Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 24 September 2015 10:58 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75A0D1A1A2D; Thu, 24 Sep 2015 03:58:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3BqetYB5WG6; Thu, 24 Sep 2015 03:58:24 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED0A71A034C; Thu, 24 Sep 2015 03:58:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 22495BE53; Thu, 24 Sep 2015 11:58:22 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M9xTIRwBkW9j; Thu, 24 Sep 2015 11:58:20 +0100 (IST)
Received: from [10.1.185.4] (50-207-235-101-static.hfc.comcastbusiness.net [50.207.235.101]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8A696BE57; Thu, 24 Sep 2015 11:58:15 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1443092300; bh=KgAJWcAY3gbcmIrquKlIdrSNSknZAlM0D8MI3JcZBAo=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=XiYRjtkGNw4YPMDHdqAwRgyHBm+eiHO8bGq/r5MacoguyumC53ByNM6jBVJ5NoTuR UkYfiEG6vSvIPXVxg1IgzWohmYNW0j6yvvDiJDW8MQ2tw3iFQGcaFng4KtzLmnNHb/ WMEoZdo/CmlUySXKllGcAjAvfE5nyOtPFS2+kGvc=
To: Donald Eastlake <d3e3e3@gmail.com>
References: <20150917103447.13065.86001.idtracker@ietfa.amsl.com> <CAF4+nEFEJj8NyuMA2M_f0cGQLUFuYSOKg8jrYRWtzicZFSNqUA@mail.gmail.com> <CAF4+nEEzG1GcYEdMj9bhS50JAsQ=LAE=qT3YnCNa-3NBdXr0eg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5603D746.5000803@cs.tcd.ie>
Date: Thu, 24 Sep 2015 11:58:14 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <CAF4+nEEzG1GcYEdMj9bhS50JAsQ=LAE=qT3YnCNa-3NBdXr0eg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/trill/FOJDaC1cXKuN9B0hRbnVkyrJoOc>
Cc: draft-ietf-trill-pseudonode-nickname.shepherd@ietf.org, "trill-chairs@ietf.org" <trill-chairs@ietf.org>, draft-ietf-trill-pseudonode-nickname@ietf.org, The IESG <iesg@ietf.org>, "trill@ietf.org" <trill@ietf.org>, draft-ietf-trill-pseudonode-nickname.ad@ietf.org
Subject: Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 10:58:26 -0000

Hi Don,

Yes, that'd do the job. If there were any sensible pointers
to the kind of proprietary things folks do (e.g. in some
workshop paper or product documentation) then that might be
useful, but I can imagine there might not be.

Thanks,
S.

On 24/09/15 04:46, Donald Eastlake wrote:
> Hi Stephen,
> 
> Would the following change resolve your DISCUSS?
> 
> OLD
>    This draft does not introduce any extra security risks. For general
>    TRILL Security Considerations, see [RFC6325].
> 
> NEW
>    Since currently deployed LAALPs [RFC7379] are proprietary, security
>    over membership in and internal management of active-active edge
>    groups is proprietary. A rogue RBridge that insinuates itself into
>    an active-active edge group can disrupt end station traffic flowing
>    into or out of that group. For example, if there are N RBridges in
>    the group, it could typically control 1/Nth of the traffic flowing
>    out of that group and a similar amount of unicast traffic flowing
>    into that group.  For multi-destination traffice flowing into that
>    group, it could control all that was in a VLAN for which it was DF
>    and it can exercise substantial control over the DF election by
>    changing its own System ID.
> 
>    For general TRILL Security Considerations, see [RFC6325].
> 
> 
> Thanks,
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA
>  d3e3e3@gmail.com
> 
> 
> On Thu, Sep 17, 2015 at 9:49 AM, Donald Eastlake <d3e3e3@gmail.com> wrote:
>> Hi Stephen,
>>
>> On Thu, Sep 17, 2015 at 6:34 AM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote:
>>> Stephen Farrell has entered the following ballot position for
>>> draft-ietf-trill-pseudonode-nickname-06: Discuss
>>>
>>> ...
>>>
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-trill-pseudonode-nickname/
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>> DISCUSS:
>>> ----------------------------------------------------------------------
>>>
>>>
>>> I have two questions where it's not clear to me if this
>>> specification does or does not introduce new vulnerabilities.
>>> It could well be that it does not and these are handled
>>> elsewhere, but I'm not sure so...
>>>
>>> (1) How is authorization for being a member of an RBv handled?
>>
>> Currently I think that this is out of scope because the active-active
>> edge groups, each of which is represented by an RBv, are proprietary
>> MC-LAG implementations with proprietary management. (See bottom of
>> page 5 of RFC 7379. This draft is standardizing a TRILL campus facing
>> interface for an AAE group.)
>>
>>> (2) If a rogue RB can add itself to an RBv can it arrange
>>> things so the rogue RB becomes the DF for the RBv?  (If so,
>>> that would seem to create new DoS opportunities at least.)
>>
>> I don't see any problem in mentioning this in the Security Considerations.
>>
>> Thanks,
>> Donald
>> =============================
>>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>>  155 Beaver Street, Milford, MA 01757 USA
>>  d3e3e3@gmail.com