Last Call Review of draft-ietf-trill-centralized-replication-10
review-ietf-trill-centralized-replication-10-secdir-lc-salowey-2017-12-10-00

Request Review of draft-ietf-trill-centralized-replication
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-12-12
Requested 2017-11-28
Authors Hao Weiguo, Li Yizhou, Muhammad Durrani, Sujay Gupta, Andrew Qu
Draft last updated 2017-12-10
Completed reviews Rtgdir Early review of -03 by Keyur Patel (diff)
Genart Last Call review of -10 by Francis Dupont (diff)
Secdir Last Call review of -10 by Joseph Salowey (diff)
Genart Telechat review of -12 by Francis Dupont (diff)
Assignment Reviewer Joseph Salowey
State Completed
Review review-ietf-trill-centralized-replication-10-secdir-lc-salowey-2017-12-10
Reviewed rev. 10 (document currently at 13)
Review result Has Issues
Review completed: 2017-12-10

Review
review-ietf-trill-centralized-replication-10-secdir-lc-salowey-2017-12-10

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Document is ready with issues.

I think the document has appropriate security considerations.  

One issue I see in the document is that in the intro it states:
"The basic idea is that all ingress RBridges send BUM traffic to a centralized node, which SHOULD be a distribution tree root, using unicast TRILL  encapsulation."
In section 3 it states :
"The centralized node MUST be a distribution tree root."

The MUST and SHOULD seem to be at odds here.