Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)

Donald Eastlake <d3e3e3@gmail.com> Thu, 24 September 2015 20:26 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 998011ACD0C; Thu, 24 Sep 2015 13:26:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YHKqTVg3Fe5W; Thu, 24 Sep 2015 13:26:15 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFE2C1ACD03; Thu, 24 Sep 2015 13:26:15 -0700 (PDT)
Received: by oibi136 with SMTP id i136so48130141oib.3; Thu, 24 Sep 2015 13:26:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=xBqKSmQXCjf5bI0ktnzb0DDYGb5yXg+Ps89TuZHF2Sg=; b=AfWmlvDuRfbGgmgfmikw/cDaD79YkoTN2PUJ2XqGXwW4q8SNbW2TVMqanXdgBwKdkP DUfw9fmfRGsiQtz0IUSbwmbLBtKw+KHQZ/xs+0ElV+FPO3TklgbwzIeRtspzDi/mxBNB ttwpbOMUdJgO1vnuQ0uoTHhDXzzMaz3f16rLatubphMrTT9O6oJTv1iqOrtUdgNA7YeL XfdNjpaYuRxPrWsNXCMn1RZ0tdfFkcrJMedxy3OYg4G47I8KVMJFMx8+882jWQcwwavq n3VYMVveHAW+PLy5LpOV+UVAK9fsvtsCbzep4zUg2OkquqzAnL4R0CrNEup+tVssS7s8 OOOQ==
X-Received: by 10.202.68.215 with SMTP id r206mr919487oia.87.1443126375033; Thu, 24 Sep 2015 13:26:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.144.65 with HTTP; Thu, 24 Sep 2015 13:26:00 -0700 (PDT)
In-Reply-To: <5603D746.5000803@cs.tcd.ie>
References: <20150917103447.13065.86001.idtracker@ietfa.amsl.com> <CAF4+nEFEJj8NyuMA2M_f0cGQLUFuYSOKg8jrYRWtzicZFSNqUA@mail.gmail.com> <CAF4+nEEzG1GcYEdMj9bhS50JAsQ=LAE=qT3YnCNa-3NBdXr0eg@mail.gmail.com> <5603D746.5000803@cs.tcd.ie>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 24 Sep 2015 16:26:00 -0400
Message-ID: <CAF4+nEH3Rs2w1MstJCVqc0c=tGZCncan-9pb3kiVd_qO5TGG9A@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/trill/N2uW8jUOxv6zsLLaLssmsg7KJbY>
Cc: draft-ietf-trill-pseudonode-nickname@ietf.org, "trill-chairs@ietf.org" <trill-chairs@ietf.org>, The IESG <iesg@ietf.org>, "trill@ietf.org" <trill@ietf.org>, draft-ietf-trill-pseudonode-nickname.ad@ietf.org
Subject: Re: [trill] Stephen Farrell's Discuss on draft-ietf-trill-pseudonode-nickname-06: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 20:26:18 -0000

Hi Stephen,

On Thu, Sep 24, 2015 at 6:58 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
> Hi Don,
>
> Yes, that'd do the job. If there were any sensible pointers
> to the kind of proprietary things folks do (e.g. in some
> workshop paper or product documentation) then that might be
> useful, but I can imagine there might not be.

I'm not aware of such write-ups.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

> Thanks,
> S.
>
> On 24/09/15 04:46, Donald Eastlake wrote:
>> Hi Stephen,
>>
>> Would the following change resolve your DISCUSS?
>>
>> OLD
>>    This draft does not introduce any extra security risks. For general
>>    TRILL Security Considerations, see [RFC6325].
>>
>> NEW
>>    Since currently deployed LAALPs [RFC7379] are proprietary, security
>>    over membership in and internal management of active-active edge
>>    groups is proprietary. A rogue RBridge that insinuates itself into
>>    an active-active edge group can disrupt end station traffic flowing
>>    into or out of that group. For example, if there are N RBridges in
>>    the group, it could typically control 1/Nth of the traffic flowing
>>    out of that group and a similar amount of unicast traffic flowing
>>    into that group.  For multi-destination traffice flowing into that
>>    group, it could control all that was in a VLAN for which it was DF
>>    and it can exercise substantial control over the DF election by
>>    changing its own System ID.
>>
>>    For general TRILL Security Considerations, see [RFC6325].
>>
>>
>> Thanks,
>> Donald
>> =============================
>>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>>  155 Beaver Street, Milford, MA 01757 USA
>>  d3e3e3@gmail.com
>>
>>
>> On Thu, Sep 17, 2015 at 9:49 AM, Donald Eastlake <d3e3e3@gmail.com> wrote:
>>> Hi Stephen,
>>>
>>> On Thu, Sep 17, 2015 at 6:34 AM, Stephen Farrell
>>> <stephen.farrell@cs.tcd.ie> wrote:
>>>> Stephen Farrell has entered the following ballot position for
>>>> draft-ietf-trill-pseudonode-nickname-06: Discuss
>>>>
>>>> ...
>>>>
>>>> The document, along with other ballot positions, can be found here:
>>>> https://datatracker.ietf.org/doc/draft-ietf-trill-pseudonode-nickname/
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>> DISCUSS:
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>>> I have two questions where it's not clear to me if this
>>>> specification does or does not introduce new vulnerabilities.
>>>> It could well be that it does not and these are handled
>>>> elsewhere, but I'm not sure so...
>>>>
>>>> (1) How is authorization for being a member of an RBv handled?
>>>
>>> Currently I think that this is out of scope because the active-active
>>> edge groups, each of which is represented by an RBv, are proprietary
>>> MC-LAG implementations with proprietary management. (See bottom of
>>> page 5 of RFC 7379. This draft is standardizing a TRILL campus facing
>>> interface for an AAE group.)
>>>
>>>> (2) If a rogue RB can add itself to an RBv can it arrange
>>>> things so the rogue RB becomes the DF for the RBv?  (If so,
>>>> that would seem to create new DoS opportunities at least.)
>>>
>>> I don't see any problem in mentioning this in the Security Considerations.
>>>
>>> Thanks,
>>> Donald
>>> =============================
>>>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>>>  155 Beaver Street, Milford, MA 01757 USA
>>>  d3e3e3@gmail.com