[secdir] Secdir last call review of draft-ietf-bess-evpn-irb-mcast
tirumal reddy <kondtir@gmail.com> Tue, 20 December 2022 14:38 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6F29C14F613; Tue, 20 Dec 2022 06:38:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBfYwQb9yroz; Tue, 20 Dec 2022 06:38:32 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CC7DC14EB1C; Tue, 20 Dec 2022 06:38:29 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id g13so2208409lfv.7; Tue, 20 Dec 2022 06:38:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Qi9uj/x8wEUyzdbrEVFXhRLsZnmHmiLf12zs2uOmbE4=; b=Ri3+J9vi6iD3hgkM5YWuMXqIgsrC7DUG7GNa8skaa46kL7s6qayeBz4T5H5XbMXFTY YiwiW3KJ3fcOPCO3flxBBjVKVpOvQVn8kXGjc7vuc87zMmrV8RQTdfs1MvRDawQy4xU+ FVVywvNgMVa7k/malMLZK6cqqoJ5jYx6C5Ywqm5wajbf4A0ne3ccIMu3he0aK5CaW3ac yvr6AhKrWETDwGN7g+oiSEE8mcAc7WD5EKmDa4pUeOm0/PXKsub/LaanPkCo77Mixu69 QHTs3wY73YgN/LLEAmLWtggT8nApdUsTHIKx2FZrJRpA07ZxvxCX+8uR4qrZMW+rMnRk nAAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Qi9uj/x8wEUyzdbrEVFXhRLsZnmHmiLf12zs2uOmbE4=; b=SNIoXuibr1aIxBoHNLdlNTQ+whilbfEhVsVDHnDcce3tzTX35pRZse2OFZYTq1GBua HkNhMbLB4yn03X4XuPhuIWFb9gwMHfL4w7FBC7Ph5QUaVjeLl+x67e2gi1sO7KoRYFt8 CA9+CJIkKiwjzPprkwlB2y+KJrun5IlY5MrjEEGNW3hp4Y0pbohhf6no6Pw0KG1x8wpS zOXJVmz4fZs8jNCx9HbCaoE9f7LBnKWw3lHjVE/HVp1meacTkGwLpSG+uvIBUOWhHeka lXNpGSr4mfkgSO1PoVHOi0wyeempYMwaIJlBBLxziynEZojk/YaNGuPGXuL7Cw+l9k8X o7dg==
X-Gm-Message-State: ANoB5pl51eh/WkqHCSfkd4NWVmMeMk6CG1eDmdAgqHG1ycnmrgxQJDXH EFi/Jxla0HtHEy1rSVbp5J9gkv6K6Y73r+jFcX6OyAyF5io=
X-Google-Smtp-Source: AA0mqf46m8++02vDdIIwNJK6MQiFJ5+8dJlBRKnlOrmHJZ7ScDXEVqdMv9vQOYXyHqAmjauCgfdu1AC+llmTCmI5K3s=
X-Received: by 2002:a05:6512:25a8:b0:4b5:7bf5:f885 with SMTP id bf40-20020a05651225a800b004b57bf5f885mr7176045lfb.330.1671547106461; Tue, 20 Dec 2022 06:38:26 -0800 (PST)
MIME-Version: 1.0
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 20 Dec 2022 20:08:15 +0530
Message-ID: <CAFpG3geNh20V5TAy-B_VW6RvefOOTK2qMEhDFngbGnokS0T=9w@mail.gmail.com>
To: secdir@ietf.org, bess@ietf.org, draft-ietf-bess-evpn-irb-mcast.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000818b4905f04363c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zlDd4iZNapCokLzDKOqA45pEQJo>
Subject: [secdir] Secdir last call review of draft-ietf-bess-evpn-irb-mcast
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2022 14:38:32 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in the last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Reviewer: Tirumaleswar Reddy Review result: Ready with issues Summary: The document covers the procedure for multicast advertisement and forwarding among BDs. I don't see any major security issues presented in the security considerations and I I have the following comments : This document uses protocols and procedures defined in the normative references, and inherits the security considerations of those references. Comment> I suggest adding more details to how the security considerations in the normative references are applicable to this draft. Incorrect addition, removal, or modification of those flags and/or ECs will cause the procedures defined herein to malfunction, in which case loss or diversion of data traffic is possible. Comment> The above text discusses the attacks but not possible mitigations. Please add more details on how the above attack can be prevented. Cheers, -Tiru
- [secdir] Secdir last call review of draft-ietf-be… tirumal reddy