Hi Stephen, Thanks for the comments. See below.
On Wed, Jun 29, 2016 at 8:04 AM, Stephen Farrell <[email protected]> wrote: > Stephen Farrell has entered the following ballot position for > draft-ietf-trill-irb-13: No Objection > > ... > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > - section 5: The tenant ID is sometimes described as "globally > unique" and sometimes (in 5.2) as "throughout the campus." The > latter seems likely correct to me. (As an aside, is this document > the first to introduce that concept to TRILL?) Yes, it should be unique within the TRILL campus. > - section 8: If IS-IS security is not actually used, (is that the > current deployment reality btw?) and if I can guess a tenant ID then > what new mischief can happen? If there is some, then perhaps you > ought recommend that tenant ID's be randomly selected within the > campus? (I see you use "1" in the example, which is pretty easy to > guess:-) I think one could argue that that (and maybe more) ought be > covered in section 8, if the current deployment reality is that no > crypto is actually used to protect most IS-IS traffic. Is it? My impression is that IS-IS security is not used in a majority of cases. The importance of this depends on a lot of factors such as how tightly managed the routing area is, the security of the links between routers, etc. Without link (RBridge-to-adjacent-RBridge) security or edge-to-edge (ingress-RBridge-to-egress-RBridge), obfuscating Tenant IDs provides only limited protection against off path attackers but I agree it would be reasonable to mention it. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA [email protected] _______________________________________________ trill mailing list [email protected] https://www.ietf.org/mailman/listinfo/trill
