Directory-Assisted Transparent Interconnection of Lots of Links (TRILL) Encapsulation
RFC 8380
Yes
No Objection
Note: This ballot was opened for revision 09 and is now closed.
Alvaro Retana (was Discuss) No Objection
[Thank you for addressing my DISCUSS!]
(Alia Atlas; former steering group member) Yes
(Alexey Melnikov; former steering group member) No Objection
Agreeing with Alvaro's DISCUSS.
(Alissa Cooper; former steering group member) No Objection
(Ben Campbell; former steering group member) No Objection
I support Alvaro's DISCUSS and Kathleen's comments
(Deborah Brungard; former steering group member) No Objection
Support comments by Alvaro and Kathleen on security aspects.
(Eric Rescorla; former steering group member) No Objection
I support Alvaro's DISCUSS and Kathleen's comment
I also think it would be useful to emphasize the need for some security on the links between the egress and ingress nodes, although presumably that's a standard TRILL consideration.
Finally
nodes. Such spoofing cannot cause looping traffic because TRILL has a
hop count in the TRILL header [RFC6325] so that, should there be a
loop, a TRILL packet caught in that loop (i.e., an encapsulated
frame) will be discarded.
Is it in fact the case that it cannot cause looping or merely that the loop is contained by the hop count? Perhaps this is just a terminology issue and in routing loop just means infinite loop?
(Kathleen Moriarty; former steering group member) No Objection
Thanks for your work on this document. I'd like to see stronger language used in the security considerations section. I'll propose edits for you to consider: OLD: Therefore, there could be a potential security risk when the TRILL-ENs are not trusted. In addition, if the path between the directory and the TRILL-ENs are attacked, false mappings can be sent to the TRILL-EN causing packets from the TRILL-EN to be sent to wrong destinations, possibly violating security policy. Therefore, a combination of authentication and encryption should be used between the Directory and TRILL-EN. The entities involved will need to properly authenticate with each other to protect sensitive information. NEW: Therefore, there could be a potential security risk when the TRILL-ENs are not trusted or are compromised. In addition, if the path between the directory and the TRILL-ENs are attacked, false mappings can be sent to the TRILL-EN causing packets from the TRILL-EN to be sent to wrong destinations, possibly violating security policy. Therefore, a combination of authentication and encryption is RECOMMENDED between the Directory and TRILL-EN. The entities involved will need to properly authenticate with each other, provide session encryption, maintain security patch levels, and configure their systems to allow minimal access and running processes to protect sensitive information.
(Spencer Dawkins; former steering group member) No Objection
(Suresh Krishnan; former steering group member) No Objection