Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07

Stephen Kent <stkent@verizon.net> Thu, 08 February 2018 14:32 UTC

Return-Path: <stkent@verizon.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0283E126E64 for <secdir@ietfa.amsl.com>; Thu, 8 Feb 2018 06:32:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TDZem4uZhZt for <secdir@ietfa.amsl.com>; Thu, 8 Feb 2018 06:32:44 -0800 (PST)
Received: from omr-m001e.mx.aol.com (omr-m001e.mx.aol.com [204.29.186.1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A8D61201F2 for <secdir@ietf.org>; Thu, 8 Feb 2018 06:32:44 -0800 (PST)
Received: from mtaout-mba02.mx.aol.com (mtaout-mba02.mx.aol.com [172.26.133.110]) by omr-m001e.mx.aol.com (Outbound Mail Relay) with ESMTP id A32133800089; Thu, 8 Feb 2018 09:32:43 -0500 (EST)
Received: from Steves-MacBook-Pro.local (0x5374657665732d4d6163426f6f6b2d50726f2e6c6f63616c [202.56.236.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mtaout-mba02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 9134F3800008A; Thu, 8 Feb 2018 09:32:40 -0500 (EST)
To: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>, Alvaro Retana <aretana.ietf@gmail.com>, "Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com>, "sajassi@cisco.com" <sajassi@cisco.com>, "uttaro@att.com" <uttaro@att.com>, "stephane.litkowski@orange.com" <stephane.litkowski@orange.com>, "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" <martin.vigoureux@nokia.com>, "secdir@ietf.org" <secdir@ietf.org>, "Palislamovic, Senad (Nokia - US)" <senad.palislamovic@nokia.com>
References: <e507416e-202b-defb-b8e9-cd3cb75c877a@verizon.net> <CAMMESsyfe=NL-HwMES5yCUgDhSzkdrN6cpycV3WjNKEJscPo3w@mail.gmail.com> <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <e9be0bd4-4c82-75ec-ec3c-7b8677c93fd8@verizon.net>
Date: Thu, 8 Feb 2018 09:32:37 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com>
Content-Type: multipart/alternative; boundary="------------3620A12250AB41C0E1A523FA"
x-aol-global-disposition: G
x-aol-sid: 3039ac1a856e5a7c5f883bad
X-AOL-IP: 202.56.236.238
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/lYogU32ShDOoP8Dlyzh4T_aOxfY>
Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2018 14:32:46 -0000

Jorge,

> Kent,
>
Steve is my first name.
>
> Thank you very much for your comments.
>
> I have fixed the grammar errors, added PE to the terminology section
>
great
>
> and added this to the security section:
>
> “The procedures described in this document are a subset of the 
> procedures in [RFC7432] and thus no new security concerns arise.”
>
fine.

How about adding a couple of sentences after that, noting why the SIDR 
BGP origin authentication and route security RFCs are not relevant, e.g.,

"The standards produced by the SIDR WG, which address secure route 
origin authentication (e.g., RFCs 6480-93) and route advertisement 
security (e.g., RFCs 8205-11) do not apply here. This is because EVPNs  
rely on BGP to convey information about Ethernet address space, not 
IPv4/v6 address space."

Steve
>