Re: [secdir] Secdir review of draft-ietf-isis-trill

Sam Hartman <hartmans-ietf@mit.edu> Sat, 18 December 2010 03:44 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 074C63A6A25; Fri, 17 Dec 2010 19:44:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.819
X-Spam-Level:
X-Spam-Status: No, score=-102.819 tagged_above=-999 required=5 tests=[AWL=-0.554, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Je7mDA3J24w6; Fri, 17 Dec 2010 19:44:21 -0800 (PST)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 571933A699C; Fri, 17 Dec 2010 19:44:20 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 4A37A2013D; Fri, 17 Dec 2010 22:45:02 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 49D1F4060; Fri, 17 Dec 2010 22:45:54 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Erik Nordmark <nordmark@acm.org>
References: <tslipywbakv.fsf@mit.edu> <tsl4oac15m0.fsf@mit.edu> <4D0BDDC0.6060201@acm.org>
Date: Fri, 17 Dec 2010 22:45:54 -0500
In-Reply-To: <4D0BDDC0.6060201@acm.org> (Erik Nordmark's message of "Fri, 17 Dec 2010 14:01:36 -0800")
Message-ID: <tsl7hf7zqtp.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: draft-ietf-isis-trill@tools.ietf.org, Sam Hartman <hartmans-ietf@mit.edu>, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-isis-trill
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Dec 2010 03:44:22 -0000

>>>>> "Erik" == Erik Nordmark <nordmark@acm.org> writes:


    Erik> Adding just this sentence to draft-ietf-isis-trill (the code
    Erik> point document) seems odd. Your comment is really a comment on
    Erik> the security of IS-IS, and not specific to TRILL and unrelated
    Erik> to the code points.


I don't care much where the text goes.  I'm happy if you provide an rfc
editor note for draft-ietf-trill-rbridge-protocol if you like that
approach better.  However, as I read draft-ietf-isis-trill, it defines
the interface between TRILL and IS-IS.  In my mind, that's where the
security consideration appears.  You're re-using a component that isn't
up to our current standards--we know that; we're working on it in
KARP. However in doing that, you need to document the security
considerations for your protocol.  Since you have a document that
specifically is the interface between your protocol and the component
you are re-using,that seems like the best place to do the documentation
work.

however, in decreasing order of priority, I want to call out my concern
that we need to be far more careful about what we expect in terms of
security from future work we charter and that we should document the
specific interactions between IS-IS and TRILL.  While I have expressed
an opinion above on where I think that documentation should go, feel
free to put it where you think is most correct.