I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document
 editors and WG chairs should treat these comments just like any other last call comments.




 




This document describes a framework for adding a central control mechanism to trill to replace or supplement its autoconfiguring mechanism of dynamically learning the locations of all addresses on the LAN. The specific protocols for
 supplying and consuming this configuration information will presumably appear in future specs. This sort of configuration control is useful in a datacenter where all connections are carefully configured rather than being plug and play. It is particularly applicable
 in a "cloud" environment where virtual machines are moved between physical machines by some sort of Virtual Machine Management System that will also assign addresses and place them.




 




This is a re-review. This latest draft incorporates all of my comments on -05, in particular an expanded description of the security advantages of this approach over the standard autoconfiguration in trill. I have no issues with it. I did
 find 2 typos:




 




Page 4 last paragraph: “Both items 3 and 4 above…” There are only three items above. I suspect it should say “Both items 2 and 3 above…”




 




Page 15 section 7 paragraph 3: “Perhaps S want steal” -> “Perhaps S wants to steal”