[Teas] Re: Secdir last call review of draft-ietf-teas-applicability-actn-slicing-07
Linda Dunbar <linda.dunbar@futurewei.com> Fri, 09 August 2024 21:30 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D69EDC180B55; Fri, 9 Aug 2024 14:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hecdFC5XTxQB; Fri, 9 Aug 2024 14:30:41 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2109.outbound.protection.outlook.com [40.107.243.109]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81BB4C14F5FC; Fri, 9 Aug 2024 14:30:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dnC+5bb1VRCsjODHY3S9UKRhdWc9rSNhguBIscHotBeyR737WZCuqk7r4zCf6wuLNzTY7etzDUTJwOdmmSGWqov6wjegX6dhPMHU68QNyX1p8uHtToqJvfMWSYaT6+98Cp9R1dJ/6N1kkCKR4CcSCL1odw7dv37HXdOb+PcMzZXcoV+MGWrk4CC0IcXdejAM4H6IumjRpEI5wStJ/3cV+oH2630hz6fOd0fLQ35YX09NoguQynQbZXw6TbtDVF0KDU98G9WWFTEwte1GLthMUpXRkzI+JQFyFk2A/USYjGbahnMfKv+AmHpN5r0jAVltLaSZoxwk2ebI/bVCnDsIAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pe0HFMewxEwCr9EAP6xVPVEk+LF+flGsetZe0+WUdZM=; b=dh/YDl5oywakD6II9B8i5siiHPKvfBejMh/gyrZ0MzfWqxaT7L9coMc1uEMo3DnNxcfsKxnCORfbkqbim+EIuyGJLkWJNrs5Q+LjV/r+3BmSGHgJQW9hEGuYiNjEN18pVGZX6Dfrr9DJZNiGHbF3vS6TCF4B/tFz1D4HzcJAvtkvtfxVgxT8jdECN9GS5/Ha2zu4zkf7UwGAbQPTukaKAdPX14VVBkwwA6RoOtq5H1MbvY4or2LSgu9ScUgPlYBNdmOZOh2C+ifeFl4w9LecjrKR2feYP6zKq4+ESHNrIPPW5W7jkNi3mOH14sN7xT9SBdDc6cKSBYhDEiqrAwcnSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pe0HFMewxEwCr9EAP6xVPVEk+LF+flGsetZe0+WUdZM=; b=izFWE0DzUxL56l9Y2t6z9QoMMdrzH4ElMqqfUag7Gz7Cmx04c/SoYEEMPmwTFFz1ZZrUwVu6+E+nJFD/g07DH+p/WLys0WuFAcviBkFLwf7OpA/NbC2mS+zBQjoVDugCYb4E7OpxjnlVvxWo10aApy46s1afumHI8nlC2brd4DE=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by MW4PR13MB5885.namprd13.prod.outlook.com (2603:10b6:303:1b4::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Fri, 9 Aug 2024 21:30:38 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::4021:909f:bb6c:72a6]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::4021:909f:bb6c:72a6%3]) with mapi id 15.20.7849.014; Fri, 9 Aug 2024 21:30:38 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-teas-applicability-actn-slicing-07
Thread-Index: AQHa6pqVkKVDtwipgE2ApJnQjUWUv7IfbzIQ
Date: Fri, 09 Aug 2024 21:30:38 +0000
Message-ID: <CO1PR13MB49207C8212E2F8974AD4AB8E85BA2@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <172322405122.255490.10909933045876420270@dt-datatracker-6df4c9dcf5-t2x2k> <05d201daea9a$91419b30$b3c4d190$@olddog.co.uk>
In-Reply-To: <05d201daea9a$91419b30$b3c4d190$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|MW4PR13MB5885:EE_
x-ms-office365-filtering-correlation-id: 0f285059-e2a3-4ba0-92d0-08dcb8ba8319
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: 