Re: [trill] draft-ietf-trill-o-pw comments
Donald Eastlake <d3e3e3@gmail.com> Tue, 26 November 2013 21:52 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A59A1ADF64 for <trill@ietfa.amsl.com>; Tue, 26 Nov 2013 13:52:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWmPevnzZioG for <trill@ietfa.amsl.com>; Tue, 26 Nov 2013 13:52:25 -0800 (PST)
Received: from mail-oa0-x232.google.com (mail-oa0-x232.google.com [IPv6:2607:f8b0:4003:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1BE1ACC89 for <trill@ietf.org>; Tue, 26 Nov 2013 13:52:25 -0800 (PST)
Received: by mail-oa0-f50.google.com with SMTP id n16so6807896oag.9 for <trill@ietf.org>; Tue, 26 Nov 2013 13:52:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=QYyzbA55YDbcBBlI1DA7hltL+19oay232rPedliIVrk=; b=ImccoSg5rXu4DnaT4SgEsRJnxNsXvKn3VwpnFH5nuciJs5CXQPD8n7nvey3J8HDah3 QPMkqn6v7kBMnRZoxpkRuV8XgODMWfJdr1kJGI05eEFXOiE6gSNDiy0HA7gcWVQt1n64 6G75Mo76pZhKMhaZhKuie0k6jKr8w76Yq1c1g4zJQdZBcc3bvCiMbwdx1VNfqeNbnyuR 0fpd+amUL6is4gpnfG/NULZN1x543iS3XTt5TgXQqgVUnOeqOp0F/KZwoGOlA13rKv2Z 90FcTs7SoZpc7Mq0RswMGEvA1mpkePsaJVDRJ0pMRuaHBUTZ+HrQU9OaLGno3xYAgov9 IJrA==
X-Received: by 10.60.145.207 with SMTP id sw15mr12669876oeb.38.1385502745179; Tue, 26 Nov 2013 13:52:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.33.102 with HTTP; Tue, 26 Nov 2013 13:52:04 -0800 (PST)
In-Reply-To: <52938AC0.5060901@acm.org>
References: <52938AC0.5060901@acm.org>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 26 Nov 2013 16:52:04 -0500
Message-ID: <CAF4+nEGxbc-as6bZ5TNXoLGoYCsZtSxO7f7Ws4=PpohdaVgkBQ@mail.gmail.com>
To: Erik Nordmark <nordmark@acm.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "trill@ietf.org" <trill@ietf.org>
Subject: Re: [trill] draft-ietf-trill-o-pw comments
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 21:52:28 -0000
Hi Erik, Replying as an author: On Mon, Nov 25, 2013 at 12:37 PM, Erik Nordmark <nordmark@acm.org> wrote: > > I've reviewed the document before writing up the PROTO. > A few requests for clarifications. > > The two packet formats include a specific bit pattern: > | PPP Header 0x005d | 2 octets > > | PPP Header 0x405d | 2 octets > > For the un-initiated it would make sense to add a reference in the text > below the figures. Something like "The PPP Header (0x005d and 0x405d > respectively) is the header for data frames and IS-IS packets as specified > in RFC XXX". (Or something in that vein.) OK. > In security considerations we have > For security considerations introduced by carrying PPP TRILL links > over pseudowires, see [RFC3985]. > I assume RFC 3985 doesn't talk about TRILL - but about PPP in general. Thus > it would be more clear if we drop "TRILL" from that sentence. Actually, RFC 3985 is not PPP specific but talks about the risks generally introduced by sending protocols that previously assumed a local point-to-point link on a pseudo wire built on a packet switched network. So I suggest replacing "For security considerations introduced by carrying PPP TRILL links over pseudowires, see [RFC3985]." with "For security considerations introduced by carrying PPP TRILL links over pseudowires, see [RFC3985] which discusses the risks introduced by sending protocols that previously assumed a point-to-point link on a pseudo wire built on a packet switched network (PSN)." > The 3rd paragraph starts with > Not all implementations need to include specific security mechanisms > at the pseudowire layer ... > Is this a relaxation of the general PW security requirements? Or merely > re-stating the stance for security for PW? It would make sense to spell that > out in the document. That paragraph is an edit of the following paragraph that appears in the Security Considerations section of RFC 6361 on TRILL over PPP: Not all implementations need to include specific security mechanisms at the PPP layer, for example if they are designed to be deployed only in cases where the networking environment is trusted or where other layers provide adequate security. A complete enumeration of possible deployment scenarios and associated threats and options is not possible and is outside the scope of this document. For applications involving sensitive data, end-to-end security should always be considered in addition to link security to provide security in depth. I think the paragraph is just talking about the range of security environments and PWE3 TRILL transport uses, that in some cases you don't need to worry so much about it while in others you should also be using end station to end station security no matter how good you think your PWE3 security is. I also think it would be better if "... implementations need to include ..." was replaced by "... deployments need to use ..." or something like that. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com > Erik
- [trill] draft-ietf-trill-o-pw comments Erik Nordmark
- Re: [trill] draft-ietf-trill-o-pw comments Donald Eastlake
- Re: [trill] draft-ietf-trill-o-pw comments Erik Nordmark
- Re: [trill] draft-ietf-trill-o-pw comments Donald Eastlake