[trill] Alvaro Retana's Discuss on draft-ietf-trill-directory-assisted-encap-10: (with DISCUSS)

Alvaro Retana <aretana.ietf@gmail.com> Mon, 05 March 2018 19:32 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: trill@ietf.org
Delivered-To: trill@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6204E12E03E; Mon, 5 Mar 2018 11:32:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alvaro Retana <aretana.ietf@gmail.com>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-trill-directory-assisted-encap@ietf.org, trill-chairs@ietf.org, shares@ndzh.com, trill@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.74.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152027833835.31755.10651902836786225579.idtracker@ietfa.amsl.com>
Date: Mon, 05 Mar 2018 11:32:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/xZvEj_9FtSgHSp4DnKCVxr670gc>
Subject: [trill] Alvaro Retana's Discuss on draft-ietf-trill-directory-assisted-encap-10: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 19:32:18 -0000

Alvaro Retana has entered the following ballot position for
draft-ietf-trill-directory-assisted-encap-10: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-trill-directory-assisted-encap/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

I have significant concerns about this document; as currently written, I
believe the technology is underspecified and can cause significant damage to a
DC network where it might be deployed.  I am then balloting a DISCUSS.

The document (including the security considerations) is written assuming that
the TRILL-ENs can be trusted (and are not compromised), and that the directory
information is accurate.  However, I believe there are several cases that have
been overlooked.

(1) There aren't any basic safeguards specified to at least make sure that a
TRILL-EN is doing the right thing (or something sensible).  For example, what
if the Ingress RBridge Nickname field in the TRILL header doesn't correspond to
the first rBridge at the domain boundary?  Should that frame be accepted?

(2) rfc8171 talks about issues with incorrect directory mappings.  Consider the
case where a TRILL-EN uses (on purpose!) an incorrect mapping.  That "can
result in data being delivered to the wrong end stations, or set of end
stations in the case of multi-destination packets, violating security policy."
[rfc8171]  How can this risk be mitigated?

I don't think that there are easy mitigations for these issues, but at least
mentioning them so that operators are aware of the risk would be enough to
clear this DISCUSS.