[secdir] Secdir review of draft-ietf-trill-multi-topology

Magnus Nyström <magnusn@gmail.com> Mon, 05 March 2018 05:30 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5227126C3D; Sun, 4 Mar 2018 21:30:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a_2ybeNSGfKd; Sun, 4 Mar 2018 21:30:39 -0800 (PST)
Received: from mail-pl0-x22f.google.com (mail-pl0-x22f.google.com [IPv6:2607:f8b0:400e:c01::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C73A124235; Sun, 4 Mar 2018 21:30:39 -0800 (PST)
Received: by mail-pl0-x22f.google.com with SMTP id 9-v6so3573064ple.11; Sun, 04 Mar 2018 21:30:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hYVDXU6SV76C3RS3e1bgs0beq56Orpzz3lqsPVecvYI=; b=cUfbfGiQCUZNZNez4wzP9rJTb8Xs8ZDin8/SLjtxBzU6LEnLtVPY606viBI70B2niQ JFnepty62yVT4dsyDLXZwayvp0PlRIzGbq8IJehf06N9agQqq57RBIYpaoK2Qj9a90st +yciwL5Ajfu9YOD2Oi8tAbgs36SN8iFbVtQx+a4UE/EOBt5lcyhL3kZTu5Zp4aXHxSGX uZ1yTOSyp2cjQJhvwUKfbo+FkakQTH+gweofFz6p35Y3fcILFiAfmup8AdOwh46ERXAN hOJPJN7bt3ZwOV2P/C2Yzm5mNP4dcRjNHjNEWP1++gKf9n5e9efzfI/zFE7i0ZBmCNlR qVzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hYVDXU6SV76C3RS3e1bgs0beq56Orpzz3lqsPVecvYI=; b=jiI7PgejJ9ycaS6Uli1hWGTUvPBMTX1m0JJBkTmxMvj1AI803I7+4Ity42FIOxWotj uuv6lo4xicMoBVda21Ue8HQfBM8Dn5RS1lxMfUS+JFU2Hc4J1Xq8Q/U6Q3G6d6jG0yzw Q2Jfq2p3qYes1uy0pIVA4OE/p9+QzivpNARTecG4qB1OVY9b8wlAKyzN84PQSkMuL+tZ WqIXb0c4OrQiaGXjq8AwYrhgzrBx+Xt69FNcDqVpWVc6qyZt9aUqPzbvNIfQcCi5lqL9 bYO1JXB2P69eefvPN3ueJNPCiZykwKkZsie4sPQ0iv3If9ErNAzMS4r2z8a4IqpN8k3e /QdA==
X-Gm-Message-State: AElRT7ECgq3txRbdyCYStJJQkUCBeslS2VyGgDButMjhipdonJT9vDok 1ZWnXC3r5T+Rcnk/BK7mvTavV5XtYZBycQhUdDUPPA==
X-Google-Smtp-Source: AG47ELu4hU49CmBAHkMgw1gojy22z53+PYrLSPJ+Q5HZ0D/LS/AeS9lVKKgolzJuZgG+8Pp8XB0Chns6700BGuH0PLU=
X-Received: by 2002:a17:902:901:: with SMTP id 1-v6mr12123529plm.404.1520227838568; Sun, 04 Mar 2018 21:30:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.241.204 with HTTP; Sun, 4 Mar 2018 21:30:38 -0800 (PST)
From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= <magnusn@gmail.com>
Date: Sun, 4 Mar 2018 21:30:38 -0800
Message-ID: <CADajj4Yg989r6UU+aHzM9z-3GmQq3kyYmmtwmCZB7+VRWn_swg@mail.gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-trill-multi-topology@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004bac300566a3a02b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YGvowfydYwuWXudIUgofrq7LH84>
Subject: [secdir] Secdir review of draft-ietf-trill-multi-topology
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 05:30:41 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes additions to the IETF Transparent Interconnection
of "Lots of Links" protocol to support multi-topology routing of unicast
and multi-destination traffic.

One of the reasons for this multi-topology work seems to be to allow for
the isolation of traffic of certain sensitivity. While the draft does refer
to RFC 5310, it doesn't mandate its use. Should that requirement be made?
This would seem to also increase assurances of legit actors in a given
"campus"?

Thanks,
-- Magnus