Last Call Review of draft-ietf-trill-rfc6439bis-03

Request Review of draft-ietf-trill-rfc6439bis
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-03
Requested 2016-12-20
Authors Donald Eastlake, Li Yizhou, Mohammed Umair, Ayan Banerjee, fangwei hu
Draft last updated 2017-01-12
Completed reviews Rtgdir Early review of -01 by Joel Halpern (diff)
Secdir Last Call review of -03 by Shawn Emery (diff)
Genart Last Call review of -04 by Christer Holmberg (diff)
Opsdir Telechat review of -04 by Dan Romascanu (diff)
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-trill-rfc6439bis-03-secdir-lc-emery-2017-01-12
Reviewed rev. 03 (document currently at 05)
Review result Has Issues
Review completed: 2017-01-12


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft updates the Appointed Forwarders mechanism (RFC 6439);
which supports multiple TRILL switches that handle native traffic
to and from end stations on a single link.

The security considerations section does exist and states that this
update does not change the security properties of the TRILL base
protocol.  The section goes on to state that the Port-Shutdown message
SHOULD be secured through the Tunnel Channel protocol (which is in draft
state).  Was this intended to be a normative reference?  The section quickly
finishes with a reference to Authentication TLVs as a way to secure E-LICS
FS-LSPs traffic.  I'm not a TRILL expert and therefore find it difficult to
distinguish between the usage of Tunnel Channels and Authentication TLVs for
securing Port Shutdown messaging.  Could you please clarify?

General comments:


Editorial comments:

s/the need to "inhibition"/the need for "inhibition"/
s/two optimization/two optimizations/
s/messages are build/messages are built/