Re: [secdir] Review of draft-ietf-trill-irb-13
Shawn M Emery <shawn.emery@oracle.com> Wed, 06 July 2016 05:45 UTC
Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6C1E12B05E for <secdir@ietfa.amsl.com>; Tue, 5 Jul 2016 22:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzXYDmzCoHAh for <secdir@ietfa.amsl.com>; Tue, 5 Jul 2016 22:45:32 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4001212B03D for <secdir@ietf.org>; Tue, 5 Jul 2016 22:45:32 -0700 (PDT)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u665jSeP020844 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Jul 2016 05:45:28 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u665jRYh028353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Jul 2016 05:45:27 GMT
Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id u665jPB1023264; Wed, 6 Jul 2016 05:45:26 GMT
Received: from [10.159.78.203] (/10.159.78.203) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Jul 2016 05:45:25 +0000
To: Donald Eastlake <d3e3e3@gmail.com>
References: <5729944D.4040403@oracle.com> <5770C231.9060301@oracle.com> <CAF4+nEGnsmr5+7z52w0Ea7E8Z+osET6sZQkaRQAhawsDqDVYyw@mail.gmail.com> <577347DF.2060202@oracle.com> <CAF4+nEFrgx_UeW-inyOE-nXv6uchzZpzEjCYnP-ernQ3fs1=gQ@mail.gmail.com> <CAF4+nEEBb0+cAzDubEZTPWpjy2G0-t1btXS7V5bMXQ=rEjugDw@mail.gmail.com>
From: Shawn M Emery <shawn.emery@oracle.com>
Message-ID: <577C9B7B.1030209@oracle.com>
Date: Tue, 05 Jul 2016 23:47:39 -0600
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <CAF4+nEEBb0+cAzDubEZTPWpjy2G0-t1btXS7V5bMXQ=rEjugDw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rlKLJ20bwCWTZ_ZfPkzX61n9qGo>
Cc: draft-ietf-trill-irb.all@tools.ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Review of draft-ietf-trill-irb-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 05:45:34 -0000
Hi Donald, The updates clarifying elements of the security considerations section looks great. All the other updates looks good as well, with a few nits below: s/TENANT- GWMAC-LABEL/TENANT-GWMAC-LABEL/ s/for the updating/for the updates/ s/that tenant how/that tenant on how/ Thanks, Shawn. -- On 07/ 5/16 06:31 PM, Donald Eastlake wrote: > Hi Shawn, > > A version -14 has been uploaded with the intent that it resolve your comments. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 155 Beaver Street, Milford, MA 01757 USA > d3e3e3@gmail.com > > > On Wed, Jun 29, 2016 at 2:23 PM, Donald Eastlake <d3e3e3@gmail.com> wrote: >> Hi Shawn, >> >> On Wed, Jun 29, 2016 at 12:00 AM, Shawn M Emery <shawn.emery@oracle.com> wrote: >>> On 06/28/16 08:56 PM, Donald Eastlake wrote: >>>> Hi Shawan, >>>> >>>> Thanks for our comments. >>>> >>>> On Mon, Jun 27, 2016 at 2:05 AM, Shawn M Emery <shawn.emery@oracle.com> >>>> wrote: >>>>> I have reviewed this document as part of the security directorate's >>>>> ongoing effort to review all IETF documents being processed by the IESG. >>>>> These comments were written primarily for the benefit of the security >>>>> area directors. Document editors and WG chairs should treat these >>>>> comments just like any other last call comments. >>>>> >>>>> This draft specifies layer 3 (inter-subnet) gateway messaging of the >>>>> TRILL (Transparent Interconnection of Lots of Links) protocol. >>>>> >>>>> The security considerations section does exist and refers to Intermediate >>>>> System to Intermediate System (IS-IS) authentication (RFC 5310) for >>>>> securing >>>>> information advertised by Routing Bridges. For generic TRILL security >>>>> the >>>>> draft refers to RFC 6325. For sensitive data, it prescribes end-to-end >>>>> security, but does not reference or provide details on how this is