I have some memory that someone responded that this wasn't a security requirement, but I can't find that now.
-Ekr On Sat, Sep 9, 2017 at 11:35 AM, Eric Rescorla <[email protected]> wrote: > Eric Rescorla has entered the following ballot position for > draft-ietf-bess-evpn-etree-13: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-etree/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > It's not clear to me if the prohibition on leaf-to-leaf communications is > intended to be a security requirement. If so, it seems like it needs to > explicitly state why it is not possible for ACs which are leaf to pretend > to be > root. If not, then it should say so. Additionally, this solution appears to > rely very heavily on filtering, so I believe some text about what happens > during periods of filtering inconsistency (and what the impact on the > security > is). > > > > >
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
