[secdir] Security review of draft-ietf-trill-directory-assisted-encap-09.txt
"Hilarie Orman" <hilarie@purplestreak.com> Thu, 08 March 2018 03:53 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A207E1271FD; Wed, 7 Mar 2018 19:53:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSPMm_DTX2NX; Wed, 7 Mar 2018 19:53:46 -0800 (PST)
Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C380126BF7; Wed, 7 Mar 2018 19:53:46 -0800 (PST)
Received: from in01.mta.xmission.com ([166.70.13.51]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1etmcj-0006aR-4H; Wed, 07 Mar 2018 20:53:45 -0700
Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1etmci-0002dy-0q; Wed, 07 Mar 2018 20:53:44 -0700
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w283rEG1016591; Wed, 7 Mar 2018 20:53:14 -0700
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id w283rEZi016590; Wed, 7 Mar 2018 20:53:14 -0700
Date: Wed, 07 Mar 2018 20:53:14 -0700
Message-Id: <201803080353.w283rEZi016590@rumpleteazer.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org
Cc: draft-ietf-trill-directory-assisted-encap.all@tools.ietf.org
X-XM-SPF: eid=1etmci-0002dy-0q; ; ; mid=<201803080353.w283rEZi016590@rumpleteazer.rhmr.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX18pwKFuWyzwAS01FS1jGAoa
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ***;iesg@ietf.org, secdir@ietf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 606 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 7 (1.2%), b_tie_ro: 6 (0.9%), parse: 1.81 (0.3%), extract_message_metadata: 8 (1.3%), get_uri_detail_list: 2.6 (0.4%), tests_pri_-1000: 6 (0.9%), tests_pri_-950: 2.5 (0.4%), tests_pri_-900: 1.90 (0.3%), tests_pri_-400: 30 (4.9%), check_bayes: 28 (4.5%), b_tokenize: 10 (1.7%), b_tok_get_all: 7 (1.1%), b_comp_prob: 4.6 (0.8%), b_tok_touch_all: 2.5 (0.4%), b_finish: 0.90 (0.1%), tests_pri_0: 534 (88.2%), check_dkim_signature: 1.29 (0.2%), check_dkim_adsp: 29 (4.8%), tests_pri_500: 9 (1.5%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1cM8x9ec9ClH6KLbnM67uVw6Mk8>
Subject: [secdir] Security review of draft-ietf-trill-directory-assisted-encap-09.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 03:53:47 -0000
Security review of Directory Assisted TRILL Encapsulation draft-ietf-trill-directory-assisted-encap-09.txt (A day late and a dollar short, sorry) Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document describes "the benefits of and a scheme for non-RBridge nodes performing TRILL encapsulation." The scheme uses TRILL directories to help with the scaling issues for large TRILL networks that co-exist with non-TRILL networks. Non-RBridge nodes can find a TRILL directory and properly encapsulate packets with TRILL headers to guide them to and from the network edges. The method reduces the amount of node information that might otherwise be assigned and flooded through the network. There are security considerations that mandate that the directory server and the TRILL encapsulating nodes "properly authenticate with each other to protect sensitive information," but there is no discussion what is "proper" or how the propriety is maintained. How does the directory server know which entities are authorized to be encapsulating nodes and what information are they allowed to see (or change)? How do the encapsulating nodes know how to authenticate the directory nodes? Is this essential configuration that has to be built in before the network can function with directory assisted encapsulation? Does it require cooperation between administrators in different parts of a campus? In some place the behavior of the nodes depends on whether or not the directory is "known to be complete". This seems like transient information that has to be communicated in some unspecified way at unspecified times. It may not affect security, but it might affect dependability? Nits about grammar are many, but the one that interferes with comprehension is the split infinitive in "it is still necessary to designate AF ports to, for example, be sure that multi-destination ..." Hilarie
- [secdir] Security review of draft-ietf-trill-direā¦ Hilarie Orman