[secdir] Secdir review of draft-ietf-trill-rfc7180bis-06

Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 22 October 2015 15:13 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 50F961A1A4B; Thu, 22 Oct 2015 08:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yNDThzHYrryi; Thu, 22 Oct 2015 08:13:47 -0700 (PDT)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01E031A1A38; Thu, 22 Oct 2015 08:13:46 -0700 (PDT)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil []) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id t9MFDjot011615 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 22 Oct 2015 11:13:45 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EC3BD96B-C53A-4631-BE7F-80CCC603FCCD"
Date: Thu, 22 Oct 2015 11:13:44 -0400
Message-Id: <D352DB96-3634-4838-910E-E65840E2747B@nrl.navy.mil>
To: draft-ietf-trill-rfc7180bis.all@tools.ietf.org, secdir@ietf.org, iesg@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/xM36CA7nNpRM_1LXZoufnzmtfYo>
Subject: [secdir] Secdir review of draft-ietf-trill-rfc7180bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 15:13:55 -0000

 I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document presents a number of clarifications, corrections  and updates to the RFCs associated with the Transparent Interconnection 
of Lots of Links (TRILL) protocol.  None of seem directly related to security, although some of it might support security by helping to
give nodes a more accurate picture of state of the network.

I have a few comments about the security considerations, mainly having to do with clarification:

The Security Considerations Section reads:

See [RFC6325] for general TRILL security considerations.

   This memo improves the documentation of the TRILL protocol, corrects
   five errata in [RFC6325], updates [RFC6325], [RFC7177], and [RFC7179]
   and obsoletes [RFC7180]. In most cases, it does not change the
   security considerations of those RFCs.

   E-L1FS FS-LSPs can be authenticated with IS-IS security [RFC5310].

I found this a little unclear.  Is the sentence "E-L1FS FS-LSPs can be authenticated with IS-IS security [RFC5310].”
intended to be the sole modification to the security considerations of the RFC’s.  If so, it would be helpful to make this clearer
by saying something like:

In most cases, it does not change the
   security considerations of those RFCs, except in the following case.

I consider document this Ready with nits.

Cathy Meadows

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil