Authors,
I made a comment in last week's meeting on the security considerations
section. This mail provides some suggestions on how to address my comment.
In summary, my comment is that the problem statement document should at
a minimum identify the security topics (i.e., problems) that must be
addressed by any NVO3 solution. I agree that this document is not the
right place for any detailed or solution description. I think we have
plenty of text/concepts to leverage from the framework document and
draft-wei-nvo3-security-framework.
So I propose that something along the lines of the following text be
added after the first paragraph of section 10:
Solutions will need to address both data plane and control
plane security concerns. In the data plane, isolation
between NVO3 domains is the primary concerns. Assurances
against spoofing, snooping, transit modification and denial
of service are examples of other important
considerations. Some limited environments may even require
confidentially between domains.
In the control plane, the primary security concern is
ensuring that unauthorized control information is not
installed for use in the data plane. The prevention of the
installation of proper control information, and other forms
of denial of service are also concerns. Hereto, some
environments may also be concerned about confidentiality of
the control plane.
It's clearly possible to go into a lot more detail, but I thing the
above strikes the right balance (or close to it) for the PS document.
Lou
_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3
