[secdir] Secdir review of draft-ietf-trill-rfc7180bis-06
Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 22 October 2015 15:13 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50F961A1A4B; Thu, 22 Oct 2015 08:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNDThzHYrryi; Thu, 22 Oct 2015 08:13:47 -0700 (PDT)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01E031A1A38; Thu, 22 Oct 2015 08:13:46 -0700 (PDT)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id t9MFDjot011615 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 22 Oct 2015 11:13:45 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EC3BD96B-C53A-4631-BE7F-80CCC603FCCD"
Date: Thu, 22 Oct 2015 11:13:44 -0400
Message-Id: <D352DB96-3634-4838-910E-E65840E2747B@nrl.navy.mil>
To: draft-ietf-trill-rfc7180bis.all@tools.ietf.org, secdir@ietf.org, iesg@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/xM36CA7nNpRM_1LXZoufnzmtfYo>
Subject: [secdir] Secdir review of draft-ietf-trill-rfc7180bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 15:13:55 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document presents a number of clarifications, corrections and updates to the RFCs associated with the Transparent Interconnection of Lots of Links (TRILL) protocol. None of seem directly related to security, although some of it might support security by helping to give nodes a more accurate picture of state of the network. I have a few comments about the security considerations, mainly having to do with clarification: The Security Considerations Section reads: See [RFC6325] for general TRILL security considerations. This memo improves the documentation of the TRILL protocol, corrects five errata in [RFC6325], updates [RFC6325], [RFC7177], and [RFC7179] and obsoletes [RFC7180]. In most cases, it does not change the security considerations of those RFCs. E-L1FS FS-LSPs can be authenticated with IS-IS security [RFC5310]. I found this a little unclear. Is the sentence "E-L1FS FS-LSPs can be authenticated with IS-IS security [RFC5310].” intended to be the sole modification to the security considerations of the RFC’s. If so, it would be helpful to make this clearer by saying something like: In most cases, it does not change the security considerations of those RFCs, except in the following case. I consider document this Ready with nits. Cathy Meadows Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-trill-rfc718… Catherine Meadows