Re: [trill] Kathleen Moriarty's No Objection on draft-ietf-trill-irb-13: (with COMMENT)
Donald Eastlake <d3e3e3@gmail.com> Wed, 29 June 2016 22:58 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EABEA12D8DB; Wed, 29 Jun 2016 15:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYrvywpGE55j; Wed, 29 Jun 2016 15:58:09 -0700 (PDT)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 338C712D53A; Wed, 29 Jun 2016 15:58:04 -0700 (PDT)
Received: by mail-ob0-x235.google.com with SMTP id mu6so47218701obc.3; Wed, 29 Jun 2016 15:58:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RGm7hAlMCUtnaB7Zgt1dLSiw6C87PVQ5eZ6V9rnu9uY=; b=Hd1Hl9Zu6gFugVASKpMrt+SxnuLr/ORlmDY9Vc8Jb/7o5EZNGluSGaxKBBDeiwJX+8 eughA/K7qJWreKVHnIr7pEGOUzcnMLkxSHs/l0BllXLFLmH8blSjhR4u5qQonifo7/x7 vC1cERZiJqdom9bSbEII5b3rxSUaEOBj5Bw8KVY9tOhmayFhY7a+o/z1isaX+ELfNTOs 5obbvMGoDsZ+eSiVr3Sb3QvY7xbPsKf5dZWaGuh6D/Tvhk9oNaFfZ8WRBRrgqAEy5fDi 8qjJ5fiTT5Oyn3R6mOtuezs7UJUzO65K00dVO4hmWPEpVexoonXZbhcVma8yyEiBQL7P V+fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RGm7hAlMCUtnaB7Zgt1dLSiw6C87PVQ5eZ6V9rnu9uY=; b=cHtregr9kw8+dvt2qtSNH5DpxjVUrZazP+ZP3wLaytvaf/OdsGqcpgTI1uUuYDiRLT j1fVBgEu/nLz7fKZyjftoREqFi9CID21aVA4dVbulXZ3DO+aOWbasNbMQrAPaZSVje+1 f2cqnrnvn4HVYwdH3XzpXCAe1QA0rFuULbEnFhagI2VOC2tKIyWKxQ1AlGvO0LqdgUPN 2OEfpppeKEqL+YyRw/NmypRYCVJH+vvWYFcktoDQvt4URZZ7whqgpJJidxUn4YUVJ7tu VA5m+KYBvJDmX7lqq74z/THwcKeIv05TXHmdlLeKlZIh2t+7LD0djqXoJDu0Vmz/3uBu TX2w==
X-Gm-Message-State: ALyK8tJxdP/AdM9FxzUhlwjNh/vdXuupoQVp20J3HnmeKlRmPvVGkXgUF9/xHTP0Tc36nlWgrnKz/UJaOGtl0w==
X-Received: by 10.157.43.10 with SMTP id o10mr7077032otb.110.1467241083570; Wed, 29 Jun 2016 15:58:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.52.242 with HTTP; Wed, 29 Jun 2016 15:57:49 -0700 (PDT)
In-Reply-To: <20160629194308.30337.11173.idtracker@ietfa.amsl.com>
References: <20160629194308.30337.11173.idtracker@ietfa.amsl.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 29 Jun 2016 18:57:49 -0400
Message-ID: <CAF4+nEEOmuXKAsYrE1h8nrTZqejMKCm27FjVy_qi99XMDBzSzA@mail.gmail.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/ooTpXy92ebPmbzwXetgiWY232r4>
Cc: "trill-chairs@ietf.org" <trill-chairs@ietf.org>, The IESG <iesg@ietf.org>, "trill@ietf.org" <trill@ietf.org>, draft-ietf-trill-irb@ietf.org
Subject: Re: [trill] Kathleen Moriarty's No Objection on draft-ietf-trill-irb-13: (with COMMENT)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 22:58:11 -0000
Hi Kathleen, See below. On Wed, Jun 29, 2016 at 3:43 PM, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> wrote: > Kathleen Moriarty has entered the following ballot position for > draft-ietf-trill-irb-13: No Objection > > ... > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > In reading the draft and security considerations, I had the same concern > as Stephen's second point. Are there any security issues if the session > is not encrypted? I see the concern for sensitive data and that is good, > but are any exploits possible if the session is not encrypted (like on > the tenantID as Stephen asked). I am not sure what you mean by "session". Simplifying a little: there are two types of TRILL packets, TRILL IS-IS (control plane) packets and TRILL Data packets. IS-IS has an authentication feature but does not provide confidentiality. There is currently no general TRILL feature for securing TRILL Data packets. The purpose of TRILL is to provide connectivity between end stations. Those end stations are connected to the TRILL edge by Ethernet so, if supported by the TRILL edge switch Ethernet port, an end station can, for example, use MACSEC (802.1AE) to secure its connection to the TRILL edge. Also, since TRILL is mostly transparent, end stations talking to each other can use IPsec or TLS/DTLS or whatever they want to secure their conversation. (There is an incomplete personal draft that talks about link security between TRILL switches and/or between an ingress TRILL edge switch and an egress TRILL edge switch.) The Tenant ID does not normally occur in a TRILL Data packet. The tenant the packet belongs to is encoded in other ways. An adversary knowing a valid Tenant ID would mostly enable them to better forge IS-IS control PDUs where the Tenant ID does occur. But the if the network manager is not protecting the IS-IS control traffic, they presumably believe that possible problems due to forged IS-IS control traffic is not significant. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- Re: [trill] Kathleen Moriarty's No Objection on d… Donald Eastlake
- Re: [trill] Kathleen Moriarty's No Objection on d… kathleen.moriarty.ietf
- Re: [trill] Kathleen Moriarty's No Objection on d… Donald Eastlake
- [trill] Kathleen Moriarty's No Objection on draft… Kathleen Moriarty