Re: [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR Review
Xuxiaohu <xuxiaohu@huawei.com> Wed, 25 November 2015 03:55 UTC
Return-Path: <xuxiaohu@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D052D1ACEB8; Tue, 24 Nov 2015 19:55:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.786
X-Spam-Level:
X-Spam-Status: No, score=-4.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjr4nZK527ig; Tue, 24 Nov 2015 19:54:58 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5FED1ACEDA; Tue, 24 Nov 2015 19:54:57 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml401-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CEO42412; Wed, 25 Nov 2015 03:54:55 +0000 (GMT)
Received: from NKGEML402-HUB.china.huawei.com (10.98.56.33) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 25 Nov 2015 03:54:55 +0000
Received: from NKGEML512-MBS.china.huawei.com ([169.254.8.64]) by nkgeml402-hub.china.huawei.com ([10.98.56.33]) with mapi id 14.03.0235.001; Wed, 25 Nov 2015 11:54:47 +0800
From: Xuxiaohu <xuxiaohu@huawei.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Thread-Topic: draft-ietf-bess-virtual-subnet-05 SECDIR Review
Thread-Index: AQHRJubJoyl7jdPptUCMuxAuG7Ys3Z6r+HIQ//+YYICAAIs8EA==
Date: Wed, 25 Nov 2015 03:54:46 +0000
Message-ID: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0CB52284@NKGEML512-MBS.china.huawei.com>
References: <CAF4+nEHEQoLZY0f9B50xTRLM=_CvWfZO8Bh2uVyWGJp3XDkoJw@mail.gmail.com> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0CB52228@NKGEML512-MBS.china.huawei.com> <CAF4+nEHa91AoCV=LOZvXYL2A2moNzV3PX6jFqojw1wjGQv6PAQ@mail.gmail.com>
In-Reply-To: <CAF4+nEHa91AoCV=LOZvXYL2A2moNzV3PX6jFqojw1wjGQv6PAQ@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.99.55]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.56553110.0053, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.8.64, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 95af64cb769781a9c820b80ca14e4cd2
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/wn4vL9jtefbiYnqt5SEXtzJuzZk>
Cc: "draft-ietf-bess-virtual-subnet.all@ietf.org" <draft-ietf-bess-virtual-subnet.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR Review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 03:55:01 -0000
Hi Donald, Thanks for your quick confirmation. Best regards, Xiaohu > -----Original Message----- > From: Donald Eastlake [mailto:d3e3e3@gmail.com] > Sent: Wednesday, November 25, 2015 11:36 AM > To: Xuxiaohu > Cc: draft-ietf-bess-virtual-subnet.all@ietf.org; iesg@ietf.org; secdir@ietf.org > Subject: Re: draft-ietf-bess-virtual-subnet-05 SECDIR Review > > Hi Xiaohu, > > On Tue, Nov 24, 2015 at 9:03 PM, Xuxiaohu <xuxiaohu@huawei.com> wrote: > > Hi Donald, > > > > Thanks a lot for your review. Please see my response inline. > > > >> -----Original Message----- > >> From: Donald Eastlake [mailto:d3e3e3@gmail.com] > >> Sent: Wednesday, November 25, 2015 2:34 AM > >> To: draft-ietf-bess-virtual-subnet.all@ietf.org; iesg@ietf.org > >> Cc: secdir@ietf.org > >> Subject: draft-ietf-bess-virtual-subnet-05 SECDIR Review > >> > >>... > >> > >> Security: > >> > >> The Security Considerations section in its entirety is as follows: > >> > >> This document doesn't introduce additional security risk to BGP/MPLS > >> IP VPN, nor does it provide any additional security feature for BGP/ > >> MPLS IP VPN. > >> > >> While I don't think the Security Considerations section of this > >> Informational document needs to be particularly large or heavy, I > >> believe there is more to be said. Perhaps points such as the security > >> of the L2 or IP addresses used by the hosts/servers in the data > >> centers or the PE devices seeming like ideal concentration points to > >> observe traffic metadata and content so systems along the lines of those > described here should take that into account. > > > > How about adding the following text to the security consideration section? > > > > "Since the BGP/MPLS IP VPN signaling is reused without any change, those > security considerations as described in [RFC4364] are applicable to this > document. Meanwhile, since security issues associated with the NDP are > inherited due to the use of NDP proxy, those security considerations and > recommendations as described in [RFC6583] are applicable to this document as > well." > > Adding that would be a good. I have read the security considerations referred to > above and they cover most of my concerns. So I would be satisfied if you added > that text. > > Thanks for offering to fix all the things below. > > Donald > ============================= > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com > > >> Other: > >> > >> While I understand that many disagree with me, I believe that, except > >> in special circumstances, front page authors should list a postal > >> address and/or telephone number in the Authors Addresses section as > >> well as an email address. In my opinion, the Authors Addresses > >> section of this draft is an example of schlock corner cutting. > > > > OK, I will fix it. > > > >> Trivia: > >> > >> Section 1, page 3, item b: "challenge on the forwarding" -> > >> "challenge to the forwarding". > >> item c: "growing by multiples" -> "multiplying" > > > > Will fix it. > > > >> Section 1, page 4: "infrastructures and their corresponding > >> experiences" -> "infrastructure and experience". > > > > Will fix it > > > >> Section 3.4: "Acting as an ARP or ND proxies, a PE routers" -> > >> "Acting as an ARP or ND proxy, a PE router" > > > > Will fix it. > > > >> I'm not sure what the occurrences of "Infrastructure-as-a-Service > >> (IaaS)" and "IaaS" add other than buzzword compliance think the draft > >> would be improved by deleting them. > > > > Will delete them. Thanks a lot again for your review. > > > > Best regards, > > Xiaohu > > > >> Thanks, > >> Donald > >> ============================= > >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) > >> 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] draft-ietf-bess-virtual-subnet-05 SECDIR… Donald Eastlake
- Re: [secdir] draft-ietf-bess-virtual-subnet-05 SE… Xuxiaohu
- Re: [secdir] draft-ietf-bess-virtual-subnet-05 SE… Donald Eastlake
- Re: [secdir] draft-ietf-bess-virtual-subnet-05 SE… Xuxiaohu