Re: [Last-Call] Secdir last call review of draft-ietf-sfc-nsh-integrity-04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you Steve.
Joel

On 3/14/2021 4:22 PM, Steve Hanna via Datatracker wrote:
Reviewer: Steve Hanna
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
  Document editors and WG chairs should treat these comments just like any other
last call comments.

This document adds integrity and optional encryption of sensitive metadata
directly to the Network Service Header (NSH) protocol defined in RFC 8300, thus
reducing or eliminating several attack vectors against Service Function
Chaining (SFC). The document is well written and seems adequate for the goals
articulated here and elsewhere in the SFC document suite.

All of the issues, questions, and nits that I raised in my earlier secdir
review
(https://datatracker.ietf.org/doc/review-ietf-sfc-nsh-integrity-01-secdir-early-hanna-2020-12-24)
have been well addressed in draft-ietf-sfc-nsh-integrity-04. From my
perspective (as a security expert who has not previously worked with SFC), this
latest version of that document seems to address all relevant security issues
in an appropriate manner. I have no remaining concerns regarding this document
and support its approval.




--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux