Last Call Review of draft-ietf-trill-adj-
review-ietf-trill-adj-secdir-lc-moriarty-2011-04-30-00

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I see no security issues with this document.

Summary:

   "This document describes four aspects
   of the TRILL LAN Hello protocol used on such links, particularly
   adjacency, designated RBridge selection, and MTU and pseudonode
   procedures, with state machines. There is no change for IS-IS point-
   to-point Hellos used on links configured as point-to-point in TRILL."

The TRILL Hello protocol serves the following purposes:
  "a) To determine which RBridge neighbors have acceptable connectivity
   to be reported as part of the topology (Section 3)
   b) To elect a unique Designated RBridge on the link (Section 4)
   c) To determine the MTU with which it is possible to communicate with
   each RBridge neighbor (Section 5)"
At layer 3, they are all combined.  TRILL does not accept the same behavior as
TRILL Hello protocol due to possible loops.  I do not see any security issues
that are raised by the addition of these capabilities that have not been
addressed in the document.

Nit: the following line on Page 24 is missing a period between sentences:
"entire range is covered reasonably promptly  Delays in sending TRILL"

Best regards,
Kathleen