[secdir] Sec-Dir review of draft-ietf-trill-adj-06

<kathleen.moriarty@emc.com> Thu, 28 April 2011 02:10 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F31E08E3; Wed, 27 Apr 2011 19:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2iLftCdo8bG7; Wed, 27 Apr 2011 19:10:47 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 4F629E08DE; Wed, 27 Apr 2011 19:10:47 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p3S2AgPD007369 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Apr 2011 22:10:42 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd03.lss.emc.com [10.254.221.145]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor); Wed, 27 Apr 2011 22:10:32 -0400
Received: from mxhub19.corp.emc.com (mxhub19.corp.emc.com [10.254.93.48]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p3S2AN6E028977; Wed, 27 Apr 2011 22:10:23 -0400
Received: from mx06a.corp.emc.com ([169.254.1.49]) by mxhub19.corp.emc.com ([10.254.93.48]) with mapi; Wed, 27 Apr 2011 22:10:22 -0400
From: <kathleen.moriarty@emc.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-trill-adj.all@tools.ietf.org>
Date: Wed, 27 Apr 2011 22:10:21 -0400
Thread-Topic: Sec-Dir review of draft-ietf-trill-adj-06
Thread-Index: AcwFSW2ZPBzjO7LYQB+HgtesuoSRkA==
Message-ID: <AE31510960917D478171C79369B660FA0DBA640311@MX06A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Mailman-Approved-At: Fri, 29 Apr 2011 03:03:00 -0700
Cc: Radia@alum.mit.edu, vishwas@ipinfusion.com, ddutt@cisco.com, anoop@brocade.com
Subject: [secdir] Sec-Dir review of draft-ietf-trill-adj-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2011 02:10:48 -0000

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I see no security issues with this document.

Summary:

   "This document describes four aspects
   of the TRILL LAN Hello protocol used on such links, particularly
   adjacency, designated RBridge selection, and MTU and pseudonode
   procedures, with state machines. There is no change for IS-IS point-
   to-point Hellos used on links configured as point-to-point in TRILL."

The TRILL Hello protocol serves the following purposes:
  "a) To determine which RBridge neighbors have acceptable connectivity
   to be reported as part of the topology (Section 3)
   b) To elect a unique Designated RBridge on the link (Section 4)
   c) To determine the MTU with which it is possible to communicate with
   each RBridge neighbor (Section 5)"
At layer 3, they are all combined.  TRILL does not accept the same behavior as TRILL Hello protocol due to possible loops.  I do not see any security issues that are raised by the addition of these capabilities that have not been addressed in the document.

Nit: the following line on Page 24 is missing a period between sentences:
"entire range is covered reasonably promptly  Delays in sending TRILL"


Best regards,
Kathleen