[secdir] Repeat SecDir review of draft-ietf-trill-channel-tunnel-10

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 29 July 2016 16:17 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0588812D7F2; Fri, 29 Jul 2016 09:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ibHql1aMy3Ms; Fri, 29 Jul 2016 09:17:26 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFCF712D72A; Fri, 29 Jul 2016 09:17:25 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id i5so159098116wmg.0; Fri, 29 Jul 2016 09:17:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=cvCv4iTyyhptNleSfKCRb7EJdNvOBvJK79yuvCZTx/8=; b=KBEDvihumN8WyfwGHKuStze+h3vCg9hKlY1khebd8PtyCjkjfgjIjfRpFy1pQdxTiQ D8iyn8x45wJdkYavA/JsHwvDMN9T70tDVo+VrjRud+L6IXdpj6XeIccgcn47Wxqo6PXz oqTL2hom4160YuxCuea3igA6K5rBcxGcNqmWT4CrvjghNmgZzc/QasfyEVRcydtbCnnJ WHIAV80m3WaxwCmiv0O0S64gCAK35XZbXwwI/s/cTdcc0fovfLrXl1cIESZstxP1MkUx hlP+FEvswTy0g2B6EpdyjLsALHkqU+a9iz2SNPwMafXcGXcWKatwGl+09mPvVHI12iH9 /s9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=cvCv4iTyyhptNleSfKCRb7EJdNvOBvJK79yuvCZTx/8=; b=Z/5QuxfgolNKgDxBApvrSSdjQ6ABvmQ9jQkpOHcKyfg2YyLFPUfBCI3a+xabvieU8G Bt3RIHS//HOqWf0yuaCn1QUmAzIYKHBXPoXOOX1WnIA9VPBDK2nT6wOy5cbt5DV7Hakt VBA1anIa6Nm8sOSABKJAnGyARHdgjKuyJz09AMBS4gAFjHBT/b2/SxX7KKT7KsmQov+4 z0G1LkldE98iNMlFuWBvadwAE7pGYe2JbpWZXZzeSJnzXAj8PZsQbW0oEzR6GZd0tcSo tDAnVFCdxQODj2q88vL83jSBPbR7Zm6m6i3oUfAnLMT55kwJiduudt0HwhQv5y+VJwKd piZw==
X-Gm-Message-State: AEkoouue/YMVHmUubDEo2ufP7PBMpB3LqrrPVa8jU9r6WCgvoUKK+XzDYwfvDk2PLCQuvQ==
X-Received: by 10.28.163.199 with SMTP id m190mr1975155wme.5.1469809044454; Fri, 29 Jul 2016 09:17:24 -0700 (PDT)
Received: from [10.0.0.3] (bzq-79-177-218-223.red.bezeqint.net. [79.177.218.223]) by smtp.gmail.com with ESMTPSA id 17sm3765323wmf.6.2016.07.29.09.17.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jul 2016 09:17:23 -0700 (PDT)
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: IETF Security Directorate <secdir@ietf.org>, draft-ietf-trill-channel-tunnel.all@tools.ietf.org, The IESG <iesg@ietf.org>
Message-ID: <e317471e-04e2-e360-d8d5-f29b1f895070@gmail.com>
Date: Fri, 29 Jul 2016 19:17:13 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/0dyD3nsPCs1MpZOTfcYg5RYkRTU>
Subject: [secdir] Repeat SecDir review of draft-ietf-trill-channel-tunnel-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 16:17:28 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

The document defines a way to tunnel arbitrary frames of related control 
protocols within the TRILL "channel". Most of the document (and the 
focus of this review) is about security of this tunnel.

Summary

The document is ready for publication.

Details

My early review of -07 contained numerous comments, which were all 
addressed by the authors. I would like to thank them for greatly 
improving the document's treatment of security issues.