12XpzMv26CbiBXZ/N82dm8/IOUIg++9QG8CS2I+Bj/39JhbwjyA6WKwOTWS2NGsMzUyU0b1rn8YmMR1FBaAlJCBVf1ck7uBE82uE0zLVtWcNyUD317OCjsDgoGbpVXLdUeCiK5t/FS19E/3o/miqaSvnGblaLm6fQ6d89VvCw3sqCaBRbgR+vBNv4qS8nPhmz+wgh26bzZUaoMnd+tv+ZxjE+k3Oo42kRPoNIiBvGrnkXbplDP1rNNxO8mj1tMQObDq7OVip6RbRzBzIA5K6w/mgzHS6oG/sHeHISixg3uZRrre/62TLmg4FNo1AaLaHCgifY98nygjWypaMt4Nn62uJKSOX4PDZ7v2KoZINbT99ocHf+PgS23mohYQGmORuzWBc4p7XKC33SRTWcXpeF75JKUhvAKA5zKK9iCv6u/vPQNBDMTmKVfsxawCxsJEEq4wXUrqULYlRugpyCHLY2s9b0egE2TOXhjLtVRabvcX19b2Sz384X4yp1PehJIh0xhtaZuCSoe0iNDZMqH7eJYIcUrZ2sDJk6TJnv+9BWAYLVdPNCGqq4qYWvn43TsgzhvMzBSxSTe0o8U87xzvjm8PiEH9Ohn4nQJMp0RuLeztIrRYHIYr3eP01MSPG3/y2u9tkLK4GFFvQ6gOLSkk7SUBCAupbmXaU4TcvU0DZXK/ajsjQuHahWpNJYAUtPVI5ZbiiPAcfaLoPpUn7gN7X2ovlkK5hHacgEBqnjDnattAcz/1P8y6el9bJuHnXtA7MZhPlQWCxRLtSsL652mbCa5eXUqCWnH2D9qhZM9Y4/7S+8uMahvrhr6AlqBhuWJBvlwo1eDyCD7X0T/MO9j5gF7hPEpNmd+lZxIc20OKbU0VXpQdwA92UPY6soyogW4GYiQCr6PGkl7EBST7iGclBIr1wesHFN1EglLenY9qVLOEUlojzyDzEcyj1nBYcUIZ2oh57Zr/W+8UDBFQVBeNpc2Zs5dABjORf/1U0SZFxlWNx6hJvPiv7c3JiMZUU35Wno1zRgdb7esWeXerFZ9b/Lg53ENX7450FzkgPoVsy64W9aN/I7rWZTugiWqiHEkbKVQ+3mmxra29e0o1HrPmdozBtS7HIs3dK0AWxCgdZQ7mRN8Oq4mmx6QScuYX83tNHIf/fDb3v1iSspdSFYPGiiMYnKJPuV9E0t49XEn+CHNK2iWacgAhIWKM6bEM0POKhrAamlXs3F3xA0gM8aGPA6xtcU1oNzN8Y+avz/wVleZozweiO8ibRR8zol1O5SuFxO7dNrvVV5+5zJUfDCWaoAeutTLah5m5ln8HFSXID2Z8cGDYz5+CYacBd6OkzMy6eSRQvR3V7WcM8vkjEqrIlq4/AsjKy5sUTp8sUstFNyf7PLz85wg1192Q2yXU7pNAviYd9kliCPKQAm48cBleYkg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR13MB4920.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BxIPUsn8qG0EJciJdiNKutf+/r0t8UawSTA6otzpN9kzw0l+tSMorb7MyMB+VSUhkGYqlbrKorXAOIEgoIu2pN7y7jY5LZNfCHKGQs34HWX1/E/g5QigTdGWd9dlWgKZ8joVTiKcysjKSPbCthZ4aL18nkvBzwFyDIfeqgDAKAETqsYj1cjE9Fd9kw4hXdQc6kRmKJBcxcOE6n2k6/oRXv3ajQsPVkFLO87S8lNomsetWkQIOPOfpdMdy/o54y2yyH72VjzEiGERoMpqt6qqWJ7yAriDPR1CP/QqNTCEB86ZJdufuNmmyt52bU9jsxk1IvdmEIRsYb5wn4iqHOMYyI7aw2I5RYhprkeFbvQjwTC91k4AK1kLzzh0beScFLxA0V4Y18tQM4j9uDZ6TUxlpV5t30EFXkVPBkcbbjnuMopsU/UR1eq9fVbpN8AIvcjWajFsJSjl6Jn1b3/Fj9ACZFWaZBdAaIwrIpjxpdhsODoalnwkTfyPPeb7zaZ86IpPJgJD+2bkV6qbbZhHIE0cIZ0mo1qRZdhJmzbn8mjsKR3KksMI7qKkEvyGWlSTZBmHcYF7KAptTN258vtUhNecxzHWy2Rv3HrX6tvvrnHyUn6jJa2aoTr5em9dqwRcMsUhA16U53kqGcRmnJvBmY+4epICz22O0nPOELQIFZzc2ruxUyZTJkTH+IBxfVHbgKZuQjXuPzc+sn2jtJdM8CBj4aN0BvkSiGgDZDRvLHCWhIoAmwB3ef2kCjGqObAqGTMBw13u5dmicdc3uFuplRBclY12EpydZ2L4zgb2+da0A0BMef+MI9Yjq/Bp51M/KVzpH+YXrFIk6+0/ib0o/aQf/hW+CQcfAVLnFg77SpIsunt6K4DoXeePXrFRDtvx75Pn/9lsH+6bvr5JtErHHijc5zH276ovV0TkBwfkLIbJGkHxzI/LgcZCpyawY3d9RD0pq8+EhN1c2s3eb2eM0iTClUIkIc/bymwCfGKfG6kXjIHIMBwwYrA8vMXDv2UGI4MD1YtFYNLujAkPqWoCoybj1FlHR3Gt7bwDa+bSg2tG3/0WY+M54+wTtT82m+6ceL/r3GKn/IfRLPMxxWx7buS9dkqK2XWHtBLHsPyn7911Ce/DINJi115bUoneKEqQzqGEkH7eG5ucRo7wqmKTx9HE+QqROUDt5mH/K8cwe40rACtYTbsuuWLVOKTCyyd4URt1MQJzYtSyxbof2P9obRLbnMWXoinFcxvrEB8K3OPph0AXzhJBAYUbDRtAn/fLlb5qu9tZxjY//pIABfTJ1LvfeM9OdzBxxhJA4nsj96eexiqVzoIMW3eZhcQ2RjnqrUgssZmyAwEB/cbnyHXO5eOReU0nn8TF5i+BInQhxVp0coTorWS1pwqToKSFUmQ9MVlGB+3eIrfid7AppXHcyqVPE1XzWUrOlTx5JGsCPHOq6qmNEkSRZv8aOKonrJX0WLwVduyRE7tVbQdBH9wp3qpICJNUOJvnkO7iUMk7gPfqhj9G6nBZKgvUe7jJ3FRnK2CXKj4WwExHGN8zoGe7Xg5e/1hOASVHTb85iK35eqqLC1WwU5qla+odkb7+dxO8EoXD
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f285059-e2a3-4ba0-92d0-08dcb8ba8319
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2024 21:30:38.2202 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q0YSB9zlo3fsPbArrmNhlv72h56K7oRm+DiS7hE5jAFUTXxrn3ey5qaSBtUYbyPjpEqRgUzQO0VYkvGwvtqllg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR13MB5885
Message-ID-Hash: UU2YSN3RBLE3XJMDIMOV5WXGPA2GOPQH
