Hi Eric, On Thu, Mar 8, 2018 at 9:27 AM, Eric Rescorla <[email protected]> wrote: > > Eric Rescorla has entered the following ballot position for > draft-ietf-trill-multilevel-unique-nickname-06: No Objection > > ... > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > In the security considerations, isn't the requirement not that you configure > IS-IS authentication but that you actually have to require it on receipt? Or > are these the same things.
I must admit that the current wording just talks about inclusion of authentication TLVs in a way which seems to leave out checking them :-) The wording should be improved. > Even with ordinary trill, can't you just spoof a lot of announcements with > other people's nicknames? Why is this different? Well, it is a bit more complex with IS-IS. It depends on just what you try to spoof. If you spoof an announcement from some existing RBridge, as soon as it is flooded to the claimed source RBridge that RBridge will issue an overwritting announcement or purge. But, unless you turn on appropriate security, there are ways to spoof announcements that would have bad effects. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA [email protected] _______________________________________________ trill mailing list [email protected] https://www.ietf.org/mailman/listinfo/trill
