Sure. I referenced it in my 2nd paragraph. Lou -----Original Message----- From: "[email protected]" <[email protected]> Date: Fri, 16 Nov 2012 14:39:20 To: Lou Berger<[email protected]> Cc: <[email protected]>; [email protected]<[email protected]> Subject: Re: [nvo3] Follow on comment on draft-ietf-nvo3-overlay-problem-statement
Hi Lou, There is also a draft on NVO3 Security Framework ( http://www.ietf.org/id/draft-wei-nvo3-security-framework-01.txt) Requesting the authors of this draft to provide inputs to Requirements, Framework and Operations drafts. Thanks. Best. Bhumip On Fri, Nov 16, 2012 at 12:00 PM, Lou Berger <[email protected]> wrote: > Authors, > I made a comment in last week's meeting on the security > considerations > section. This mail provides some suggestions on how to address my comment. > > In summary, my comment is that the problem statement document should at > a minimum identify the security topics (i.e., problems) that must be > addressed by any NVO3 solution. I agree that this document is not the > right place for any detailed or solution description. I think we have > plenty of text/concepts to leverage from the framework document and > draft-wei-nvo3-security-framework. > > So I propose that something along the lines of the following text be > added after the first paragraph of section 10: > > Solutions will need to address both data plane and control > plane security concerns. In the data plane, isolation > between NVO3 domains is the primary concerns. Assurances > against spoofing, snooping, transit modification and denial > of service are examples of other important > considerations. Some limited environments may even require > confidentially between domains. > > In the control plane, the primary security concern is > ensuring that unauthorized control information is not > installed for use in the data plane. The prevention of the > installation of proper control information, and other forms > of denial of service are also concerns. Hereto, some > environments may also be concerned about confidentiality of > the control plane. > > It's clearly possible to go into a lot more detail, but I thing the > above strikes the right balance (or close to it) for the PS document. > > Lou > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