X-Message-ID-Hash: UU2YSN3RBLE3XJMDIMOV5WXGPA2GOPQH
X-MailFrom: linda.dunbar@futurewei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-teas-applicability-actn-slicing.all@ietf.org" <draft-ietf-teas-applicability-actn-slicing.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "teas@ietf.org" <teas@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] Re: Secdir last call review of draft-ietf-teas-applicability-actn-slicing-07
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/YepLrfrNmNIGJ7deoF1Xebc3UnQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>
Adrian, Some comments inserted below. Linda -----Original Message----- From: Adrian Farrel <adrian@olddog.co.uk> Sent: Friday, August 9, 2024 1:28 PM To: Linda Dunbar <linda.dunbar@futurewei.com>; secdir@ietf.org Cc: draft-ietf-teas-applicability-actn-slicing.all@ietf.org; last-call@ietf.org; teas@ietf.org Subject: RE: Secdir last call review of draft-ietf-teas-applicability-actn-slicing-07 Linda, Thank you so much for casting your eyes over our document. Some thoughts in line... > I have reviewed this document as part of the SEC area directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the Security area directors. > Document editors and WG chairs should treat these comments just like > any other last-call comments > > Section 6, paragraph 4 highlights the customer's responsibility for > end-to-end security, even when utilizing secure network slices as a > service provided by their service providers. This raises several questions: > > - Does the document imply that customers should not trust the secure > network slices offered by service providers? Essentially, yes. No one should trust a security service that they cannot, themselves, verify. [Linda] sometimes a customer doesn't have the ability to verify the security services. That is why they buy security services from their trusted providers. However, the text doesn't go quite that far. It says that the customer is responsible for ensuring the privacy and integrity of their traffic. If a customer chooses to do that by subscribing to a service that claims to provide the necessary measures, then the customer is free to do so. [Linda] It might be better to say something along the line of Shared Responsibility for end to end security when using secure network slices. > - It might be beneficial for the document to specify criteria or > guidelines that customers can use to evaluate the security and > integrity of secure network slices as a service. Providing such > criteria would help customers make informed decisions and ensure they meet their security requirements. It might be, although that is probably way beyond the scope or competence of the authors. If pushed, I would say that no privacy or integrity service that cannot be independently verified by the customer can be trusted. Cheers, Adrian
- [Teas] Secdir last call review of draft-ietf-teas… Linda Dunbar via Datatracker
- [Teas] Re: Secdir last call review of draft-ietf-… Adrian Farrel
- [Teas] Re: Secdir last call review of draft-ietf-… Linda Dunbar
- [Teas] Re: Secdir last call review of draft-ietf-… Adrian Farrel