[Idr] Stephen Farrell's No Objection on draft-ietf-idr-error-handling-18: (with COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Tue, 10 March 2015 14:12 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3720E1B2A4E; Tue, 10 Mar 2015 07:12:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcJFwlQsVVDV; Tue, 10 Mar 2015 07:12:52 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C12A71A8831; Tue, 10 Mar 2015 07:12:26 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.12.0.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150310141226.24491.44397.idtracker@ietfa.amsl.com>
Date: Tue, 10 Mar 2015 07:12:26 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/aCQVGNAU6dRkflmYuyTFTd_0VgY>
Cc: idr@ietf.org, draft-ietf-idr-error-handling.all@ietf.org, rob.shakir@bt.com, idr-chairs@ietf.org
Subject: [Idr] Stephen Farrell's No Objection on draft-ietf-idr-error-handling-18: (with COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 14:12:58 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-idr-error-handling-18: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
http://datatracker.ietf.org/doc/draft-ietf-idr-error-handling/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


- The writeup is so good it almost convinced me to just
ballot no-obj and not bother reading the doc:-) Good job.

- There is a perhaps missing security consideration. I think
this kind of protocol behaviour argues that any kind of
BGPSEC encryption needs to use an AEAD ciphersuite.  (Which
we'd likely do these days anyway, so that's not a biggie.)
The reason is if say CBC or a stream cipher were used, then
an attacker could play with ciphertext is various ways that
might interact with this error handling behaviour so as to
expose information that is intended to be protected by the
BGPSEC mechanism. Such an attack would probably be
pooh-poohed by all but tin foil hat folks, but it could
still be worth noting (maybe in section 8?) and as we've
seen recently, many of the tin foil hat fears turn out to be
realistic, sadly.

I noted a few nitty nits:
 
- section 2: AFI/SAFI are used without expansion

- 3.d: "well-known mandatory attributes" sort of yells for a
reference, doesn't it.

- 3.e: "cases that specify" - specify where? I think you
mean in the updated RFCs but it might be nice to say that

- 5: NRLI is expanded after 1st use