[trill] draft-ietf-trill-smart-end-nodes-06.txt - Comments upon forwarding to the AD
"Susan Hares" <shares@ndzh.com> Mon, 22 January 2018 16:53 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C168D127775; Mon, 22 Jan 2018 08:53:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.946
X-Spam-Level:
X-Spam-Status: No, score=0.946 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q04VO2N8iAeF; Mon, 22 Jan 2018 08:53:53 -0800 (PST)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDA041273B1; Mon, 22 Jan 2018 08:53:52 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.176.249.181;
From: Susan Hares <shares@ndzh.com>
To: trill@ietf.org
Cc: 'Donald Eastlake' <d3e3e3@gmail.com>, trill-chairs@ietf.org, 'Alia Atlas' <akatlas@gmail.com>, 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>, 'Eric Rescorla' <ekr@mozilla.com>
Date: Mon, 22 Jan 2018 11:53:49 -0500
Message-ID: <015501d393a1$942f9380$bc8eba80$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0156_01D39377.AB5A4ED0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdOTmfFdF6okJfuARjy10Cbxu4Jeww==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/0H11PSmJITTcVy-9_PpmQ6Im9Bo>
Subject: [trill] draft-ietf-trill-smart-end-nodes-06.txt - Comments upon forwarding to the AD
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2018 16:53:55 -0000
Version 6 fixes the issues we discussed in IETF 99 and 100 - so I am forwarding this to the AD for Evaluation. I want to complement you on improving the readability of the draft. Two editorial nits exist, and I will be asking the AD one significant question which I provide to you. This question arose out of a discussion with the Security ADs last week (which was original scheduled in November). I had been awaiting the meeting with the Security ADs before forwarding this draft. Hopefully, it will raise this question early in the process. I apologize to the authors (especially Fangwei and Donald) for the lengthy delay in posting this shepherd review. We have also been awaiting the response from Julien Meuric in his routing directorate review. https://www.ietf.org/mail-archive/web/rtg-dir/current/msg02740.html I've sent another query to him this morning. The authors and I will need to work all of these reviews in parallel as we do not have enough time to work these in series. I would like to ask the authors of draft-ietf-smart-end-nodes to be watching all of this email. I am going to push to resolve all issues quickly this week. Please be ready to revise this document based on exterior reviews. Sue Hares ------------ Significant Security question: Shepherd question to the AD (1/22/2018): Does this security section need to explain the risks of an end-node participating with secured hellos using authentication TLVs [RFC5310], TRILL ES-IS Security [RFC8171], ISIS general cryptographic security, and TRILL's general security considerations. The WG thought was to not repeat the thought and comments presented in these other drafts. The WG believes that with TRILL security and authentication this end node is as secure as the main TRILL infrastructure and any IS-IS infrastructure. Does the draft need a summary of these mechanisms in the draft? If so this could be added in section 7. Otherwise, section 7 is very brief. Should possible attack vectors for remote dual homed nodes be added to section 7. These attack vectors are similar for any stub ISIS/OSPF node. As you will note in the IESG review draft-ietf-ospf-link-overload-12, the potential attacks for stub ISIS/OSPF nodes or smart-end nodes may be slightly different than core nodes. However, this is a general case of problems. In general, I think this general attack vector belongs in a routing-area related draft relating to all IGPs (OSPF, ISIS, Babel) or IGP that support L2 forwarding (E.g. TRILL). Editorial nits - catch next time you do a revision or as RFC editor note Page 6 in Holding time: paragraph. Old /Holding Time in the IS-IS Hellos [IS-IS] ./ New/Holding Time in the IS-IS Hellos [IS-IS]./ (note your processor added a space prior to the period.) Page 8 section 5.2 last paragraph OLD/nickname as the niknamae/ New/nickname as the nickname/ Sue Hares