Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)

Donald Eastlake <d3e3e3@gmail.com> Thu, 24 September 2015 03:47 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ACC31B2C8A; Wed, 23 Sep 2015 20:47:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HDpVtFoTcFwu; Wed, 23 Sep 2015 20:47:09 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DDA41B2C9B; Wed, 23 Sep 2015 20:47:09 -0700 (PDT)
Received: by obbmp4 with SMTP id mp4so49231695obb.3; Wed, 23 Sep 2015 20:47:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=KQgLx+gop6xtDdiKttBgRPbUGznTzAUAHZAF+lz7ySk=; b=SDgsqGtx2seJyP4U5YQlEsKs/h5cYmENdESiPidNvF03YfCRPfyklheUyA4d1BvuIs wmSme1K1sc0QJeaqD0o4083bB1lGikZFxS3waWLgIL0zqN7rA6GpCnSOenz0PiJCIi1A Wcdepd7BC1Drame3UtV4cbi+7+bvYJibMZ0aXHhCXsQav0fPqwKVSbZvoZjTrrOMjvrr x5IaevI9YS/UXtQmWUrYgjjKOl3r+ZfM0nv/hD3Nn3yU+kGV70AnNp2uh7P8DxtC+sff i1ab0PvA7mSkhkWBqqoTTj1S0o6RiUCE7PL32AKjQVXp4ocvzYygh4Q4Bnf3ebdt5jVu Sd0Q==
X-Received: by 10.60.118.162 with SMTP id kn2mr20745924oeb.80.1443066428443; Wed, 23 Sep 2015 20:47:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.144.65 with HTTP; Wed, 23 Sep 2015 20:46:54 -0700 (PDT)
In-Reply-To: <CAF4+nEFEJj8NyuMA2M_f0cGQLUFuYSOKg8jrYRWtzicZFSNqUA@mail.gmail.com>
References: <20150917103447.13065.86001.idtracker@ietfa.amsl.com> <CAF4+nEFEJj8NyuMA2M_f0cGQLUFuYSOKg8jrYRWtzicZFSNqUA@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 23 Sep 2015 23:46:54 -0400
Message-ID: <CAF4+nEEzG1GcYEdMj9bhS50JAsQ=LAE=qT3YnCNa-3NBdXr0eg@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/trill/D13S8FEmOBxSAdfs76h3TejXjYs>
Cc: draft-ietf-trill-pseudonode-nickname.shepherd@ietf.org, "trill-chairs@ietf.org" <trill-chairs@ietf.org>, draft-ietf-trill-pseudonode-nickname@ietf.org, The IESG <iesg@ietf.org>, "trill@ietf.org" <trill@ietf.org>, draft-ietf-trill-pseudonode-nickname.ad@ietf.org
Subject: Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 03:47:10 -0000

Hi Stephen,

Would the following change resolve your DISCUSS?

OLD
   This draft does not introduce any extra security risks. For general
   TRILL Security Considerations, see [RFC6325].

NEW
   Since currently deployed LAALPs [RFC7379] are proprietary, security
   over membership in and internal management of active-active edge
   groups is proprietary. A rogue RBridge that insinuates itself into
   an active-active edge group can disrupt end station traffic flowing
   into or out of that group. For example, if there are N RBridges in
   the group, it could typically control 1/Nth of the traffic flowing
   out of that group and a similar amount of unicast traffic flowing
   into that group.  For multi-destination traffice flowing into that
   group, it could control all that was in a VLAN for which it was DF
   and it can exercise substantial control over the DF election by
   changing its own System ID.

   For general TRILL Security Considerations, see [RFC6325].


Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com


On Thu, Sep 17, 2015 at 9:49 AM, Donald Eastlake <d3e3e3@gmail.com> wrote:
> Hi Stephen,
>
> On Thu, Sep 17, 2015 at 6:34 AM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-trill-pseudonode-nickname-06: Discuss
>>
>> ...
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-trill-pseudonode-nickname/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>>
>> I have two questions where it's not clear to me if this
>> specification does or does not introduce new vulnerabilities.
>> It could well be that it does not and these are handled
>> elsewhere, but I'm not sure so...
>>
>> (1) How is authorization for being a member of an RBv handled?
>
> Currently I think that this is out of scope because the active-active
> edge groups, each of which is represented by an RBv, are proprietary
> MC-LAG implementations with proprietary management. (See bottom of
> page 5 of RFC 7379. This draft is standardizing a TRILL campus facing
> interface for an AAE group.)
>
>> (2) If a rogue RB can add itself to an RBv can it arrange
>> things so the rogue RB becomes the DF for the RBv?  (If so,
>> that would seem to create new DoS opportunities at least.)
>
> I don't see any problem in mentioning this in the Security Considerations.
>
> Thanks,
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA
>  d3e3e3@gmail.com