Hi T. Sridhar, Thanks for the feedbacks.
My reading of your feedback, is that you are supporting a security analysis for Geneve, however, you would have prefered it to be part of a document expired since 2016 dealing another topic written by a different team of co-authors. You are correct that is not what happened and since then, you comment might be interpreted like a support for adopting the document. As far as I understand, you do not have technical concerns. That reality could have been otherwise might not be sufficient to oppose adoption of a document. If there ever have been any technical concerns, we would be pleased to heard them clearly. I believe raising them would be more appropriated for a call for adoption -- as well as helpful for the co-authors of the document. Note also that we checked the Geneve security document was aligned with the more generic recommendations of NVO3. It has been decided by the WG and the chairs to include the relevant NVO3 recommendations that apply to Geneve in the current document rather than building on top of the NVO3 requirements. Note also that the notation SEC-OP/SEC-GEN have been proposed as a way to address the WG concerns: * How to evaluate a Geneve deployment is secure * What are the requirements for a Geneve Security mechanisms to secure Geneve deployments. Are you suggesting after adoption, these two questions should be provided in two different documents ? Yours, Daniel On Thu, Apr 18, 2019 at 2:41 AM T. Sridhar <tsridhar= [email protected]> wrote: > > > There is already another working group draft on NVO3 security ( > https://tools.ietf.org/html/draft-ietf-nvo3-security-requirements-07) > which would be a good place to include information about Geneve specific > security requirements. This draft has not been updated in a while but > includes content which is broadly applicable to NVO3 including NVE-NVE data > plane (i.e. Geneve) communication. > > > > My vote is for the draft-mglt-nvo3-geneve-security-requirements authors to > include relevant sections of their draft in the existing > nv03-security-requirements draft instead of the WG adopting another draft > related to security. > > > > Section 6.2 of draft-ietf-nvo3-security-requirements is the section which > can be enhanced to include information about Geneve security since it > already details several areas common to both the drafts. I would also > suggest not using the current categorization of > draft-mglt-nvo3-geneve-security-requirements (SEC-OP and SEC-GEN – see > below) when including text from > draft-mglt-nvo3-geneve-security-requirements into > draft-nvo3-security-requirements > > > > SEC-OP: requirements to evaluate a given deployment of Geneve overlay. > Such requirements are intended to Geneve overlay provider to evaluate a > given deployment. > > > > SEC-GEN: requirements a security mechanism need to fulfill to secure any > deployment of Geneve overlay deployment > > > > In summary, I don’t support the adoption of this draft as a new WG > document – we should add relevant content from here into the existing > security requirements draft and continue to progress that. > > > > Thanks, > > Sridhar > > > > > > *From: *"Bocci, Matthew (Nokia - GB)" <[email protected]> > *Date: *Wednesday, April 10, 2019 at 7:38 AM > *To: *"[email protected]" <[email protected]> > *Subject: *[nvo3] Poll for adoption of > draft-mglt-nvo3-geneve-security-requirements-06 > > > > This email begins a second two-week poll for adoption of > draft-mglt-nvo3-geneve-security-requirements-06 in the NVO3 working group.. > > > > Please review the draft and send any comments to the NVO3 list. > > > > Please also indicate whether you support adoption of the draft as an NVO3 > working group document. > > > > Note that supporting working group adoption indicates that you think the > draft is headed in the right direction and represents a piece of work that > the working group should take on and progress. It does not have to be > technically perfect at this stage. > > > > This poll closes on Wednesday 24th April 2019. > > > > Regards > > Matthew and Sam > > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
