[secdir] Secdir review of draft-ietf-trill-active-active-connection-prob-05

Vincent Roca <vincent.roca@inria.fr> Wed, 30 July 2014 14:14 UTC

Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F36211A005C; Wed, 30 Jul 2014 07:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.55
X-Spam-Level:
X-Spam-Status: No, score=-6.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WY0b87EYr7be; Wed, 30 Jul 2014 07:14:05 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C5291A0060; Wed, 30 Jul 2014 07:14:04 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="5.01,764,1400018400"; d="scan'208,217"; a="73357924"
Received: from geve.inrialpes.fr ([194.199.24.116]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES128-SHA; 30 Jul 2014 16:14:02 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0F04A5F2-D956-44E3-A6B6-2824D4A54B81"
Date: Wed, 30 Jul 2014 16:14:02 +0200
Message-Id: <EEA139C9-0F78-4AB9-8ABA-8B59789615DF@inria.fr>
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-trill-active-active-connection-prob@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/7hjJTm_LuAieSe9FoVAQ5ertK2I
Subject: [secdir] Secdir review of draft-ietf-trill-active-active-connection-prob-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 14:14:07 -0000

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

IMHO, the document is ready. I just have one comment:

The authors say that « as an informational overview, this draft does not
introduce any extra security risks » and explain that future documents that
specify practical solutions will detail the security aspects. They also refer to
[RFC6325] for general TRILL security considerations.

I may agree. However an informal document discussing problems and goals
that practical solutions will have to address is also a good place to discuss
general security aspects. Future documents could easily refer to this document
while going further into details. Too bad.

Cheers,

   Vincent