Lou, Thanks, and would like to know if you are interested to contribute to develop this draft (http://www.ietf.org/id/draft-wei-nvo3-security-framework-01.txt) further.
Best. Bhumip On Fri, Nov 16, 2012 at 2:54 PM, Lou Berger <[email protected]> wrote: > ** > Sure. I referenced it in my 2nd paragraph. > > Lou > ------------------------------ > *From: *"[email protected]" <[email protected]> > *Date: *Fri, 16 Nov 2012 14:39:20 -0500 > *To: *Lou Berger<[email protected]> > *Cc: *<[email protected]>; > [email protected]<[email protected]> > *Subject: *Re: [nvo3] Follow on comment on > draft-ietf-nvo3-overlay-problem-statement > > Hi Lou, > > There is also a draft on > NVO3 Security Framework ( > http://www.ietf.org/id/draft-wei-nvo3-security-framework-01.txt) > Requesting the authors of this draft to provide inputs to > Requirements, Framework and Operations drafts. > > Thanks. > Best. > Bhumip > > > > On Fri, Nov 16, 2012 at 12:00 PM, Lou Berger <[email protected]> wrote: > >> Authors, >> I made a comment in last week's meeting on the security >> considerations >> section. This mail provides some suggestions on how to address my >> comment. >> >> In summary, my comment is that the problem statement document should at >> a minimum identify the security topics (i.e., problems) that must be >> addressed by any NVO3 solution. I agree that this document is not the >> right place for any detailed or solution description. I think we have >> plenty of text/concepts to leverage from the framework document and >> draft-wei-nvo3-security-framework. >> >> So I propose that something along the lines of the following text be >> added after the first paragraph of section 10: >> >> Solutions will need to address both data plane and control >> plane security concerns. In the data plane, isolation >> between NVO3 domains is the primary concerns. Assurances >> against spoofing, snooping, transit modification and denial >> of service are examples of other important >> considerations. Some limited environments may even require >> confidentially between domains. >> >> In the control plane, the primary security concern is >> ensuring that unauthorized control information is not >> installed for use in the data plane. The prevention of the >> installation of proper control information, and other forms >> of denial of service are also concerns. Hereto, some >> environments may also be concerned about confidentiality of >> the control plane. >> >> It's clearly possible to go into a lot more detail, but I thing the >> above strikes the right balance (or close to it) for the PS document. >> >> Lou >> _______________________________________________ >> nvo3 mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/nvo3 >> > > > > >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
