Re: SECDIR review of draft-ietf-sfc-nsh-18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 9/17/2017 12:50 AM, Randy Bush wrote:
>> 1) Encrypt the data in transit, using IPSEC or similar;
> like this is gonna happen.  this is the secdir pacifier.

Well Randy, I am writing the Sec Dir review...

>
>> That's not a bad posture, but I wish that you were explicit about the
>> threats. I am somewhat concerned that the "administrative domain"
>> approach leads to complacency, as in "my domain is secure, I am only
>> concerned with external leakage".
> there is common talk about pushing some services in a chain to the
> cloud, aka other people's computers.

This is why I think security reviews should mention the threats as well
as the solutions. That's a feedback I am giving on
draft-ietf-sfc-nsh-21. For me, the threats are clear: some of your links
will be tapped, even if you think they will not. Some of your devices
will be hacked, it will take you some time to discover that, and you
would much prefer the failures to be gradual rather than catastrophic.
Some of the third party services that provide you with an attractive
function are also in the business of collecting metadata for corporate
surveillance, even if you like the price they charge.

If the threats are not acknowledged, the security recommendations become
a mere incantation. "Do these magic things or the protocol police will
send you a nasty letter in triplicate." Once the threats are
acknowledged, good engineers understand the problems and fix them. And
the point of standards is that the fixes are done in a compatible ways
on various components of various providers.

-- 
Christian Huitema






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]