Re: [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR Review

Xuxiaohu <xuxiaohu@huawei.com> Wed, 25 November 2015 03:55 UTC

Return-Path: <xuxiaohu@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D052D1ACEB8; Tue, 24 Nov 2015 19:55:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.786
X-Spam-Level:
X-Spam-Status: No, score=-4.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjr4nZK527ig; Tue, 24 Nov 2015 19:54:58 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5FED1ACEDA; Tue, 24 Nov 2015 19:54:57 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml401-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CEO42412; Wed, 25 Nov 2015 03:54:55 +0000 (GMT)
Received: from NKGEML402-HUB.china.huawei.com (10.98.56.33) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 25 Nov 2015 03:54:55 +0000
Received: from NKGEML512-MBS.china.huawei.com ([169.254.8.64]) by nkgeml402-hub.china.huawei.com ([10.98.56.33]) with mapi id 14.03.0235.001; Wed, 25 Nov 2015 11:54:47 +0800
From: Xuxiaohu <xuxiaohu@huawei.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Thread-Topic: draft-ietf-bess-virtual-subnet-05 SECDIR Review
Thread-Index: AQHRJubJoyl7jdPptUCMuxAuG7Ys3Z6r+HIQ//+YYICAAIs8EA==
Date: Wed, 25 Nov 2015 03:54:46 +0000
Message-ID: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0CB52284@NKGEML512-MBS.china.huawei.com>
References: <CAF4+nEHEQoLZY0f9B50xTRLM=_CvWfZO8Bh2uVyWGJp3XDkoJw@mail.gmail.com> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0CB52228@NKGEML512-MBS.china.huawei.com> <CAF4+nEHa91AoCV=LOZvXYL2A2moNzV3PX6jFqojw1wjGQv6PAQ@mail.gmail.com>
In-Reply-To: <CAF4+nEHa91AoCV=LOZvXYL2A2moNzV3PX6jFqojw1wjGQv6PAQ@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.99.55]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.56553110.0053, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.8.64, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 95af64cb769781a9c820b80ca14e4cd2
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/wn4vL9jtefbiYnqt5SEXtzJuzZk>
Cc: "draft-ietf-bess-virtual-subnet.all@ietf.org" <draft-ietf-bess-virtual-subnet.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR Review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 03:55:01 -0000

Hi Donald,

Thanks for your quick confirmation.

Best regards,
Xiaohu

> -----Original Message-----
> From: Donald Eastlake [mailto:d3e3e3@gmail.com]
> Sent: Wednesday, November 25, 2015 11:36 AM
> To: Xuxiaohu
> Cc: draft-ietf-bess-virtual-subnet.all@ietf.org; iesg@ietf.org; secdir@ietf.org
> Subject: Re: draft-ietf-bess-virtual-subnet-05 SECDIR Review
> 
> Hi Xiaohu,
> 
> On Tue, Nov 24, 2015 at 9:03 PM, Xuxiaohu <xuxiaohu@huawei.com> wrote:
> > Hi Donald,
> >
> > Thanks a lot for your review. Please see my response inline.
> >
> >> -----Original Message-----
> >> From: Donald Eastlake [mailto:d3e3e3@gmail.com]
> >> Sent: Wednesday, November 25, 2015 2:34 AM
> >> To: draft-ietf-bess-virtual-subnet.all@ietf.org; iesg@ietf.org
> >> Cc: secdir@ietf.org
> >> Subject: draft-ietf-bess-virtual-subnet-05 SECDIR Review
> >>
> >>...
> >>
> >> Security:
> >>
> >> The Security Considerations section in its entirety is as follows:
> >>
> >>    This document doesn't introduce additional security risk to BGP/MPLS
> >>    IP VPN, nor does it provide any additional security feature for BGP/
> >>    MPLS IP VPN.
> >>
> >> While I don't think the Security Considerations section of this
> >> Informational document needs to be particularly large or heavy, I
> >> believe there is more to be said. Perhaps points such as the security
> >> of the L2 or IP addresses used by the hosts/servers in the data
> >> centers or the PE devices seeming like ideal concentration points to
> >> observe traffic metadata and content so systems along the lines of those
> described here should take that into account.
> >
> > How about adding the following text to the security consideration section?
> >
> > "Since the BGP/MPLS IP VPN signaling is reused without any change, those
> security considerations as described in [RFC4364] are applicable to this
> document. Meanwhile, since security issues associated with the NDP are
> inherited due to the use of NDP proxy, those security considerations and
> recommendations as described in [RFC6583] are applicable to this document as
> well."
> 
> Adding that would be a good. I have read the security considerations referred to
> above and they cover most of my concerns. So I would be satisfied if you added
> that text.
> 
> Thanks for offering to fix all the things below.
> 
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA  d3e3e3@gmail.com
> 
> >> Other:
> >>
> >> While I understand that many disagree with me, I believe that, except
> >> in special circumstances, front page authors should list a postal
> >> address and/or telephone number in the Authors Addresses section as
> >> well as an email address. In my opinion, the Authors Addresses
> >> section of this draft is an example of schlock corner cutting.
> >
> > OK, I will fix it.
> >
> >> Trivia:
> >>
> >> Section 1, page 3, item b: "challenge on the forwarding" ->
> >> "challenge to the forwarding".
> >>     item c: "growing by multiples" -> "multiplying"
> >
> > Will fix it.
> >
> >> Section 1, page 4: "infrastructures and their corresponding
> >> experiences" -> "infrastructure and experience".
> >
> > Will fix it
> >
> >> Section 3.4: "Acting as an ARP or ND proxies, a PE routers" ->
> >> "Acting as an ARP or ND proxy, a PE router"
> >
> > Will fix it.
> >
> >> I'm not sure what the occurrences of "Infrastructure-as-a-Service
> >> (IaaS)" and "IaaS" add other than buzzword compliance think the draft
> >> would be improved by deleting them.
> >
> > Will delete them. Thanks a lot again for your review.
> >
> > Best regards,
> > Xiaohu
> >
> >> Thanks,
> >> Donald
> >> =============================
> >>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
> >>  155 Beaver Street, Milford, MA 01757 USA  d3e3e3@gmail.com