Re: [trill] Alvaro Retana's Discuss on draft-ietf-trill-directory-assisted-encap-10: (with DISCUSS)
Donald Eastlake <d3e3e3@gmail.com> Mon, 05 March 2018 20:27 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B30D1124B18;
Mon, 5 Mar 2018 12:27:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25,
FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id yqEWnXSdVN6D; Mon, 5 Mar 2018 12:27:43 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com
[IPv6:2607:f8b0:4001:c06::230])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 4AED01204DA;
Mon, 5 Mar 2018 12:27:43 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id e30so19435061ioc.3;
Mon, 05 Mar 2018 12:27:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=dF4BzvnOUHFdsPg6mVxKYbSDEwdZwTQqBsNYHR/fqrc=;
b=Izfvfe50+mBY2h1tK0CDaDi7JU5yQ7wnMdCTkk7x+fI/psTZZSyQgJaME/LWKseYc/
mLdoXmaMc+stxFBSDDGn9uebmehLSodwmhRMHHNlUOzzlETXfgJw/Z2wmYHPtSlX3g7I
/0x5mImxWNu+TMoBPRCyoNX41+/uJGxKDnLcbqtNYllD8HY4r0trYCLiUEpNE1qBTcnT
kM4G5G0mUuugtKevR3m0rHSKJyplnK7FX49dN7PETz05ZFAXWThuFp80e+SZQFSFoHkD
XgGcZPjpPplj6vzPRwhHyjVSIaz2rmi0nD9pIo8FAkbTULmH3JipEoG2L3SwxzdCnlXK
GnzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=dF4BzvnOUHFdsPg6mVxKYbSDEwdZwTQqBsNYHR/fqrc=;
b=kmv+ksnc9Jt5Ta/UkN0m95CHPTMJWhXNS+IHCxRbUFf8vMDbLz6Ca0O6otG0ihlqwz
n7ZrOdd0PlI+mKSo+mSTp4GYhFyky7kvARPSgubvW0AsZvyjdgXpRnDqQAD2fqKKqyiU
fxAOZ2pXVAali4HQTuVaL9rDFjUpPxaorBAnKKce75fF3ltgNCcUEqnXrwz70LRd+tGY
OsCDpwfFtGFIKKDfXKCFmVosH6yFfG0blbkAUf5SO+sS+9wi11knAvy9EgWAnBOZkhK3
T4ikGES5YsQpOid5wWM9YQ/ZkTZU0f7g0PzMXQMS/vteRZ/pwrJmiDgq9ijiyclJJcHd
YB9w==
X-Gm-Message-State: APf1xPA0qhWxdOqlzhJpBdS+nuerv0LP5sPdHmBjRjBeWWQkTi//YOKF
IhAtHBYXuNm44gAZjhIj3rTFr6IHxoQ+kurQ1cc=
X-Google-Smtp-Source: AG47ELtDTnQjjdztbOMZDP45ZBETp2T9cXN4ic+C2IbgZu1mCYKWW/hQ+YIKq3lNX9Kjzwox9MjqllMzDzkerRwD6J8=
X-Received: by 10.107.36.204 with SMTP id k195mr18268357iok.131.1520281662449;
Mon, 05 Mar 2018 12:27:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.58.193 with HTTP; Mon, 5 Mar 2018 12:27:26 -0800 (PST)
In-Reply-To: <152027833835.31755.10651902836786225579.idtracker@ietfa.amsl.com>
References: <152027833835.31755.10651902836786225579.idtracker@ietfa.amsl.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Mon, 5 Mar 2018 15:27:26 -0500
Message-ID: <CAF4+nEGAvefBS3HpKYeV2bSwhwSkLL=1xH4+kUh6yK4eq=Nu-g@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>,
draft-ietf-trill-directory-assisted-encap@ietf.org,
trill-chairs@ietf.org, Susan Hares <shares@ndzh.com>,
trill IETF mailing list <trill@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/fR_fSd7qsrsr2-6Ze_cLTHS9OAQ>
Subject: Re: [trill] Alvaro Retana's Discuss on
draft-ietf-trill-directory-assisted-encap-10: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>,
<mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>,
<mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 20:27:45 -0000
Hi Alvaro, On Mon, Mar 5, 2018 at 2:32 PM, Alvaro Retana <aretana.ietf@gmail.com> wrote: > Alvaro Retana has entered the following ballot position for > draft-ietf-trill-directory-assisted-encap-10: Discuss > > ... > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I have significant concerns about this document; as currently written, I > believe the technology is underspecified and can cause significant damage to a > DC network where it might be deployed. I am then balloting a DISCUSS. > > The document (including the security considerations) is written assuming that > the TRILL-ENs can be trusted (and are not compromised), and that the directory > information is accurate. However, I believe there are several cases that have > been overlooked. > > (1) There aren't any basic safeguards specified to at least make sure that a > TRILL-EN is doing the right thing (or something sensible). For example, what > if the Ingress RBridge Nickname field in the TRILL header doesn't correspond to > the first rBridge at the domain boundary? Should that frame be accepted? This concern doesn't seem very different from the general insecurity of Layer 2. If a link has no TRILL router adjacencies, then I guess it it reasonable to check that the ingress nickname is that of the receiving RBridge but it gets harder if you have a mixed link with both end stations and TRILL routers (probably rare in deployments but, on the other hand, in TRILL a "link" can be a bridged LAN...). > (2) rfc8171 talks about issues with incorrect directory mappings. Consider the > case where a TRILL-EN uses (on purpose!) an incorrect mapping. That "can > result in data being delivered to the wrong end stations, or set of end > stations in the case of multi-destination packets, violating security policy." > [rfc8171] How can this risk be mitigated? I'm not sure how using "an incorrect mapping" is that different from just using whatever nicknames it feels like... > I don't think that there are easy mitigations for these issues, but at least > mentioning them so that operators are aware of the risk would be enough to > clear this DISCUSS. It is certainly reasonable to mention these. One possible mitigation is the use of end-to-end encryption. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [trill] Alvaro Retana's Discuss on draft-ietf-tri… Alvaro Retana
- Re: [trill] Alvaro Retana's Discuss on draft-ietf… Donald Eastlake
- Re: [trill] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [trill] Alvaro Retana's Discuss on draft-ietf… Susan Hares
- Re: [trill] Alvaro Retana's Discuss on draft-ietf… Donald Eastlake
- Re: [trill] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [trill] Alvaro Retana's Discuss on draft-ietf… Susan Hares