Last Call Review of draft-ietf-trill-centralized-replication-10
review-ietf-trill-centralized-replication-10-secdir-lc-salowey-2017-12-10-00

Request Review of draft-ietf-trill-centralized-replication
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-12-12
Requested 2017-11-28
Other Reviews Rtgdir Early review of -03 by Keyur Patel (diff)
Genart Last Call review of -10 by Francis Dupont (diff)
Genart Telechat review of -12 by Francis Dupont (diff)
Review State Completed
Reviewer Joseph Salowey
Review review-ietf-trill-centralized-replication-10-secdir-lc-salowey-2017-12-10
Posted at https://mailarchive.ietf.org/arch/msg/secdir/GIDCUtJyVNd2yi8EF_YG5lfrGw0
Reviewed rev. 10 (document currently at 13)
Review result Has Issues
Draft last updated 2017-12-10
Review completed: 2017-12-10

Review
review-ietf-trill-centralized-replication-10-secdir-lc-salowey-2017-12-10

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Document is ready with issues.

I think the document has appropriate security considerations.  

One issue I see in the document is that in the intro it states:
"The basic idea is that all ingress RBridges send BUM traffic to a centralized node, which SHOULD be a distribution tree root, using unicast TRILL  encapsulation."
In section 3 it states :
"The centralized node MUST be a distribution tree root."

The MUST and SHOULD seem to be at odds here.