Re: [secdir] secdir review of draft-ietf-trill-directory-framework-06

Donald Eastlake <d3e3e3@gmail.com> Thu, 08 August 2013 02:01 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C965B11E80D5; Wed, 7 Aug 2013 19:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.475
X-Spam-Level:
X-Spam-Status: No, score=-102.475 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fy+iZs1bBk1v; Wed, 7 Aug 2013 19:01:42 -0700 (PDT)
Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 3EEFF11E80E0; Wed, 7 Aug 2013 19:01:42 -0700 (PDT)
Received: by mail-ob0-f170.google.com with SMTP id eh20so4806723obb.29 for <multiple recipients>; Wed, 07 Aug 2013 19:01:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=t45rkniN28FJOZeoQ5rsaZsCNPiqWYGLZPO6IEy4Vx8=; b=i6secMlq3gS9iOuyMouts40i3NwZaceigRWLB3OuEu8NByrUIbzlO3pCs5EKkRlZoM ZZQ/VAvb8eqHYGJh6Xoaw22XsAXOhvKZOySva0eJ+FK0c8iP641Bw9WIvMplFu4pGV5j ggNFYOKrPFI+QtOFgCnWG3Zpcxv+fzLJT2xyNcIk3WEu8OAP7J64clZcPBcsLFIa32Wu mzDqgM7f5TGSiNwpjZJ9xksv/XLVw886eKDfxb8PCpJPOqbpalPsYqnGHKdn2WuNlBkp c2WnI71NhGmogCqcD0K+vmO8ryqt9CuXnkcfb9/1ClVXoUPMz6FTS9WrfoB6NuyFDOBv RApA==
X-Received: by 10.60.124.14 with SMTP id me14mr2753618oeb.4.1375927301745; Wed, 07 Aug 2013 19:01:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.131.7 with HTTP; Wed, 7 Aug 2013 19:01:21 -0700 (PDT)
In-Reply-To: <00fa8fdba33644e2970788cd2a0aee64@BL2PR03MB592.namprd03.prod.outlook.com>
References: <00fa8fdba33644e2970788cd2a0aee64@BL2PR03MB592.namprd03.prod.outlook.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 7 Aug 2013 22:01:21 -0400
Message-ID: <CAF4+nEHXMm_tmmk8rZ8SF=atoKJNPFvtDxE1F2XNpO7vBxawjQ@mail.gmail.com>
To: Charlie Kaufman <charliek@microsoft.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Cc: "draft-ietf-trill-directory-framework.all@tools.ietf.org" <draft-ietf-trill-directory-framework.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-trill-directory-framework-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 02:01:42 -0000

Hi Charlie,

On Wed, Aug 7, 2013 at 1:03 PM, Charlie Kaufman <charliek@microsoft.com>; wrote:
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
>
> This document describes a framework for adding a central control mechanism
> to trill to replace or supplement its autoconfiguring mechanism of
> dynamically learning the locations of all addresses on the LAN. The specific
> protocols for supplying and consuming this configuration information will
> presumably appear in future specs. This sort of configuration control is
> useful in a datacenter where all connections are carefully configured rather
> than being plug and play. It is particularly applicable in a "cloud"
> environment where virtual machines are moved between physical machines by
> some sort of Virtual Machine Management System that will also assign
> addresses and place them.
>
> This is a re-review. This latest draft incorporates all of my comments on
> -05, in particular an expanded description of the security advantages of
> this approach over the standard autoconfiguration in trill. I have no issues
> with it. I did find 2 typos:
>
> Page 4 last paragraph: “Both items 3 and 4 above…” There are only three
> items above. I suspect it should say “Both items 2 and 3 above…”

Yes, should be as you suggest.

> Page 15 section 7 paragraph 3: “Perhaps S want steal” -> “Perhaps S wants to
> steal”

Yup, thanks for spotting the typo.

I'd be happy to make those changes and re-post but these are
sufficiently minor that I am not sure I should do that right now...

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com