[secdir] draft-ietf-nvo3-use-case-15 SECDIR review

Donald Eastlake <d3e3e3@gmail.com> Tue, 03 January 2017 16:15 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3D0AA129665; Tue, 3 Jan 2017 08:15:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.439
X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Gsb8Q8OK9tpq; Tue, 3 Jan 2017 08:15:09 -0800 (PST)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56B0A129579; Tue, 3 Jan 2017 08:15:06 -0800 (PST)
Received: by mail-it0-x233.google.com with SMTP id x2so300549353itf.1; Tue, 03 Jan 2017 08:15:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=PJ/VSR++GG0RD54Q8cJFvFc2kIu3klpriF2+B9Ttezg=; b=Ka/hnzjM3r1BO/rfHdMxIcjYssyn8VHRJseMdk8Dh5p36lVb8j3Q7K+J8qoCLvsvv7 sgrZnwncln9DvvfyALNW2I3XkuSqVBukYpk0L5Qenbq/V9T9ogoiaTk+Hjr3dSOnTMq/ IshFLiO77e4XtyxKQEf2xc1TaVSsZjrrbHHzKSyCmZBYa+pcfblL55XsnYjgGtq+4KEx LmGEl2xdYR6pBxPMOM2gOxSNvIylCXvRo0pLSdIFVuXNB4Df9EC/VOMJjjX/mTz3ejUN Av4Yi7bEBDw6LEsjq4/rRXC56NI9/w4orQh3MOEx2NP4MOVgBbiNmh/FLWw9li0BIOM7 N93g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=PJ/VSR++GG0RD54Q8cJFvFc2kIu3klpriF2+B9Ttezg=; b=o1RUdgWF3D0Acmngs6WiruDbYdmv2Je9r0Jz+aA7/5nD0KZ2wbypee4hr3MKuKxok7 d/ATW13re90aF6iuyMY7/JfxcVq6ZtykgrbwD/1ZI+MzWdUZb+XLGjM7NwG2YXt+zw1u UHKvAvSR4nSsdmj5UlzKtqsjmKHu5/C4IJIxHPzA4CVOxJhBk5wrD1peVvPC0ySHd3dv pHNA955hdok0b7T5ZDoTctb/qkOitSyS8R94UlhRfyaM7W5qQwOKVGOOfMsSHV6swRdL NWTW5zGJ00Nt0FFJbKxSVL5RuW7UuliKguOa18yMxV1xdaVIyrXvCRdJjMbwQ1OXdEUk GShw==
X-Gm-Message-State: AIkVDXL498UtCGo2noFe3oJCxnNm9Rxg92vnnx3xBARjGiI6oCEWG+auKeoxCCGR+5xgbIUF3JrUf1kr1c0Fcw==
X-Received: by with SMTP id e145mr46918105ita.14.1483460105406; Tue, 03 Jan 2017 08:15:05 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Tue, 3 Jan 2017 08:14:49 -0800 (PST)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 03 Jan 2017 11:14:49 -0500
Message-ID: <CAF4+nEGUcm7h6VUUa-Bsx3c8XnXZvu5Tf5-Oeu5ELsCn6sogYw@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-nvo3-use-case.all@ietf.org
Content-Type: multipart/mixed; boundary="001a114794ee9f327e054532f891"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/wJfjCWSe4a92p0cC9cijIlQz8UQ>
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] draft-ietf-nvo3-use-case-15 SECDIR review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2017 16:15:11 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. Document
editors and WG chairs should treat these comments just like any other last
call comments.

This draft described use cases for network virtualization overlay networks
focusing on Data Center use. I think this document is Ready with issues.


As an Informational use case document, security is not a major focus of
this draft. Nevertheless:

The existing Security Considerations section says that Data Center
operators need to provide tenants with a virtual network that is "isolated
from other tenants' traffic as well as from underlay networks". But I don't
think tenants can, in general, be protected from the underlay network. I
would say that tenants are vulnerable to observation and data
modification/injection by the operator of the underlay and should only use
operators they trust.

The existing Security Considerations section says that tenants need to be
isolated from each other but I believe there will always be covert
channels, based on resource contention and the like, by which tenants can
communicate with each other and the best that can be done is to limit the
bandwidth of such communications.


"BUM" and "ASBR" used without definition or expansion.

Wording: I think the wording is off in some places for a reader for whom
English is their native language. See attached for suggestions. I probably
haven't caught all the wording glitches.

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA