Re: [trill] Kathleen Moriarty's Discuss on draft-ietf-trill-transport-over-mpls-07: (with DISCUSS)

"Andrew G. Malis" <agmalis@gmail.com> Wed, 07 March 2018 22:35 UTC

Return-Path: <agmalis@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD33A12D86B; Wed, 7 Mar 2018 14:35:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEE90fV5pI_W; Wed, 7 Mar 2018 14:35:25 -0800 (PST)
Received: from mail-ot0-x232.google.com (mail-ot0-x232.google.com [IPv6:2607:f8b0:4003:c0f::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEE2E127419; Wed, 7 Mar 2018 14:35:25 -0800 (PST)
Received: by mail-ot0-x232.google.com with SMTP id 108so3645373otv.3; Wed, 07 Mar 2018 14:35:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Byyf1PKiH4ZDkvye82ypFH7/EOQqWnX77GJDsYCMBuA=; b=YhH+d8mIVkl6g2Y87kulPcmR4WbxC8Ubzmx/Z6vPGhFyLhJcywVOGAH6+LlkgIsdr5 tR84Fj6Dg+iy6dp3xLiuEOPtAPIevoSQ397tP6udCrUJgdyGnaQYt1IglozVCMfl2toF 1EIE8JpOsn77SguI7svFcTPv0bKVvLCO39cZSYrWDOiNWWekMSSK4WAsiHOpgowoFO2e ns4v/QmGTHzAdiHr9FHhim5/rY1Wrq5MdM851J8cA+qd3an56/oNsBXfi9tVxwfCaLOt 6fQYLk1eVQRs5snSxtGiwkOfmyUk7UiMD77HhQ8KYtZ0Ty7F6NBJ8+0OCl1II2hoXpve scVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Byyf1PKiH4ZDkvye82ypFH7/EOQqWnX77GJDsYCMBuA=; b=r3XOae7QnfbvNpzVEUNYGgPQ+ONMhCmefo0jTChBbg3f2Xyreb9yYN5rcJi40lQf9B q3E8tGrwDzJ6805RgNoFxQMgVnPofiri6itIZFj5qI0iLGqeEZekel8Eor6mZq6GlyWF HzsA1cB3ZaVil7/685mcVgfA64ajqyukJcFxAJtcc3QhJN6NJfY1FE7sGYPknHOnRWSg XGjSlHjilgN2JThA1wFdZjFgargVGEkfzilJ/nY7ukXhPGZcke6x0pqDMSLRzrf2Ax22 W457cLlf7WMgqkwq/7hMPonRPxAx2pttTjwui4jILVpGXRW1Pt4RSXdxuwPf95JqoeV8 nLCg==
X-Gm-Message-State: AElRT7GZFAYCEPyrAAHIOF9y5r9kSQ5i3hp9czRhDLFTia+1WjP7F/Le DvBp+4Xd8NMwGNX1HEzkzfXsrAYhoyk5wPrG6UE=
X-Google-Smtp-Source: AG47ELs0HC6RPW6r1UJDDJNPBk4Ftylqrum0K3/LXTyxMj6qN9PF7VeAXFbNGloJDYV0K4i7XgeqtQuu3eRgMFRgoxA=
X-Received: by 10.157.12.197 with SMTP id o5mr18106526otd.44.1520462125061; Wed, 07 Mar 2018 14:35:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.4.4 with HTTP; Wed, 7 Mar 2018 14:35:04 -0800 (PST)
In-Reply-To: <152046007311.21264.6753387370948470401.idtracker@ietfa.amsl.com>
References: <152046007311.21264.6753387370948470401.idtracker@ietfa.amsl.com>
From: "Andrew G. Malis" <agmalis@gmail.com>
Date: Wed, 7 Mar 2018 17:35:04 -0500
Message-ID: <CAA=duU1oeLWddg=ewEvB=uG+kD45Hg4HvAVkLsHA1xhTRi2-VA@mail.gmail.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-trill-transport-over-mpls@ietf.org, trill-chairs@ietf.org, Susan Hares <shares@ndzh.com>, trill@ietf.org
Content-Type: multipart/alternative; boundary="001a113d1af6dbdc8c0566da2cd8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/BWsuVT-G0s0kHAz6F0NPZH4YayI>
Subject: Re: [trill] Kathleen Moriarty's Discuss on draft-ietf-trill-transport-over-mpls-07: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 22:35:28 -0000

Kathleen,

I don’t want to speak for the authors. However, I did contribute to this
draft (although not this specific section). So that said, here’s my two
cents ….

I agree that first sentence could have been worded better, but the bottom
line is that depending on the model used, the security considerations for
RFC 7173, 4761, or 4762 applies, including the discussions in those RFCs on
issues such as isolation and end-to-end security. Those RFCs are referenced
in the security section. So the substance is already there, perhaps the
draft just needs better pointers to it.

Cheers,
Andy


On Wed, Mar 7, 2018 at 5:01 PM, Kathleen Moriarty <
Kathleen.Moriarty.ietf@gmail.com> wrote:

> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-trill-transport-over-mpls-07: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-trill-transport-over-mpls/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> I was very surprised to see the following in the security considerations
> section and would like to work with you on improvements.
>    As an informational document specifying methods that use only
>    existing standards and facilities, this document has no effect on
>    security.
>
> Having watched many TRILL documents go by in the last 4 years, we didn't
> push
> too hard on security in some cases as a result of the restriction to a
> campus
> network.  This particular document extends into multi-tenancy where there
> are
> certainly security considerations introduced to be able to provide
> isolation
> properties.  MPLS offers no security and it is being used to join TRILL
> campuses as described int his draft.  This is done without any requirement
> of
> an overlay protocol to provide security - why is that the case?
> Minimally, the
> considerations need to be explained.  Ideally, a solution should be
> offered to
> protect tenants when TRILL campuses are joined.
>
>
>
>
> _______________________________________________
> trill mailing list
> trill@ietf.org
> https://www.ietf.org/mailman/listinfo/trill
>