13 Aug 2016 00:11:04 +0900 (JST)
Received: from DESKTOP2JPR8KD (ssh1.nict.go.jp []) by gw2.nict.go.jp with ESMTP id u7CFB4El081967; Sat, 13 Aug 2016 00:11:04 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: draft-ietf-nvo3-arch.all@ietf.org
Date: Sat, 13 Aug 2016 00:11:04 +0900
Message-ID: <225101d1f4ab$be76d9a0$3b648ce0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_2252_01D1F4F7.2E60F2A0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdH0qsTgaG4vD7ROT6y/ONbw1H4BGg==
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.98.7 at zenith2
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/edw0oHrkkbCwfyV1blPTFkJ9BYM>
Cc: nvo3@ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: [secdir] Secdir review of draft-ietf-nvo3-arch-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2016 15:11:10 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area

Document editors and WG chairs should treat these comments just like any
other last call comments.


[General summary]

This document is ready.


[Topic of this draft]

This informational document describes a high-level overview architecture for
building data center network viatualization overlay (NVO3) networks.

It breaks down the architecture and defines several components needed for
realizing the architecture, such as Network Virtualization Edge (NVE) and
Network Virtualization Authority (NVA).


[Minor Comment]

In Section 16 "Security Considerations", you could consider addressing the
policy enforcement issue you've discussed in Section 5.4.

The sentence starting with "Leakage of sensitive information" could be, for
instance, changed from "...by using encryption" to "...by using encryption
and ensuring policy enforcement".


[Editorial Comment]

In Page 9, there is a sentence "NVAs provide a service, and NVEs access that
service via an NVE-to-NVA protocol as discussed in Section 4.3."

This current sentence is fine, but referring Section 8 "NVE-to-NVA Protocol"
(instead of Section 4.3 "NVE State") could be better.


In Section 2, definition of "VLAN": "are used in this document denote a
C-VLAN", could be "are used in this document to denote a C-VLAN".


I enjoyed reading the draft.


Thank you.