Hi, >From the current specification of Geneve I see a strong willingness to use of DTLS or IPsec.
As mentioned earlier, this cannot be true and providing end-to-end security between three or more party has not yet been solved at the IETF. As such, my understanding is that the use of DTLS or IPsec does not work - at least with transit devices. (see [1] Annex. For full disclosure I am one of the co-authors) The presence of transit devices raises most of the concerns and I question such devices that seem optional with only a read capability to be part of the architecture. On a security point of view, there is no differences between an attacker and a transit device. Transit device can only be used over Geneve overlay that are not secured - DTLS and IPsec do not enable transit devices. As such nothing prevents a transit device injecting/redirecting/sniffing and none of the considerations regarding the transit device can be enforced. Architecturally speaking, transit devices seems like middle boxes or on-path elements. I am also wondering how much thoughts on this topic - especially from the transport area have been considered for the transit devices - among others [2-3]. In my opinion, given the additional complexity provided by the transit devices, I suspect the Geneve architecture would be better without transit device. I am happy to understand a bit more from the WG whether transit devices needs to be part of the Geneve architecture and why. Yours, Daniel [1] https://datatracker.ietf.org/doc/draft-mglt-nvo3-geneve-security-requirements/ [2] tools.ietf.org/html/draft-hardie-path-signals-03 [3] https://tools.ietf.org/html/rfc7663
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
