Hi Eric, A -07 version of draft-ietf-trill-multilevel-unique-nickname has been posted with the intent of resolving your comment.
Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA [email protected] On Mon, Mar 12, 2018 at 11:49 PM, Donald Eastlake <[email protected]> wrote: > Hi Eric, > > On Thu, Mar 8, 2018 at 9:27 AM, Eric Rescorla <[email protected]> wrote: >> >> Eric Rescorla has entered the following ballot position for >> draft-ietf-trill-multilevel-unique-nickname-06: No Objection >> >> ... >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> In the security considerations, isn't the requirement not that you configure >> IS-IS authentication but that you actually have to require it on receipt? Or >> are these the same things. > > I must admit that the current wording just talks about inclusion of > authentication TLVs in a way which seems to leave out checking them > :-) > > The wording should be improved. > >> Even with ordinary trill, can't you just spoof a lot of announcements with >> other people's nicknames? Why is this different? > > Well, it is a bit more complex with IS-IS. It depends on just what you > try to spoof. If you spoof an announcement from some existing RBridge, > as soon as it is flooded to the claimed source RBridge that RBridge > will issue an overwritting announcement or purge. But, unless you turn > on appropriate security, there are ways to spoof announcements that > would have bad effects. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 155 Beaver Street, Milford, MA 01757 USA > [email protected] _______________________________________________ trill mailing list [email protected] https://www.ietf.org/mailman/listinfo/trill
