[Idr] Secdir early review of draft-ietf-idr-bgpls-srv6-ext-09
Stephen Farrell via Datatracker <noreply@ietf.org> Thu, 19 May 2022 20:21 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: idr@ietf.org
Delivered-To: idr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BEEF8C20D70B; Thu, 19 May 2022 13:21:45 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-idr-bgpls-srv6-ext.all@ietf.org, idr@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.2.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <165299170577.46245.16941883295434249269@ietfa.amsl.com>
Reply-To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Thu, 19 May 2022 13:21:45 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/rJr6bzD2BAtavg71M7laOgrNLX0>
Subject: [Idr] Secdir early review of draft-ietf-idr-bgpls-srv6-ext-09
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.34
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2022 20:21:45 -0000
Reviewer: Stephen Farrell Review result: Ready First, apologies for the appallingly late review - I hope this remains useful. Second, I wish there were another status for secdir reviews meaning "I haven't a notion," as that applies in this case;-) The draft itself is probably fine as it's just defining ways in which existing SRv6 stuff can be carried in BGP and the draft already points out how that could increase the impact of any underlying security issues with SRv6 compared carrying that same data in IS-IS or OSPF. So in that sense this seems ready. However, I have to say that SRv6 seems rather scary to me from the security POV so I really wonder if networks that do deploy that might not run into all sorts of hard to predict security issues. Whether or not that's the case is the thing about which I don't really have a notion and which is also (and properly) not answered by this draft but nor was I enlightened by the other bits of SRv6 spec that I scanned.
- [Idr] Secdir early review of draft-ietf-idr-bgpls… Stephen Farrell via Datatracker