Telechat Review of draft-ietf-trill-directory-framework-06
review-ietf-trill-directory-framework-06-secdir-telechat-kaufman-2013-08-08-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document
 editors and WG chairs should treat these comments just like any other last
 call comments.



This document describes a framework for adding a central control mechanism to
trill to replace or supplement its autoconfiguring mechanism of dynamically
learning the locations of all addresses on the LAN. The specific protocols for
 supplying and consuming this configuration information will presumably appear
 in future specs. This sort of configuration control is useful in a datacenter
 where all connections are carefully configured rather than being plug and
 play. It is particularly applicable in a "cloud" environment where virtual
 machines are moved between physical machines by some sort of Virtual Machine
 Management System that will also assign addresses and place them.



This is a re-review. This latest draft incorporates all of my comments on -05,
in particular an expanded description of the security advantages of this
approach over the standard autoconfiguration in trill. I have no issues with
it. I did
 find 2 typos:



Page 4 last paragraph: “Both items 3 and 4 above…” There are only three items
above. I suspect it should say “Both items 2 and 3 above…”



Page 15 section 7 paragraph 3: “Perhaps S want steal” -> “Perhaps S wants to
steal”