Re: [secdir] secdir review of draft-ietf-trill-rbridge-protocol-14

Donald Eastlake <d3e3e3@gmail.com> Mon, 11 January 2010 11:46 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3174B3A69DF; Mon, 11 Jan 2010 03:46:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.293
X-Spam-Level:
X-Spam-Status: No, score=-2.293 tagged_above=-999 required=5 tests=[AWL=0.305, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AufwpcaZ9nRF; Mon, 11 Jan 2010 03:46:31 -0800 (PST)
Received: from mail-ew0-f214.google.com (mail-ew0-f214.google.com [209.85.219.214]) by core3.amsl.com (Postfix) with ESMTP id D8F133A685B; Mon, 11 Jan 2010 03:46:30 -0800 (PST)
Received: by ewy6 with SMTP id 6so21838334ewy.29 for <multiple recipients>; Mon, 11 Jan 2010 03:46:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=obxTSWnBYeQ0KasW9kQP1c5lzGDw5PA8jhgiXWaCrMw=; b=ZDDHvLPBLuOOLszl8AqNlH9Wtm69rzjo1h0FsA6jVirq6IegnQdLpbdRC/XDqaa/Gj 9npD9vUX5SqjIFJ+WBrVPtiS351F5SU+WJMWB+muhSfdcTk3QpSRPaWXPhb0TdbYtUoa uOfDmUv1mcx208pmYbckoy8pbmBVh4tY+uUuo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=AtgJthwBsHFZGE+n6xBmUHytbGhp3smCQ/Y0oZWLpmDjgis7kXdCIh2aIRd7dEYOYA W7Aw9RiTDM7pwP05BLAQrSV1xHDMOnX6MKBJailq6FnfhEm0c5sgX1nemTpHNrVR9bdI ijxRmcYYzzxOF4MSrYps4Z+82KDH1gBclITWM=
MIME-Version: 1.0
Received: by 10.216.90.21 with SMTP id d21mr1779262wef.85.1263210385374; Mon, 11 Jan 2010 03:46:25 -0800 (PST)
In-Reply-To: <C770213C.7A2C%stefan@aaa-sec.com>
References: <C770213C.7A2C%stefan@aaa-sec.com>
Date: Mon, 11 Jan 2010 06:46:25 -0500
Message-ID: <1028365c1001110346q539ce61ag9515e27d27cb1322@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
To: Stefan Santesson <stefan@aaa-sec.com>
Content-Type: multipart/alternative; boundary=0016e6d77fa04bfdc0047ce216f6
Cc: Silvano Gai <sgai@cisco.com>, secdir@ietf.org, Erik Nordmark <erik.nordmark@sun.com>, Dinesh Dutt <ddutt@cisco.com>, Anoop Ghanwani <anoop@brocade.com>, Radia Perlman <Radia.Perlman@sun.com>, iesg@ietf.org, Ralph Droms <rdroms@cisco.com>
Subject: Re: [secdir] secdir review of draft-ietf-trill-rbridge-protocol-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2010 11:46:32 -0000

Thanks for the review,
Donald
=============================
Donald E. Eastlake 3rd   +1-508-634-2066 (home)
155 Beaver Street
Milford, MA 01757 USA
d3e3e3@gmail.com


On Sun, Jan 10, 2010 at 6:28 PM, Stefan Santesson <stefan@aaa-sec.com>wrote;wrote:

>  I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
>  These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
>
> I have limited my review to security related issues and whether the
> document have a reasonable security considerations section.
> I have not reviewed the technical content of the document.
>
> The document seems sound form a security perspective. The security
> considerations section is clear on the fact layer 2 bridging is not
> inherently secure but appears to make a reasonable job at describing
> guidance on how to address various security issues related to this protocol.
>
> I find no major issues that the security ADs should be aware of.
>
> /Stefan
>