Last Call Review of draft-ietf-trill-rfc6439bis-03
review-ietf-trill-rfc6439bis-03-secdir-lc-emery-2017-01-12-00
| Request | Review of | draft-ietf-trill-rfc6439bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2017-01-03 | |
| Requested | 2016-12-20 | |
| Authors | Donald E. Eastlake 3rd , Yizhou Li , Mohammed Umair , Ayan Banerjee , fangwei hu | |
| Draft last updated | 2017-01-12 | |
| Completed reviews |
Rtgdir Early review of -01
by
Joel M. Halpern
(diff)
Secdir Last Call review of -03 by Shawn M Emery (diff) Genart Last Call review of -04 by Christer Holmberg (diff) Opsdir Telechat review of -04 by Dan Romascanu (diff) |
|
| Assignment | Reviewer | Shawn M Emery |
| State | Completed | |
| Review |
review-ietf-trill-rfc6439bis-03-secdir-lc-emery-2017-01-12
|
|
| Reviewed revision | 03 (document currently at 05) | |
| Result | Has Issues | |
| Completed | 2017-01-12 |
review-ietf-trill-rfc6439bis-03-secdir-lc-emery-2017-01-12-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft updates the Appointed Forwarders mechanism (RFC 6439); which supports multiple TRILL switches that handle native traffic to and from end stations on a single link. The security considerations section does exist and states that this update does not change the security properties of the TRILL base protocol. The section goes on to state that the Port-Shutdown message SHOULD be secured through the Tunnel Channel protocol (which is in draft state). Was this intended to be a normative reference? The section quickly finishes with a reference to Authentication TLVs as a way to secure E-LICS FS-LSPs traffic. I'm not a TRILL expert and therefore find it difficult to distinguish between the usage of Tunnel Channels and Authentication TLVs for securing Port Shutdown messaging. Could you please clarify? General comments: None. Editorial comments: s/the need to "inhibition"/the need for "inhibition"/ s/forarding/forwarding/ s/two optimization/two optimizations/ s/messages are build/messages are built/ Shawn. --