Re: [saag] SEC-DIR QA review of draft-ietf-trill-channel-tunnel-07.txt

"Susan Hares" <shares@ndzh.com> Wed, 19 August 2015 01:03 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C7BF1A2130 for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 18:03:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.054
X-Spam-Level:
X-Spam-Status: No, score=-99.054 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xus-8rohj21O for <saag@ietfa.amsl.com>; Tue, 18 Aug 2015 18:03:21 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C27731A21A0 for <saag@ietf.org>; Tue, 18 Aug 2015 18:03:20 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.218.207;
From: "Susan Hares" <shares@ndzh.com>
To: <saag@ietf.org>
References:
In-Reply-To:
Date: Tue, 18 Aug 2015 21:03:18 -0400
Message-ID: <01cb01d0da1a$d652f470$82f8dd50$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01CC_01D0D9F9.4F45E850"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGdftgYrTxMM4fgXu6G1IsGfy/Iip55KD4Q
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/1ifHCXCg4xLxcWW1ALg7wHjltSI>
Cc: 'Jon Hudson' <jon.hudson@gmail.com>
Subject: Re: [saag] SEC-DIR QA review of draft-ietf-trill-channel-tunnel-07.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 01:03:23 -0000

Saag: 

 

Would you review following four drafts from TRILL which create a new
directory service mechanism for IP/MAC address mappings?   In you QA review,
would  determine if the security mechanisms in this IP address/MAC Address
have: good security mechanisms and meet the privacy concerns? 

 

These 4 drafts are in the process of Routing QA reviews and IANA Reviews
(where appropriate).   

 

1)       TRILL: Edge Directory Assist Mechanisms: This draft provides the
overview of the TRILL directory mechanisms.  These mechanisms aim at
reducing multi-destination traffic, particularly ARP/ND and unknown unicast
flooding. It can also be used to detect traffic with forged source
addresses.

 

Routing QA review on draft-trill-directory-assist-mechanisms-03.txt
https://mailarchive.ietf.org/arch/msg/trill/9QMAY54iiheEzFOKPLdv59QdA7M

 

Note:  Draft has not been revised to handle these comments. 

 

2)       draft-ietf-trill-arp-optimization - This draft describes how reduce
ARP/ND traffic within a TRILL Campus by the following mechanisms: a)
learning MAC/IP addresses maping via ISIS application sub-TLVor b) getting
IP/MAC addresses from directory services (push/pull).  This draft gives step
by step instructions on the mechanisms. 

 

Routing QA review:
http://www.ietf.org/mail-archive/web/rtg-dir/current/msg02606.html

 

Note: Draft has not been revised to handle these comments. 

 

3)        draft-ietf-trill-channel-tunnel-07.txt on your QA review: The
TRILL directory mechanisms have push/pull mechanisms.  The
draft-ietf-trill-channel-tunnel draft is needed to provide a mechanism to
secure pull directory messages.  Push directory messages are IS-IS PDUs so
these drafts can use IS-IS authentication.

 

4)      draft-ietf-trill-ia-appsubtlv-05:  This draft reports of addresses
for TRILL interfaces in ISIS application sub-TLV (reduces/replaces need for
ARP/ND )

 

Note: No Routing QA Review yet (awaiting review) 

 

 

Thank you, 

 

Sue Hares 

TRILL-co-chair and document shepherd for this group.