Hi David,

Just on this point...

On 20/09/16 02:06, Black, David wrote:
>> > - section 16: I think it might be worth noting here that
>> > meta-data and operational data could be unexpectedly
>> > sensitive, for example performance statistics could be used
>> > to infer what's being done in a VM or VN. So in addition to
>> > encrypting data in transit or storage, one might also want to
>> > consider minimising the types of data that NVEs/NVAs collect.
> I believe that's generally the case for operational data, e.g.,
> performance stats.  If you or the OPS ADs have a reference
> to suggest, I'd be happy to cite it on this concern, but would
> prefer not to add a from-scratch discussion, as covering  this:
>> > That could have an impact on protocols defined later so may
>> > well be worth noting here too. If you do add text on that you
>> > may also want to recognise the tension between such data
>> > minimisation and the operational need to detect misbehaviours
>> > or errors happening within VNs.
> is likely to entail a discussion of trust models between a network
> operator (landlord) and tenants using that network infrastructure.
> I suspect that discussion will be neither simple nor short, and
> moreover, it has much broader IETF applicability than just NVO3.

I do understand your reluctance to open cans of worms, however
the topic does seem quite relevant to this architecture document,
even if there is a generic concern as you note, so I'd say it
would be right to ack the issue here, so that those doing later
protocol development work don't trip over it at the end of their

I don't have a great reference though - this issue is noted in
RFC7258 of course, but without any real detail. RFC 6973 is also
relevant I guess.

Anyway, if it works, I'd suggest adding something simple like:

"NVEs and NVAs need to collect performance and other data in
order to carry out their functions. This data can sometimes be
unexpectedly sensitive, for example, allowing non-obvious
inferences as to activity within a VM. This provides a reason
to minimise the data collected so as to be cautious not to
create such potential vulnerabilities. As noted briefly in
RFC6973 and RFC7258 there is an inevitable tension between
being privacy sensitive and network operations that needs to
be taken into account in nvo3 protocol development."

Of course that's offered modulo whatever wordsmithing
makes sense.


> Thanks, --David

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

nvo3 mailing list

Reply via email to