Telechat Review of draft-ietf-trill-rfc7180bis-05
review-ietf-trill-rfc7180bis-05-secdir-telechat-meadows-2015-10-29-00

Request Review of draft-ietf-trill-rfc7180bis
Requested rev. no specific revision (document currently at 07)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2015-10-20
Requested 2015-10-01
Other Reviews Genart Last Call review of -06 by Meral Shirazipour (diff)
Opsdir Last Call review of -06 by Susan Hares (diff)
Rtgdir Early review of -04 by Russ White (diff)
Review State Completed
Reviewer Catherine Meadows
Review review-ietf-trill-rfc7180bis-05-secdir-telechat-meadows-2015-10-29
Posted at https://www.ietf.org/mail-archive/web/secdir/current/msg06150.html
Reviewed rev. 05 (document currently at 07)
Review result Has Issues
Draft last updated 2015-10-29
Review completed: 2015-10-29

Review
review-ietf-trill-rfc7180bis-05-secdir-telechat-meadows-2015-10-29

 I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat 

these comments just like any other last call comments.

This document presents a number of clarifications, corrections  and updates to the RFCs associated with the Transparent Interconnection 

of Lots of Links (TRILL) protocol.  None of seem directly related to security, although some of it might support security by helping to

give nodes a more accurate picture of state of the network.

I have a few comments about the security considerations, mainly having to do with clarification:

The Security Considerations Section reads:

See [RFC6325] for general TRILL security considerations.

   This memo improves the documentation of the TRILL protocol, corrects

   five errata in [RFC6325], updates [RFC6325], [RFC7177], and [RFC7179]

   and obsoletes [RFC7180]. In most cases, it does not change the

   security considerations of those RFCs.

   E-L1FS FS-LSPs can be authenticated with IS-IS security [RFC5310].

I found this a little unclear.  Is the sentence "E-L1FS FS-LSPs can be authenticated with IS-IS security [RFC5310].”

intended to be the sole modification to the security considerations of the RFC’s.  If so, it would be helpful to make this clearer

by saying something like:

In most cases, it does not change the

   security considerations of those RFCs, except in the following case.

I consider document this Ready with nits.

Cathy Meadows




Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email: 

catherine.meadows at nrl.navy.mil