>The attacks performed on both control plane and data plane should be >considered. > [Zu Qiang] Two questions: - is there a control plane between TS and NVO3 defined by framework draft or architecture draft? - is there any TS data security requirement added in your draft? If yes, which one can prevent such data plane attach from a TS?
>In addition, we also consider the possible attacks from compromised network >appliances which located in the middle of NVEs and hypervisors. That is why >we think the packet level protection for NVE-hypervisor data/control planes is >important. > [Zu Qiang] is this type of attack covered by any threat model in your draft? Have a nice day Zu Qiang >If there is anything missed, pleaes feel free to let us know. > >Cheers > >Dacheng >________________________________________ >发件人: Zu Qiang [[email protected]] >发送时间: 2014年3月3日 22:11 >收件人: Zhangdacheng (Dacheng); [email protected] >主题: RE: [nvo3] I-D Action: draft-ietf-nvo3-security-requirements-02.txt > >The question I have given in the WG discussion is that you have added a new >threat model that "Attacks from malicious TSes". Do you mean this attack is >initiated by a TS. And the TS will attack the NVO3 directly using data plane. >Or >you mean the TS will try to crash the hypervisor and then attack the attached >NVE using the hypervisor-NVE control plane? Please clarify it. > >Have a nice day >Zu Qiang > >>-----Original Message----- >>From: nvo3 [mailto:[email protected]] On Behalf Of Zhangdacheng >>(Dacheng) >>Sent: Friday, January 24, 2014 4:40 AM >>To: [email protected] >>Subject: Re: [nvo3] I-D Action: >>draft-ietf-nvo3-security-requirements-02.txt >> >>Hello: >> >>We just finished an update of the security requirement document >>according to the comments we got in the list and the last meeting. >>In this update, we: >> >>1) update the diagram of the NOV3 overlay architecture >>2) propose a new classification of attacks >>3) re-write the contents related with key management >>4) add the discussion of NVA-NVA control plane >>5) re-write the scope of this work >>6) change the confidentiality requirements to optional >> >>In addition, we list some security issues (e.g., accountability, >>security protection on management interface) in section 8.2 for >>discussion. We need your suggestions before adding anything in the list >>into the document as requirements. >> >>So, please let us know if you have any comments or suggestions. ^_^ >> >>Cheers. >> >>Dacheng >> >> >>> -----Original Message----- >>> From: nvo3 [mailto:[email protected]] On Behalf Of >>> [email protected] >>> Sent: Friday, January 24, 2014 5:20 PM >>> To: [email protected] >>> Cc: [email protected] >>> Subject: [nvo3] I-D Action: >>> draft-ietf-nvo3-security-requirements-02.txt >>> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>directories. >>> This draft is a work item of the Network Virtualization Overlays >>> Working Group of the IETF. >>> >>> Title : Security Requirements of NVO3 >>> Authors : Sam Hartman >>> Dacheng Zhang >>> Margaret Wasserman >>> Filename : draft-ietf-nvo3-security-requirements-02.txt >>> Pages : 18 >>> Date : 2014-01-24 >>> >>> Abstract: >>> The draft describes a list of essential requirements in order to >>> benefit the design of NOV3 security solutions. In addition, this >>> draft introduces the candidate techniques which could be used to >>> construct a security solution fulfilling these security requirements. >>> >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-ietf-nvo3-security-requirement >>> s >>> / >>> >>> There's also a htmlized version available at: >>> http://tools.ietf.org/html/draft-ietf-nvo3-security-requirements-02 >>> >>> A diff from the previous version is available at: >>> http://www.ietf.org/rfcdiff?url2=draft-ietf-nvo3-security-requirement >>> s >>> -02 >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission until the htmlized version and diff are available at >>> tools.ietf.org. >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> _______________________________________________ >>> nvo3 mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/nvo3 >>_______________________________________________ >>nvo3 mailing list >>[email protected] >>https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
