Re: [sfc] Rtgdir last call review of draft-ietf-sfc-nsh-tlv-08
wei.yuehua@zte.com.cn Thu, 28 October 2021 09:14 UTC
Return-Path: <wei.yuehua@zte.com.cn>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82DA83A08ED; Thu, 28 Oct 2021 02:14:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.882
X-Spam-Level:
X-Spam-Status: No, score=-1.882 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CTE_8BIT_MISMATCH=0.036, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CMUzYkcZSqww; Thu, 28 Oct 2021 02:14:14 -0700 (PDT)
Received: from mxde.zte.com.cn (mxde.zte.com.cn [209.9.37.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85ECC3A08EB; Thu, 28 Oct 2021 02:14:10 -0700 (PDT)
Received: from mse-eu.zte.com.cn (unknown [10.35.13.51]) by Forcepoint Email with ESMTPS id 527FA1AE2CA70ADDA89C; Thu, 28 Oct 2021 17:14:07 +0800 (CST)
Received: from dgapp02.zte.com.cn ([10.35.13.17]) by mse-eu.zte.com.cn with SMTP id 19S9E1Ec062436; Thu, 28 Oct 2021 17:14:01 +0800 (GMT-8) (envelope-from wei.yuehua@zte.com.cn)
Received: from mapi (dgapp02[null]) by mapi (Zmail) with MAPI id mid1; Thu, 28 Oct 2021 17:14:02 +0800 (CST)
Date: Thu, 28 Oct 2021 17:14:02 +0800
X-Zmail-TransId: 2afa617a69da26305d80
X-Mailer: Zmail v1.0
Message-ID: <202110281714028842387@zte.com.cn>
In-Reply-To: <163296087839.13215.13678192950985129059@ietfa.amsl.com>
References: 163296087839.13215.13678192950985129059@ietfa.amsl.com
Mime-Version: 1.0
From: wei.yuehua@zte.com.cn
To: noreply@ietf.org
Cc: rtg-dir@ietf.org, last-call@ietf.org, draft-ietf-sfc-nsh-tlv.all@ietf.org, sfc@ietf.org
Content-Type: text/plain; charset="UTF-8"
X-MAIL: mse-eu.zte.com.cn 19S9E1Ec062436
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/Q2Snf_ZLTkJ1augbaWpmNYlwFBU>
Subject: Re: [sfc] Rtgdir last call review of draft-ietf-sfc-nsh-tlv-08
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2021 09:14:19 -0000
Dear Stig, I would like to expand the section of "Security considerations" to the following text: A misbehaving node from within the SFC-enabled domain may alter the content of the Context Headers, which may lead to service disruption. Such an attack is not unique to the Context Headers defined in this document. Measures discussed in Section 8 of [RFC8300] describes the general security considerations for protecting NSH. [I-D.ietf-sfc-nsh-integrity] specifies methods of protecting the integrity of the NSH metadata. If the NSH includes the MAC Context Header, the authentication of the packet MUST be verified before using any data. If the verification fails, the receiver MUST stop processing the variable length context headers and notify an operator. Please review if this could resolve your comments. Thanks! Best Regards, Yuehua Wei M: +86 13851460269 E: wei.yuehua@zte.com.cn ------------------原始邮件------------------ 发件人:StigVenaasviaDatatracker 收件人:rtg-dir@ietf.org; 抄送人:last-call@ietf.org;draft-ietf-sfc-nsh-tlv.all@ietf.org;sfc@ietf.org; 日 期 :2021年09月30日 08:16 主 题 :[sfc] Rtgdir last call review of draft-ietf-sfc-nsh-tlv-08 Reviewer: Stig Venaas Review result: Has Issues Summary: The document is easy to read and in a good shape. I have some minor concerns about this document that I think should be resolved before publication. Comments: The document is quite good and easy to read. My only concern is the security considerations that are rather brief. Major Issues: No major issues found. Minor Issues: The Security considerations might need more details. Are there any concerns about incorrect metadata? What are the consequences of metadata being wrong intentionally, or by accident. When should integrity protection be used? _______________________________________________ sfc mailing list sfc@ietf.org https://www.ietf.org/mailman/listinfo/sfc
- [sfc] Rtgdir last call review of draft-ietf-sfc-n… Stig Venaas via Datatracker
- Re: [sfc] Rtgdir last call review of draft-ietf-s… wei.yuehua