Skip to main content

Directory-Assisted Transparent Interconnection of Lots of Links (TRILL) Encapsulation
draft-ietf-trill-directory-assisted-encap-11

Yes

(Alia Atlas)

No Objection

(Alissa Cooper)
(Spencer Dawkins)
(Suresh Krishnan)

Note: This ballot was opened for revision 09 and is now closed.

Alia Atlas Former IESG member
Yes
Yes (for -09) Unknown

                            
Alexey Melnikov Former IESG member
No Objection
No Objection (2018-03-07 for -10) Unknown
Agreeing with Alvaro's DISCUSS.
Alissa Cooper Former IESG member
No Objection
No Objection (for -10) Unknown

                            
Alvaro Retana Former IESG member
(was Discuss) No Objection
No Objection (2018-03-08) Unknown
[Thank you for addressing my DISCUSS!]
Ben Campbell Former IESG member
No Objection
No Objection (2018-03-07 for -10) Unknown
I support Alvaro's DISCUSS and Kathleen's comments
Deborah Brungard Former IESG member
No Objection
No Objection (2018-03-06 for -10) Unknown
Support comments by Alvaro and Kathleen on security aspects.
Eric Rescorla Former IESG member
No Objection
No Objection (2018-03-07 for -10) Unknown
I support Alvaro's DISCUSS and Kathleen's comment

I also think it would be useful to emphasize the need for some security on the links between the egress and ingress nodes, although presumably that's a standard TRILL consideration.

Finally
      nodes. Such spoofing cannot cause looping traffic because TRILL has a
     hop count in the TRILL header [RFC6325] so that, should there be a
      loop, a TRILL packet caught in that loop (i.e., an encapsulated
      frame) will be discarded.

Is it in fact the case that it cannot cause looping or merely that the loop is contained by the hop count? Perhaps this is just a terminology issue and in routing loop just means infinite loop?
Kathleen Moriarty Former IESG member
No Objection
No Objection (2018-03-03 for -09) Unknown
Thanks for your work on this document.  I'd like to see stronger language used in the security considerations section.  I'll propose edits for you to consider:

OLD:
Therefore, there could be a potential security risk
   when the TRILL-ENs are not trusted.  In addition, if the path between
   the directory and the TRILL-ENs are attacked, false mappings can be
   sent to the TRILL-EN causing packets from the TRILL-EN to be sent to
   wrong destinations, possibly violating security policy. Therefore, a
   combination of authentication and encryption should be used between
   the Directory and TRILL-EN. The entities involved will need to
   properly authenticate with each other to protect sensitive
   information.

NEW: 
   Therefore, there could be a potential security risk
   when the TRILL-ENs are not trusted or are compromised.  In addition, if the path between
   the directory and the TRILL-ENs are attacked, false mappings can be
   sent to the TRILL-EN causing packets from the TRILL-EN to be sent to
   wrong destinations, possibly violating security policy. Therefore, a
   combination of authentication and encryption is RECOMMENDED between
   the Directory and TRILL-EN. The entities involved will need to
   properly authenticate with each other, provide session encryption, maintain
   security patch levels, and configure their systems to allow minimal access and
   running processes to protect sensitive information.
Spencer Dawkins Former IESG member
No Objection
No Objection (for -10) Unknown

                            
Suresh Krishnan Former IESG member
No Objection
No Objection () Unknown