Stephen Farrell has entered the following ballot position for draft-ietf-nvo3-use-case-15: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-nvo3-use-case/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- The security considerations text is pretty trite and not very useful. The secdir review [1] makes some good points that ought be reflected in the draft. An author seems to agree to that's probably fine. In addition as a use-cases draft, the use-case of hiring a VM in order to attack other VMs in the DC ought be at least mentioned, and there has been substantial work on such attacks, e.g., [2] is a new instance of such and [3] has links to many published papers. Presumably NVO3 intends to at least consider such attacks and that probably warrants a mention here or else we risk building new networks that are highly vulnerable to other VMs in the DC. (Whether or not such consideration leads to changes in NVO3 protocols is an open question for me, but I do hope that the WG consider the issues and that the IESG check that that has happened at the relevant time.) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg07055.html [2] https://media.ccc.de/v/33c3-8044-what_could_possibly_go_wrong_with_insert_x86_instruction_here [3] https://scholar.google.com/scholar?as_ylo=2013&q=virtual+machine+cache+side+covert+channel+&hl=en&as_sdt=0,5 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