done >>>>> in >>>>> a layer 3 deployment. >>>> Would you think it helpful if it gave IPsec and/or TLS as examples of >>>> protocols that might be used for end-to-end security? >>> Yes, whatever is commonly used in TRILL and if there are ones that shouldn't >>> be used then I would suggest writing text describing why not. >> End stations attached to a TRILL campus think they are on the same >> local link unless they use or listen for special link control or TRILL >> IS-IS PDUs. So I would say it is no business of TRILL's to say what >> end-to-end security protocol they should or shouldn't use. The >> Security Considerations section is just pointing out the general >> recommendation that end-to-end security is a good idea to supplement >> any security of more limited transit scope, particularly for sensitive >> information. >> >>>>> General comments: >>>>> >>>>> None. >>>>> >>>>> Editorial comments: >>>>> >>>>> Does TRILL and FGL need to be expanded in the Abstract and Introduction >>>>> section, respectively? >>>>> I think it would be helpful to describe the "Inner.VLAN" syntax used >>>>> throughout the document. >>>> The payload of a TRILL Data packet looks like an Ethernet frame with a >>>> VLAN tag which is the inner.VLAN. This could be added to the >>>> definitions in Section 2. >>> Thanks for clarifying. >>> >>>> ... >>>>> s/optimal pair-wise forwarding path/optimal pair-wise forwarding paths/ >>>> I don't see that in version -13. >>> The text was part of a new-line. Let's try: >>> >>> s/wise forwarding path/wise forwarding paths/ >> Ah, sorry, found it now. OK. >> >> Thanks, >> Donald (document Shepherd) >> =============================== >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >> 155 Beaver Street, Milford, MA 01757 USA >> d3e3e3@gmail.com >> >>> Shawn. >>> --
- Re: [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- [secdir] Review of draft-ietf-tictoc-security-req… Shawn M Emery
- [secdir] Review of draft-ietf-core-groupcomm-21 Shawn M Emery
- Re: [secdir] Review of draft-ietf-core-groupcomm-… Rahman, Akbar
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- [secdir] Review of draft-ietf-l3vpn-mvpn-mldp-nlr… Shawn M Emery
- [secdir] Review of draft-ietf-aqm-recommendation-… Shawn M Emery
- [secdir] Review of draft-ietf-ccamp-rwa-wson-enco… Shawn M Emery
- [secdir] Secdir review of draft-ietf-nfsv4-lfs-re… Dacheng
- Re: [secdir] Review of draft-ietf-ccamp-rwa-wson-… Moriarty, Kathleen
- [secdir] Review of draft-ietf-manet-tlv-naming-02 Shawn M Emery
- [secdir] Review of draft-ietf-precis-nickname-18 Shawn M Emery
- [secdir] Review of draft-ietf-pwe3-iccp-stp-04 Shawn M Emery
- Re: [secdir] Review of draft-ietf-pwe3-iccp-stp-04 Mingui Zhang
- [secdir] Review of draft-ietf-dnsop-qname-minimis… Shawn M Emery
- Re: [secdir] Review of draft-ietf-dnsop-qname-min… Stephane Bortzmeyer
- [secdir] Review of draft-ietf-tcpm-undeployed-03 Shawn M Emery
- [secdir] Secdir review of draft-ietf-netconf-yang… Dacheng
- [secdir] Review of draft-ietf-bfd-seamless-base-09 Shawn M Emery
- Re: [secdir] Review of draft-ietf-bfd-seamless-ba… Carlos Pignataro (cpignata)
- [secdir] Review of draft-ietf-mpls-entropy-lsp-pi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-mpls-entropy-ls… Andrew G. Malis
- Re: [secdir] Review of draft-ietf-mpls-entropy-ls… Carlos Pignataro (cpignata)
- [secdir] Review of draft-ietf-payload-rtp-ancilla… Shawn M Emery
- Re: [secdir] Review of draft-ietf-payload-rtp-anc… Thomas Edwards
- Re: [secdir] Review of draft-ietf-payload-rtp-anc… Shawn M Emery
- [secdir] Review of draft-ietf-trill-rfc6439bis-03 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake