[secdir] secdir review of draft-ietf-bess-nsh-bgp-control-plane-13
"Scott G. Kelly" <scott@hyperthought.com> Wed, 01 January 2020 22:02 UTC
Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B728120020; Wed, 1 Jan 2020 14:02:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtZL_nNbwcG2; Wed, 1 Jan 2020 14:02:23 -0800 (PST)
Received: from smtp120.iad3a.emailsrvr.com (smtp120.iad3a.emailsrvr.com [173.203.187.120]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B9212000F; Wed, 1 Jan 2020 14:02:23 -0800 (PST)
Received: from app37.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 622C417BB; Wed, 1 Jan 2020 17:02:22 -0500 (EST)
X-Sender-Id: scott@hyperthought.com
Received: from app37.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Wed, 01 Jan 2020 17:02:22 -0500
Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app37.wa-webapps.iad3a (Postfix) with ESMTP id 4EA296004A; Wed, 1 Jan 2020 17:02:22 -0500 (EST)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Wed, 1 Jan 2020 14:02:22 -0800 (PST)
X-Auth-ID: scott@hyperthought.com
Date: Wed, 01 Jan 2020 14:02:22 -0800
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-bess-nsh-bgp-control-plane.all@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1577916142.318315934@apps.rackspace.com>
X-Mailer: webmail/17.2.3-RC
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-WlSCAoIKHZNF3z4WLkB-lrkZKI>
Subject: [secdir] secdir review of draft-ietf-bess-nsh-bgp-control-plane-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jan 2020 22:02:26 -0000
This review is several weeks late, I hope it is still useful. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. From the abstract, this document describes the use of BGP as a control plane for networks that support Service Function Chaining (SFC). The document is well-written and the security considerations section points to other RFCs where appropriate, and seems to call out all relevant additional considerations. I could leave it at that, but I have little routing expertise/experience, so I can't state with confidence that nothing was missed. The instructions for secdir reviews say that the most important item is to give the (security) ADs a sense of how important it is that they pay attention to the document. Given the complexity and interactions between BGP, SFC, and the control plane mechanisms described in this document, I think it *is* important that the security ADs pay attention to this document. --Scott
- [secdir] secdir review of draft-ietf-bess-nsh-bgp… Scott G. Kelly