Skip to main content

Directory-Assisted Transparent Interconnection of Lots of Links (TRILL) Encapsulation
RFC 8380

Yes

(Alia Atlas)

No Objection

(Alissa Cooper)
(Spencer Dawkins)
(Suresh Krishnan)

Note: This ballot was opened for revision 09 and is now closed.

Alvaro Retana (was Discuss) No Objection

Comment (2018-03-08)
[Thank you for addressing my DISCUSS!]

(Alia Atlas; former steering group member) Yes

Yes (for -09)

                            

(Alexey Melnikov; former steering group member) No Objection

No Objection (2018-03-07 for -10)
Agreeing with Alvaro's DISCUSS.

(Alissa Cooper; former steering group member) No Objection

No Objection (for -10)

                            

(Ben Campbell; former steering group member) No Objection

No Objection (2018-03-07 for -10)
I support Alvaro's DISCUSS and Kathleen's comments

(Deborah Brungard; former steering group member) No Objection

No Objection (2018-03-06 for -10)
Support comments by Alvaro and Kathleen on security aspects.

(Eric Rescorla; former steering group member) No Objection

No Objection (2018-03-07 for -10)
I support Alvaro's DISCUSS and Kathleen's comment

I also think it would be useful to emphasize the need for some security on the links between the egress and ingress nodes, although presumably that's a standard TRILL consideration.

Finally
      nodes. Such spoofing cannot cause looping traffic because TRILL has a
     hop count in the TRILL header [RFC6325] so that, should there be a
      loop, a TRILL packet caught in that loop (i.e., an encapsulated
      frame) will be discarded.

Is it in fact the case that it cannot cause looping or merely that the loop is contained by the hop count? Perhaps this is just a terminology issue and in routing loop just means infinite loop?

(Kathleen Moriarty; former steering group member) No Objection

No Objection (2018-03-03 for -09)
Thanks for your work on this document.  I'd like to see stronger language used in the security considerations section.  I'll propose edits for you to consider:

OLD:
Therefore, there could be a potential security risk
   when the TRILL-ENs are not trusted.  In addition, if the path between
   the directory and the TRILL-ENs are attacked, false mappings can be
   sent to the TRILL-EN causing packets from the TRILL-EN to be sent to
   wrong destinations, possibly violating security policy. Therefore, a
   combination of authentication and encryption should be used between
   the Directory and TRILL-EN. The entities involved will need to
   properly authenticate with each other to protect sensitive
   information.

NEW: 
   Therefore, there could be a potential security risk
   when the TRILL-ENs are not trusted or are compromised.  In addition, if the path between
   the directory and the TRILL-ENs are attacked, false mappings can be
   sent to the TRILL-EN causing packets from the TRILL-EN to be sent to
   wrong destinations, possibly violating security policy. Therefore, a
   combination of authentication and encryption is RECOMMENDED between
   the Directory and TRILL-EN. The entities involved will need to
   properly authenticate with each other, provide session encryption, maintain
   security patch levels, and configure their systems to allow minimal access and
   running processes to protect sensitive information.

(Spencer Dawkins; former steering group member) No Objection

No Objection (for -10)

                            

(Suresh Krishnan; former steering group member) No Objection

No Objection ()