Re: [trill] Kathleen Moriarty's No Objection on draft-ietf-trill-irb-13: (with COMMENT)

Donald Eastlake <> Wed, 29 June 2016 22:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EABEA12D8DB; Wed, 29 Jun 2016 15:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tYrvywpGE55j; Wed, 29 Jun 2016 15:58:09 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 338C712D53A; Wed, 29 Jun 2016 15:58:04 -0700 (PDT)
Received: by with SMTP id mu6so47218701obc.3; Wed, 29 Jun 2016 15:58:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RGm7hAlMCUtnaB7Zgt1dLSiw6C87PVQ5eZ6V9rnu9uY=; b=Hd1Hl9Zu6gFugVASKpMrt+SxnuLr/ORlmDY9Vc8Jb/7o5EZNGluSGaxKBBDeiwJX+8 eughA/K7qJWreKVHnIr7pEGOUzcnMLkxSHs/l0BllXLFLmH8blSjhR4u5qQonifo7/x7 vC1cERZiJqdom9bSbEII5b3rxSUaEOBj5Bw8KVY9tOhmayFhY7a+o/z1isaX+ELfNTOs 5obbvMGoDsZ+eSiVr3Sb3QvY7xbPsKf5dZWaGuh6D/Tvhk9oNaFfZ8WRBRrgqAEy5fDi 8qjJ5fiTT5Oyn3R6mOtuezs7UJUzO65K00dVO4hmWPEpVexoonXZbhcVma8yyEiBQL7P V+fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RGm7hAlMCUtnaB7Zgt1dLSiw6C87PVQ5eZ6V9rnu9uY=; b=cHtregr9kw8+dvt2qtSNH5DpxjVUrZazP+ZP3wLaytvaf/OdsGqcpgTI1uUuYDiRLT j1fVBgEu/nLz7fKZyjftoREqFi9CID21aVA4dVbulXZ3DO+aOWbasNbMQrAPaZSVje+1 f2cqnrnvn4HVYwdH3XzpXCAe1QA0rFuULbEnFhagI2VOC2tKIyWKxQ1AlGvO0LqdgUPN 2OEfpppeKEqL+YyRw/NmypRYCVJH+vvWYFcktoDQvt4URZZ7whqgpJJidxUn4YUVJ7tu VA5m+KYBvJDmX7lqq74z/THwcKeIv05TXHmdlLeKlZIh2t+7LD0djqXoJDu0Vmz/3uBu TX2w==
X-Gm-Message-State: ALyK8tJxdP/AdM9FxzUhlwjNh/vdXuupoQVp20J3HnmeKlRmPvVGkXgUF9/xHTP0Tc36nlWgrnKz/UJaOGtl0w==
X-Received: by with SMTP id o10mr7077032otb.110.1467241083570; Wed, 29 Jun 2016 15:58:03 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 29 Jun 2016 15:57:49 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Donald Eastlake <>
Date: Wed, 29 Jun 2016 18:57:49 -0400
Message-ID: <>
To: Kathleen Moriarty <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: "" <>, The IESG <>, "" <>,
Subject: Re: [trill] Kathleen Moriarty's No Objection on draft-ietf-trill-irb-13: (with COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Developing a hybrid router/bridge." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 Jun 2016 22:58:11 -0000

Hi Kathleen,

See below.

On Wed, Jun 29, 2016 at 3:43 PM, Kathleen Moriarty
<> wrote:
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-trill-irb-13: No Objection
> ...
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> In reading the draft and security considerations, I had the same concern
> as Stephen's second point.  Are there any security issues if the session
> is not encrypted? I see the concern for sensitive data and that is good,
> but are any exploits possible if the session is not encrypted (like on
> the tenantID as Stephen asked).

I am not sure what you mean by "session".

Simplifying a little: there are two types of TRILL packets, TRILL
IS-IS (control plane) packets and TRILL Data packets. IS-IS has an
authentication feature but does not provide confidentiality. There is
currently no general TRILL feature for securing TRILL Data packets.

The purpose of TRILL is to provide connectivity between end stations.
Those end stations are connected to the TRILL edge by Ethernet so, if
supported by the TRILL edge switch Ethernet port, an end station can,
for example, use MACSEC (802.1AE) to secure its connection to the
TRILL edge. Also, since TRILL is mostly transparent, end stations
talking to each other can use IPsec or TLS/DTLS or whatever they want
to secure their conversation. (There is an incomplete personal draft
that talks about link security between TRILL switches and/or between
an ingress TRILL edge switch and an egress TRILL edge switch.)

The Tenant ID does not normally occur in a TRILL Data packet. The
tenant the packet belongs to is encoded in other ways. An adversary
knowing a valid Tenant ID would mostly enable them to better forge
IS-IS control PDUs where the Tenant ID does occur. But the if the
network manager is not protecting the IS-IS control traffic, they
presumably believe that possible problems due to forged IS-IS control
traffic is not significant.

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA