Re: [secdir] Secdir review of draft-ietf-isis-trill
Sam Hartman <hartmans-ietf@mit.edu> Sat, 18 December 2010 03:44 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 074C63A6A25; Fri, 17 Dec 2010 19:44:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.819
X-Spam-Level:
X-Spam-Status: No, score=-102.819 tagged_above=-999 required=5 tests=[AWL=-0.554, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Je7mDA3J24w6; Fri, 17 Dec 2010 19:44:21 -0800 (PST)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 571933A699C; Fri, 17 Dec 2010 19:44:20 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 4A37A2013D; Fri, 17 Dec 2010 22:45:02 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 49D1F4060; Fri, 17 Dec 2010 22:45:54 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Erik Nordmark <nordmark@acm.org>
References: <tslipywbakv.fsf@mit.edu> <tsl4oac15m0.fsf@mit.edu> <4D0BDDC0.6060201@acm.org>
Date: Fri, 17 Dec 2010 22:45:54 -0500
In-Reply-To: <4D0BDDC0.6060201@acm.org> (Erik Nordmark's message of "Fri, 17 Dec 2010 14:01:36 -0800")
Message-ID: <tsl7hf7zqtp.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: draft-ietf-isis-trill@tools.ietf.org, Sam Hartman <hartmans-ietf@mit.edu>, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-isis-trill
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Dec 2010 03:44:22 -0000
>>>>> "Erik" == Erik Nordmark <nordmark@acm.org> writes: Erik> Adding just this sentence to draft-ietf-isis-trill (the code Erik> point document) seems odd. Your comment is really a comment on Erik> the security of IS-IS, and not specific to TRILL and unrelated Erik> to the code points. I don't care much where the text goes. I'm happy if you provide an rfc editor note for draft-ietf-trill-rbridge-protocol if you like that approach better. However, as I read draft-ietf-isis-trill, it defines the interface between TRILL and IS-IS. In my mind, that's where the security consideration appears. You're re-using a component that isn't up to our current standards--we know that; we're working on it in KARP. However in doing that, you need to document the security considerations for your protocol. Since you have a document that specifically is the interface between your protocol and the component you are re-using,that seems like the best place to do the documentation work. however, in decreasing order of priority, I want to call out my concern that we need to be far more careful about what we expect in terms of security from future work we charter and that we should document the specific interactions between IS-IS and TRILL. While I have expressed an opinion above on where I think that documentation should go, feel free to put it where you think is most correct.
- [secdir] Secdir review of draft-ietf-isis-trill Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Adrian Farrel
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Erik Nordmark
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Donald Eastlake
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Donald Eastlake
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Sam Hartman
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Stewart Bryant
- Re: [secdir] Secdir review of draft-ietf-isis-tri… Donald Eastlake