Re: [trill] Kathleen Moriarty's Discuss on draft-ietf-trill-transport-over-mpls-07: (with DISCUSS)

Hi Kathleen,

Would the following replacement Security Considerations section for
draft-ietf-trill-transport-over-mpls be adequate?

   This document specifies methods using existing standards and
   facilities in ways that do not create new security problems.

   For general VPLS security considerations, including discussion of
   isolating customers from each other, see [RFC4761] and [RFC4762].

   For transport of TRILL by Pseudowires security consideration, see
   [RFC7173]. In particular, since pseudowires are support by MPLS or IP
   which are in turn supported by a link layer, that document recommends
   using IP security or the lower link layer security.

   For added security against the compromise of data end-to-end
   encryption and authentication should be considered; that is,
   encryption and authentication from source end station to destination
   end station.

   For general TRILL security considerations, see [RFC6325].

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

On Wed, Mar 7, 2018 at 5:35 PM, Andrew G. Malis <agmalis@gmail.com> wrote:

> Kathleen,
>
> I don’t want to speak for the authors. However, I did contribute to this
> draft (although not this specific section). So that said, here’s my two
> cents ….
>
> I agree that first sentence could have been worded better, but the bottom
> line is that depending on the model used, the security considerations for
> RFC 7173, 4761, or 4762 applies, including the discussions in those RFCs on
> issues such as isolation and end-to-end security. Those RFCs are referenced
> in the security section. So the substance is already there, perhaps the
> draft just needs better pointers to it.
>
> Cheers,
> Andy
>
>
> On Wed, Mar 7, 2018 at 5:01 PM, Kathleen Moriarty <
> Kathleen.Moriarty.ietf@gmail.com> wrote:
>
>> Kathleen Moriarty has entered the following ballot position for
>> draft-ietf-trill-transport-over-mpls-07: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-trill-transport-over-mpls/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> I was very surprised to see the following in the security considerations
>> section and would like to work with you on improvements.
>>    As an informational document specifying methods that use only
>>    existing standards and facilities, this document has no effect on
>>    security.
>>
>> Having watched many TRILL documents go by in the last 4 years, we didn't
>> push
>> too hard on security in some cases as a result of the restriction to a
>> campus
>> network.  This particular document extends into multi-tenancy where there
>> are
>> certainly security considerations introduced to be able to provide
>> isolation
>> properties.  MPLS offers no security and it is being used to join TRILL
>> campuses as described int his draft.  This is done without any
>> requirement of
>> an overlay protocol to provide security - why is that the case?
>> Minimally, the
>> considerations need to be explained.  Ideally, a solution should be
>> offered to
>> protect tenants when TRILL campuses are joined.
>>
>>
>>
>>
>> _______________________________________________
>> trill mailing list
>> trill@ietf.org
>> https://www.ietf.org/mailman/listinfo/trill
>>
>
>