Last Call Review of draft-ietf-nvo3-encap-10
review-ietf-nvo3-encap-10-secdir-lc-kivinen-2023-11-23-00
Request | Review of | draft-ietf-nvo3-encap |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2023-11-18 | |
Requested | 2023-11-04 | |
Authors | Sami Boutros , Donald E. Eastlake 3rd | |
I-D last updated | 2023-11-23 | |
Completed reviews |
Genart Last Call review of -10
by Meral Shirazipour
(diff)
Intdir Telechat review of -11 by Wassim Haddad (diff) Opsdir Last Call review of -10 by Qin Wu (diff) Secdir Last Call review of -10 by Tero Kivinen (diff) Rtgdir Early review of -07 by Michael Richardson (diff) |
|
Assignment | Reviewer | Tero Kivinen |
State | Completed | |
Request | Last Call review on draft-ietf-nvo3-encap by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/bBrsRwuuqJRZNUbodMMF7nIltoU | |
Reviewed revision | 10 (document currently at 12) | |
Result | Has nits | |
Completed | 2023-11-23 |
review-ietf-nvo3-encap-10-secdir-lc-kivinen-2023-11-23-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is the result of the design team chartered to work on the common encapsulation that addresses the various technical concerns. It does this by comparing three encapsulation protocols: Geneve, GUE, and GPE. The security considerations section say: This document does not introduce any additional security constraints. Which is true, as the document does not review the security (or lack of it) in the encapsulation protocols, but section 6.2.2 do discuss about security/integrity extensions. It also recommends that the "the WG work on security options for Geneve." Nits: Typo in section 6.4: /svailable/available/ Invalid capitalization of IPsec in section 6.2.2 (twice) and once in section 7. /IPSEC/IPsec/