Re: [trill] Eric Rescorla's No Objection on draft-ietf-trill-multilevel-unique-nickname-06: (with COMMENT)
Donald Eastlake <d3e3e3@gmail.com> Tue, 13 March 2018 03:49 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC1D012946D; Mon, 12 Mar 2018 20:49:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_jMejvQNYHk; Mon, 12 Mar 2018 20:49:17 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50B2C124B18; Mon, 12 Mar 2018 20:49:17 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id e7so14048441ioj.1; Mon, 12 Mar 2018 20:49:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TQtz9Y70rVJ1vpIReOcs8PPiQ5BnyfXFJd88Jl7xi70=; b=PrFLhZMulqpx+DJV4ChY1f6Bj9ck/Y9SLrPV4mTyZ+PBC3SjXC/ii8TXeC30QRgMoH xG3rBEk105YSPCYgNQNtlGoNrJjot3l3103bc1Yb8aHDOIHGmKqE3uhI4XfzhpBrRhvL oI2XkxHbFx8Yiywd/fqPhvIXDS3FXOhKGFPzIxrdT0RNmVqXg7wF4M6UAbXyAx5nqxBX fy11h8IizNTV7FgDY0hWxrokbBCMZmAcglxlDZs/Crgz0jpjNtsGlld2sEJH6NKQM6JE H8BwuRv2Bw1EhSdoJyE6KCtPhw6yATh/iGEdpGyNWx4E6ZSfjOBXdvpvPvYAVx9q9hp2 e7tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TQtz9Y70rVJ1vpIReOcs8PPiQ5BnyfXFJd88Jl7xi70=; b=LTjZMXqYHHSQdKtCd6BSkMKLAFOQPm4Nm+ASr45XQ6TrZuDxqgUpmjv01MkgeTaNq5 nvs/uICFuAlxzNmluRshYEBBWmx0QI3R5biG0fxgylBCKZOwbTGxTUwqFn+M9Brn19+c 8EoeH8yPcRpBKsGLS3/rF/jJANoVlY1aT8vwR6hPGoBUg+RibiOStcLKC+Be6P3QDAzK 2rxtbracZfX0LpWWtpYkVR2Ae2SwEjuk7mugswKWacTrmAUXkZZGinip9moFjomdDIXt 29gcaubuw67cbAz482LEmk4QisEpFe0MoakIPXL1N4/rNzNMZTgZpHAE1LQiiJYOMAfm KG5w==
X-Gm-Message-State: AElRT7Gpp4sKv0iqmWokCo+j9VRI/uHay/lb9DFU3FH4/Pk7xsDL150J yYYjliZntPG5Nk7h97Efms7gYmTGxhn+tdhh7Jg=
X-Google-Smtp-Source: AG47ELtC3SegrRv0j/o1a7j/JmPhAlJuIuH9PC4WuzYbTJ3v2ERjWUyhomQeTucQu8u75PJY0OuDIKBg+szHKfuXT7M=
X-Received: by 10.107.89.13 with SMTP id n13mr11382080iob.154.1520912956548; Mon, 12 Mar 2018 20:49:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.58.193 with HTTP; Mon, 12 Mar 2018 20:49:01 -0700 (PDT)
In-Reply-To: <152051924756.14030.3477983788221569043.idtracker@ietfa.amsl.com>
References: <152051924756.14030.3477983788221569043.idtracker@ietfa.amsl.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Mon, 12 Mar 2018 23:49:01 -0400
Message-ID: <CAF4+nEF1KCUDoQ1yuZpdTkA8zMQW6iKgH_K5sF2FwcY_SM74mw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-trill-multilevel-unique-nickname@ietf.org, Susan Hares <shares@ndzh.com>, trill-chairs@ietf.org, trill IETF mailing list <trill@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/DmDcYoabNREAe81gN2YaS7He2n8>
Subject: Re: [trill] Eric Rescorla's No Objection on draft-ietf-trill-multilevel-unique-nickname-06: (with COMMENT)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 03:49:19 -0000
Hi Eric, On Thu, Mar 8, 2018 at 9:27 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > Eric Rescorla has entered the following ballot position for > draft-ietf-trill-multilevel-unique-nickname-06: No Objection > > ... > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > In the security considerations, isn't the requirement not that you configure > IS-IS authentication but that you actually have to require it on receipt? Or > are these the same things. I must admit that the current wording just talks about inclusion of authentication TLVs in a way which seems to leave out checking them :-) The wording should be improved. > Even with ordinary trill, can't you just spoof a lot of announcements with > other people's nicknames? Why is this different? Well, it is a bit more complex with IS-IS. It depends on just what you try to spoof. If you spoof an announcement from some existing RBridge, as soon as it is flooded to the claimed source RBridge that RBridge will issue an overwritting announcement or purge. But, unless you turn on appropriate security, there are ways to spoof announcements that would have bad effects. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [trill] Eric Rescorla's No Objection on draft-iet… Eric Rescorla
- Re: [trill] Eric Rescorla's No Objection on draft… Donald Eastlake
- Re: [trill] Eric Rescorla's No Objection on draft… Donald Eastlake