Re: [secdir] Secdir review of draft-ietf-isis-trill

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No objections.

Radia

On Sun, Dec 19, 2010 at 10:16 AM, Donald Eastlake <d3e3e3@xxxxxxxxx> wrote:
> My apologies for responding slowly, I was traveling.
>
> If it is tolerable to people, I do not mind adding the two sentences
> requested by Sam to the isis-trill draft.
>
> Thanks,
> Donald
>
> PS: It appears to me that the same considerations apply to
> draft-ietf-isis-ieee-aq.
>
> On Fri, Dec 17, 2010 at 10:45 PM, Sam Hartman <hartmans-ietf@xxxxxxx> wrote:
>>>>>>> "Erik" == Erik Nordmark <nordmark@xxxxxxx> writes:
>>
>>
>>    Erik> Adding just this sentence to draft-ietf-isis-trill (the code
>>    Erik> point document) seems odd. Your comment is really a comment on
>>    Erik> the security of IS-IS, and not specific to TRILL and unrelated
>>    Erik> to the code points.
>>
>> I don't care much where the text goes.  I'm happy if you provide an rfc
>> editor note for draft-ietf-trill-rbridge-protocol if you like that
>> approach better.  However, as I read draft-ietf-isis-trill, it defines
>> the interface between TRILL and IS-IS.  In my mind, that's where the
>> security consideration appears.  You're re-using a component that isn't
>> up to our current standards--we know that; we're working on it in
>> KARP. However in doing that, you need to document the security
>> considerations for your protocol.  Since you have a document that
>> specifically is the interface between your protocol and the component
>> you are re-using,that seems like the best place to do the documentation
>> work.
>>
>> however, in decreasing order of priority, I want to call out my concern
>> that we need to be far more careful about what we expect in terms of
>> security from future work we charter and that we should document the
>> specific interactions between IS-IS and TRILL.  While I have expressed
>> an opinion above on where I think that documentation should go, feel
>> free to put it where you think is most correct.
> _______________________________________________
> secdir mailing list
> secdir@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/secdir
>
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]