Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 24 September 2015 20:27 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4F6A1ACD3E; Thu, 24 Sep 2015 13:27:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-0A275iB-Vd; Thu, 24 Sep 2015 13:27:22 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FFE41ACD38; Thu, 24 Sep 2015 13:27:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 877CFBE51; Thu, 24 Sep 2015 21:27:20 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ObKNoLM17TLn; Thu, 24 Sep 2015 21:27:19 +0100 (IST)
Received: from [10.20.20.115] (ip-64-134-179-76.public.wayport.net [64.134.179.76]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 738A0BE3F; Thu, 24 Sep 2015 21:27:17 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1443126438; bh=y5tEDQH3hoxaTxpubL/1cLY7oYD2z/zw20Zs6MVgpGw=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=b7U2+vc506CQAYp60JpGc0n7udH6bcH3Bje5mnXuvOVJRcf7Yynj06PQWzgYIqavE ugGyfB6V268fX3LEuQHXhlwkDgcAsWqILVyj3v0J8ce4ANLce5q2CQl0NbSeoC+16j BUsliwAqzGGIZs+LzAxM1TiDrYBxc4odbnUp7ffc=
To: Donald Eastlake <d3e3e3@gmail.com>
References: <20150917103447.13065.86001.idtracker@ietfa.amsl.com> <CAF4+nEFEJj8NyuMA2M_f0cGQLUFuYSOKg8jrYRWtzicZFSNqUA@mail.gmail.com> <CAF4+nEEzG1GcYEdMj9bhS50JAsQ=LAE=qT3YnCNa-3NBdXr0eg@mail.gmail.com> <5603D746.5000803@cs.tcd.ie> <CAF4+nEH3Rs2w1MstJCVqc0c=tGZCncan-9pb3kiVd_qO5TGG9A@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56045CA4.8090600@cs.tcd.ie>
Date: Thu, 24 Sep 2015 21:27:16 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <CAF4+nEH3Rs2w1MstJCVqc0c=tGZCncan-9pb3kiVd_qO5TGG9A@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/trill/4E881N-UHAJqHd6QrdclIcYa6EQ>
Cc: draft-ietf-trill-pseudonode-nickname.ad@ietf.org, draft-ietf-trill-pseudonode-nickname@ietf.org, "trill-chairs@ietf.org" <trill-chairs@ietf.org>, The IESG <iesg@ietf.org>, "trill@ietf.org" <trill@ietf.org>
Subject: Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 20:27:25 -0000


On 24/09/15 21:26, Donald Eastlake wrote:
> Hi Stephen,
> 
> On Thu, Sep 24, 2015 at 6:58 AM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
>>
>> Hi Don,
>>
>> Yes, that'd do the job. If there were any sensible pointers
>> to the kind of proprietary things folks do (e.g. in some
>> workshop paper or product documentation) then that might be
>> useful, but I can imagine there might not be.
> 
> I'm not aware of such write-ups.

Fair enough, wasn't meant as a blocking comment anyway, so
I'm fine to clear with your suggested change.

S
g

> 
> Thanks,
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA
>  d3e3e3@gmail.com
> 
>> Thanks,
>> S.
>>
>> On 24/09/15 04:46, Donald Eastlake wrote:
>>> Hi Stephen,
>>>
>>> Would the following change resolve your DISCUSS?
>>>
>>> OLD
>>>    This draft does not introduce any extra security risks. For general
>>>    TRILL Security Considerations, see [RFC6325].
>>>
>>> NEW
>>>    Since currently deployed LAALPs [RFC7379] are proprietary, security
>>>    over membership in and internal management of active-active edge
>>>    groups is proprietary. A rogue RBridge that insinuates itself into
>>>    an active-active edge group can disrupt end station traffic flowing
>>>    into or out of that group. For example, if there are N RBridges in
>>>    the group, it could typically control 1/Nth of the traffic flowing
>>>    out of that group and a similar amount of unicast traffic flowing
>>>    into that group.  For multi-destination traffice flowing into that
>>>    group, it could control all that was in a VLAN for which it was DF
>>>    and it can exercise substantial control over the DF election by
>>>    changing its own System ID.
>>>
>>>    For general TRILL Security Considerations, see [RFC6325].
>>>
>>>
>>> Thanks,
>>> Donald
>>> =============================
>>>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>>>  155 Beaver Street, Milford, MA 01757 USA
>>>  d3e3e3@gmail.com
>>>
>>>
>>> On Thu, Sep 17, 2015 at 9:49 AM, Donald Eastlake <d3e3e3@gmail.com> wrote:
>>>> Hi Stephen,
>>>>
>>>> On Thu, Sep 17, 2015 at 6:34 AM, Stephen Farrell
>>>> <stephen.farrell@cs.tcd.ie> wrote:
>>>>> Stephen Farrell has entered the following ballot position for
>>>>> draft-ietf-trill-pseudonode-nickname-06: Discuss
>>>>>
>>>>> ...
>>>>>
>>>>> The document, along with other ballot positions, can be found here:
>>>>> https://datatracker.ietf.org/doc/draft-ietf-trill-pseudonode-nickname/
>>>>>
>>>>>
>>>>>
>>>>> ----------------------------------------------------------------------
>>>>> DISCUSS:
>>>>> ----------------------------------------------------------------------
>>>>>
>>>>>
>>>>> I have two questions where it's not clear to me if this
>>>>> specification does or does not introduce new vulnerabilities.
>>>>> It could well be that it does not and these are handled
>>>>> elsewhere, but I'm not sure so...
>>>>>
>>>>> (1) How is authorization for being a member of an RBv handled?
>>>>
>>>> Currently I think that this is out of scope because the active-active
>>>> edge groups, each of which is represented by an RBv, are proprietary
>>>> MC-LAG implementations with proprietary management. (See bottom of
>>>> page 5 of RFC 7379. This draft is standardizing a TRILL campus facing
>>>> interface for an AAE group.)
>>>>
>>>>> (2) If a rogue RB can add itself to an RBv can it arrange
>>>>> things so the rogue RB becomes the DF for the RBv?  (If so,
>>>>> that would seem to create new DoS opportunities at least.)
>>>>
>>>> I don't see any problem in mentioning this in the Security Considerations.
>>>>
>>>> Thanks,
>>>> Donald
>>>> =============================
>>>>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>>>>  155 Beaver Street, Milford, MA 01757 USA
>>>>  d3e3e3@gmail.com
>