[Idr] Secdir early review of draft-ietf-idr-bgpls-srv6-ext-09

Stephen Farrell via Datatracker <noreply@ietf.org> Thu, 19 May 2022 20:21 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-idr-bgpls-srv6-ext.all@ietf.org, idr@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <165299170577.46245.16941883295434249269@ietfa.amsl.com>
Reply-To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Thu, 19 May 2022 13:21:45 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/rJr6bzD2BAtavg71M7laOgrNLX0>
Subject: [Idr] Secdir early review of draft-ietf-idr-bgpls-srv6-ext-09

Reviewer: Stephen Farrell
Review result: Ready

First, apologies for the appallingly late review - I hope this remains useful.

Second, I wish there were another status for secdir reviews meaning "I haven't
a notion," as that applies in this case;-)

The draft itself is probably fine as it's just defining ways in which existing
SRv6 stuff can be carried in BGP and the draft already points out how that
could increase the impact of any underlying security issues with SRv6 compared
carrying that same data in IS-IS or OSPF. So in that sense this seems ready.

However, I have to say that SRv6 seems rather scary to me from the security POV
so I really wonder if networks that do deploy that might not run into all sorts
of hard to predict security issues. Whether or not that's the case is the thing
about which I don't really have a notion and which is also (and properly) not
answered by this draft but nor was I enlightened by the other bits of SRv6 spec
that I scanned.

[Idr] Secdir early review of draft-ietf-idr-bgpls… Stephen Farrell via Datatracker