Hi Kathleen, Thanks for you comment, which seems like a reasonable suggestion. We have uploaded a -10 with that change and also a typo fix.
Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Sat, Mar 3, 2018 at 3:05 PM, Kathleen Moriarty < kathleen.moriarty.i...@gmail.com> wrote: > Kathleen Moriarty has entered the following ballot position for > draft-ietf-trill-directory-assisted-encap-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-trill- > directory-assisted-encap/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for your work on this document. I'd like to see stronger language > used > in the security considerations section. I'll propose edits for you to > consider: > > OLD: > Therefore, there could be a potential security risk > when the TRILL-ENs are not trusted. In addition, if the path between > the directory and the TRILL-ENs are attacked, false mappings can be > sent to the TRILL-EN causing packets from the TRILL-EN to be sent to > wrong destinations, possibly violating security policy. Therefore, a > combination of authentication and encryption should be used between > the Directory and TRILL-EN. The entities involved will need to > properly authenticate with each other to protect sensitive > information. > > NEW: > Therefore, there could be a potential security risk > when the TRILL-ENs are not trusted or are compromised. In addition, if > the > path between the directory and the TRILL-ENs are attacked, false > mappings > can be sent to the TRILL-EN causing packets from the TRILL-EN to be > sent to > wrong destinations, possibly violating security policy. Therefore, a > combination of authentication and encryption is RECOMMENDED between the > Directory and TRILL-EN. The entities involved will need to properly > authenticate with each other, provide session encryption, maintain > security > patch levels, and configure their systems to allow minimal access and > running processes to protect sensitive information. > > >
_______________________________________________ trill mailing list trill@ietf.org https://www.ietf.org/mailman/listinfo/trill