[secdir] Review of draft-ietf-isis-rfc6326bis-01

Shawn M Emery <shawn.emery@oracle.com> Tue, 21 January 2014 18:08 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6894F1A0180; Tue, 21 Jan 2014 10:08:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.735
X-Spam-Status: No, score=-4.735 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id utleH3r8vzUP; Tue, 21 Jan 2014 10:08:10 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com []) by ietfa.amsl.com (Postfix) with ESMTP id 766221A011D; Tue, 21 Jan 2014 10:08:10 -0800 (PST)
Received: from acsinet22.oracle.com (acsinet22.oracle.com []) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0LI87u1015796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 21 Jan 2014 18:08:09 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com []) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0LI86X5025894 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 21 Jan 2014 18:08:07 GMT
Received: from abhmp0017.oracle.com (abhmp0017.oracle.com []) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0LI86BC017807; Tue, 21 Jan 2014 18:08:06 GMT
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 21 Jan 2014 10:08:05 -0800
Message-ID: <52DEB7D6.6050308@oracle.com>
Date: Tue, 21 Jan 2014 11:09:26 -0700
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20131203 Thunderbird/17.0.6
MIME-Version: 1.0
To: secdir@ietf.org
References: <526F612D.1020005@oracle.com>
In-Reply-To: <526F612D.1020005@oracle.com>
Content-Type: multipart/alternative; boundary="------------070007080705080201000805"
X-Source-IP: acsinet22.oracle.com []
Cc: draft-ietf-isis-rfc6326bis.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-isis-rfc6326bis-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 18:08:12 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This internet-draft intends to obsolete RFC 6326, which describes Transparent Interconnection
of Lots of Links (TRILL) Use ofIntermediate System to Intermediate System (IS-IS).

The security considerations section does exist and refers to the TRILL base protocol, RFC
6325, for its guidance.  The section then states that the draft introduces no new security
considerations when using IS-IS given that IS-IS authentication (as specified in RFC 5304 and 5310)
can be used to secure its protocol messaging specified in the draft.  I believe that this is true
and don't see any other security concerns from what has been outlined and the changes from the base

General comments:


Editorial comments: