On Fri, Apr 4, 2014 at 8:08 AM, Douglas Otis <[email protected]> wrote: > > On Apr 4, 2014, at 6:10 AM, Don Sturek <[email protected]> wrote: > > Hi Douglas, > > As one who follows the WG and having a keen interest in homenet solutions, > I fail to see how TRILL addresses the homenet problem set. > > Producing a flat L2 architecture and then trying to set up specific > service filters to contain the traffic seems like an L3 problem to me. > > Claiming that L3 does not address "security threats" is not a reason to > use TRILL since I would imagine setting "specific service filters" in > TRILL would have the same issues (and without the existing IETF L3 > security solutions we already have) > > Don > > > Dear Don, > > Typical home networks could use link-local addresses for all internal > devices without the filtering concern that effects enterprise level > deployments.
The day that spanning tree or trill works well over wireless 802.11, 802.14, lte, etc will be the day that I start thinking it's suitable for home use. If the DCB folk were to try implementing their stuff on 802.11 in particular, with it's 1mbit/sec multicast rate, perhaps we would come to a meeting of the minds. > In addition, the mDNS to DNS proxy scheme expects routable > addresses and rather ugly name conversion and base domain assignments > ignored in proposed specifications. They are, at least, consistent. > In comparison, Rbridge which can be introduced incrementally, permits > continued use of link-local addressing and firewalls to avoid a difficult > task of assessing network boundaries. Devices using default mDNS names > would not suddenly become indirectly visible and various network enabled > displays that handle HDCP media still function within the home. Service discovery and service access are different things. I don't mind (that much) if some larger subset of people than I really want can see that a resource such as "TRACI LORDS PR0N COLLECTION" exists on the network, so long only the right people can actually access it. [1] But others may. The scope of announcing that something exists may well need to be restricted somehow. > > Even if Rbridge is not a viable solution, I would still request that we look > at the security impact of any proposal - even if it is just in the form of a > BCP that would be useful for deployment. I agree that security needs to be looked at harder in homenet and dnssd. I fail to see how rbridge solves anything from a security perspective if you have home/guest lans, or any other natural division of link layer technologies. Please implement rbridge support over a busy wireless lan and get back to us. > > Regards, > Douglas Otis > [1] Yes, I've seen a resource announced like this. When mounted, it contained an admonishment to not do illegal things, and a bunch of pointers to things like: http://en.wikipedia.org/wiki/Great_Tit > > > > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet > -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
