IETF Logo Mail Archive

Secdir early review of draft-ietf-rtgwg-atn-bgp-12

Russ Housley via Datatracker <noreply@ietf.org> Tue, 18 January 2022 22:21 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: rtgwg@ietf.org
Delivered-To: rtgwg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 25CB13A101C; Tue, 18 Jan 2022 14:21:39 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Housley via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-rtgwg-atn-bgp.all@ietf.org, rtgwg@ietf.org
Subject: Secdir early review of draft-ietf-rtgwg-atn-bgp-12
X-Test-IDTracker: no
X-IETF-IDTracker: 7.42.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164254449908.16866.909130080169345606@ietfa.amsl.com>
Reply-To: Russ Housley <housley@vigilsec.com>
Date: Tue, 18 Jan 2022 14:21:39 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/0nju-Ltq2pcdWNfgx8l_OVDO4ss>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2022 22:21:39 -0000

Reviewer: Russ Housley
Review result: Has Issues

I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: draft-ietf-rtgwg-atn-bgp-12
Reviewer: Russ Housley
Review Date: 2022-01-18
Early Review Due: 2022-02-11
IETF LC End Date: Unknown
IESG Telechat date: Unknown


Summary: Has Issues


Major Concerns:

Section 3 says:

   The only requirement is that ASNs
   must not be duplicated within the ATN/IPS routing system itself.

What party will administer these ASNs?  I understand why it does not
need to be IANA, but there does need to be a single authority, even
if a hierarchy is used to delegate assignments.  ASN collisions are
extremely harmful.

Section 10 says:

   BGP protocol message exchanges and control message exchanges used for
   route optimization must be secured to ensure the integrity of the
   system-wide routing information base.

I assume that "secured" means integrity protected.  BGP runs over TCP.
TCP-AO was defined primarily to provide integrity protection for BGP.
Is the intent to use TCP-AO or something else.  Please specify.


Minor Concerns:

Section 1 talks about IPsec and Wireguard as "secured encapsulations".
Please say what you mean by security here.  Are you expecting
confidentiality, integrity, or both?  Since this is an example,
please drop "Wireguard" or provide a reference for it.

Section 1 goes on to say:

   In particular, tunneling must be used when
   neighboring ASBRs are separated by multiple INET hops.
   
This seems to mean that tunnels are not used in some if there is a
single INET hop.  Can you add a sentence about that?

Section 5 says: "...tunnels packets directly between Proxys ...".
Are these IPsec tunnels?  I am trying to fully understand when the
tunnels require IPsec (or some other security protocol) and when they
do not.

Section 10 lists IPsec, TLS, WireGuard, etc.  This is the first
reference to TLS.  When do you see TLS being used?

v2.23.0 | Report a Bug | By Email