Hi Donald, Thanks for your quick response, inline.
Sent from my iPhone > On Jun 29, 2016, at 6:57 PM, Donald Eastlake <[email protected]> wrote: > > Hi Kathleen, > > See below. > > On Wed, Jun 29, 2016 at 3:43 PM, Kathleen Moriarty > <[email protected]> wrote: >> Kathleen Moriarty has entered the following ballot position for >> draft-ietf-trill-irb-13: No Objection >> >> ... >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> In reading the draft and security considerations, I had the same concern >> as Stephen's second point. Are there any security issues if the session >> is not encrypted? I see the concern for sensitive data and that is good, >> but are any exploits possible if the session is not encrypted (like on >> the tenantID as Stephen asked). > > I am not sure what you mean by "session". > Thanks for the response below, it's helpful, but my question was keyed off of the text in the security considerations section that says, "Particularly sensitive data should be encrypted end-to-end, ..." No method was specified in this section, but below you do say IPsec and other session based encryption protocols are possible. My question was to understand if there are security reasons why encryption should be used in addition to data confidentiality for completeness in this section. Thank you, Kathleen > Simplifying a little: there are two types of TRILL packets, TRILL > IS-IS (control plane) packets and TRILL Data packets. IS-IS has an > authentication feature but does not provide confidentiality. There is > currently no general TRILL feature for securing TRILL Data packets. > > The purpose of TRILL is to provide connectivity between end stations. > Those end stations are connected to the TRILL edge by Ethernet so, if > supported by the TRILL edge switch Ethernet port, an end station can, > for example, use MACSEC (802.1AE) to secure its connection to the > TRILL edge. Also, since TRILL is mostly transparent, end stations > talking to each other can use IPsec or TLS/DTLS or whatever they want > to secure their conversation. (There is an incomplete personal draft > that talks about link security between TRILL switches and/or between > an ingress TRILL edge switch and an egress TRILL edge switch.) > > The Tenant ID does not normally occur in a TRILL Data packet. The > tenant the packet belongs to is encoded in other ways. An adversary > knowing a valid Tenant ID would mostly enable them to better forge > IS-IS control PDUs where the Tenant ID does occur. But the if the > network manager is not protecting the IS-IS control traffic, they > presumably believe that possible problems due to forged IS-IS control > traffic is not significant. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 155 Beaver Street, Milford, MA 01757 USA > [email protected] _______________________________________________ trill mailing list [email protected] https://www.ietf.org/mailman/listinfo/trill
