[secdir] Review of draft-ietf-trill-irb-13

Shawn M Emery <shawn.emery@oracle.com> Mon, 27 June 2016 06:03 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 864C212B01D for <secdir@ietfa.amsl.com>; Sun, 26 Jun 2016 23:03:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nP0hi-1q_IVm for <secdir@ietfa.amsl.com>; Sun, 26 Jun 2016 23:03:27 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AA5B12B029 for <secdir@ietf.org>; Sun, 26 Jun 2016 23:03:27 -0700 (PDT)
Received: from userv0022.oracle.com (userv0022.oracle.com []) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u5R63OX7021814 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 27 Jun 2016 06:03:24 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com []) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u5R63Msj020957 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 27 Jun 2016 06:03:24 GMT
Received: from abhmp0008.oracle.com (abhmp0008.oracle.com []) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u5R63LEP025676; Mon, 27 Jun 2016 06:03:22 GMT
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 26 Jun 2016 23:03:21 -0700
References: <5729944D.4040403@oracle.com>
To: secdir@ietf.org
From: Shawn M Emery <shawn.emery@oracle.com>
X-Forwarded-Message-Id: <5729944D.4040403@oracle.com>
Message-ID: <5770C231.9060301@oracle.com>
Date: Mon, 27 Jun 2016 00:05:37 -0600
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <5729944D.4040403@oracle.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: userv0022.oracle.com []
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Cy0cVKMh2ZmfWunlnAIfSmp9DNI>
Cc: draft-ietf-trill-irb.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-trill-irb-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2016 06:03:28 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies layer 3 (inter-subnet) gateway messaging of the
TRILL (Transparent Interconnection of Lots of Links) protocol.

The security considerations section does exist and refers to Intermediate
System to Intermediate System (IS-IS) authentication (RFC 5310) for securing
information advertised by Routing Bridges.  For generic TRILL security the
draft refers to RFC 6325.  For sensitive data, it prescribes end-to-end
security, but does not reference or provide details on how this is done in
a layer 3 deployment.

General comments:


Editorial comments:

Does TRILL and FGL need to be expanded in the Abstract and Introduction section, respectively?
I think it would be helpful to describe the "Inner.VLAN" syntax used throughout the document.
s/that belong to same/that belong to the same/
s/VLANs in entire/VLANs in the entire/
s/optimal pair-wise forwarding path/optimal pair-wise forwarding paths/
s/check the Inner.MacDA/checks the Inner.MacDA/
s/tenant gateway MAC change/tenant gateway MAC changes,/
s/Zhenbin Li, Zhibo Hu./Zhenbin Li, and Zhibo Hu./