I don’t want to speak for the authors. However, I did contribute to this
draft (although not this specific section). So that said, here’s my two
cents ….

I agree that first sentence could have been worded better, but the bottom
line is that depending on the model used, the security considerations for
RFC 7173, 4761, or 4762 applies, including the discussions in those RFCs on
issues such as isolation and end-to-end security. Those RFCs are referenced
in the security section. So the substance is already there, perhaps the
draft just needs better pointers to it.


On Wed, Mar 7, 2018 at 5:01 PM, Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:

> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-trill-transport-over-mpls-07: Discuss
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-trill-transport-over-mpls/
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> I was very surprised to see the following in the security considerations
> section and would like to work with you on improvements.
>    As an informational document specifying methods that use only
>    existing standards and facilities, this document has no effect on
>    security.
> Having watched many TRILL documents go by in the last 4 years, we didn't
> push
> too hard on security in some cases as a result of the restriction to a
> campus
> network.  This particular document extends into multi-tenancy where there
> are
> certainly security considerations introduced to be able to provide
> isolation
> properties.  MPLS offers no security and it is being used to join TRILL
> campuses as described int his draft.  This is done without any requirement
> of
> an overlay protocol to provide security - why is that the case?
> Minimally, the
> considerations need to be explained.  Ideally, a solution should be
> offered to
> protect tenants when TRILL campuses are joined.
> _______________________________________________
> trill mailing list
> trill@ietf.org
> https://www.ietf.org/mailman/listinfo/trill
trill mailing list

Reply via email to