[secdir] secdir review of draft-ietf-grow-filtering-threats-06

Tom Yu <tlyu@mit.edu> Tue, 07 July 2015 19:10 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 634B11A8703; Tue, 7 Jul 2015 12:10:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id PuqlPgo20uP5; Tue, 7 Jul 2015 12:10:15 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AB531A1B6A; Tue, 7 Jul 2015 12:10:15 -0700 (PDT)
X-AuditID: 12074424-f79b46d000001e7f-df-559c24169d29
Received: from mailhub-auth-2.mit.edu ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 62.52.07807.6142C955; Tue, 7 Jul 2015 15:10:14 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu []) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t67JADIr018061; Tue, 7 Jul 2015 15:10:14 -0400
Received: from localhost (sarnath.mit.edu []) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t67JABYr016548; Tue, 7 Jul 2015 15:10:12 -0400
From: Tom Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-grow-filtering-threats.all@tools.ietf.org
Date: Tue, 07 Jul 2015 15:10:11 -0400
Message-ID: <ldv615v238s.fsf@sarnath.mit.edu>
Lines: 41
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrPIsWRmVeSWpSXmKPExsUixG6noiumMifUYHG7osWfxUfZLGb8mchs 8WHhQxYHZo8lS34yeXy5/JktgCmKyyYlNSezLLVI3y6BK6O15xlzwUW+iue/9rI3MHbydDFy ckgImEhcXrqCFcIWk7hwbz0biC0ksJhJov+TXBcjF5C9gVHi6aTFLBCJ14wSe1vFQGw2AWmJ 45d3MYHYIgKJEpt3HgGrERawk+i5PB9oKAcHi4CqxOXNlSBhXgFdiX3TJ4Pt4hHglPi98Q0z RFxQ4uTMJ2CtzAJaEjf+vWSawMg7C0lqFpLUAkamVYyyKblVurmJmTnFqcm6xcmJeXmpRbrm ermZJXqpKaWbGMHh5KKyg7H5kNIhRgEORiUe3hsSs0OFWBPLiitzDzFKcjApifJ+/woU4kvK T6nMSCzOiC8qzUktPsQowcGsJMK7V3FOqBBvSmJlVWpRPkxKmoNFSZx30w++ECGB9MSS1OzU 1ILUIpisDAeHkgTvYiWgRsGi1PTUirTMnBKENBMHJ8hwHqDhO0BqeIsLEnOLM9Mh8qcYFaXE eVNBEgIgiYzSPLheWLy/YhQHekWY9zRIFQ8wVcB1vwIazAQ0eLnuLJDBJYkIKakGRpnZAT/V ll1YtTduj0qj5KRC+/qLldY/l3uFL4x8V+pobvnoe+0+w9qc5wJGascWtuw77bNNo+q9VdyU 4qDFXiaSs2S6ff/eOWLz9tFz9hBj/w3b4ybe/Xz2AlfWO/Gdc2d+WhcgH2jicO+thnR+8I0E NdHbUgcnR/6Y+vPJtDyX3He9khV3uZRYijMSDbWYi4oTAYdQc0XSAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/0mqUzMZc_D0rbBlKX6zEDLsAvfk>
Subject: [secdir] secdir review of draft-ietf-grow-filtering-threats-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 19:10:17 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary: Ready with nits

Consider adding text to the Introduction mentioning malicious activity
as a possible cause of these unexpected traffic flows, rather than
leaving it toward the end of the document in the Security

The Security Considerations (Section 6) text describes possible
malicious activity by an AS to deliberately cause unexpected traffic
flow through another AS.  Although the first paragraph of the Security
Considerations says "The objective of this document is to inform on this
potential routing security issue", there appears to be no prior mention
in this document of possibility of maliciously induced unexpected
traffic flow.  The current Introduction characterizes the unexpected
traffic flows primarily as side effects of filtering or other
configuration, but appears not to include the possibility of a malicious


In the second paragraph of Section 1: "While BGP" should be "Although
BGP", to avoid implying dependency or temporal coincidence.

In the first two paragraphs of Section 3.1, "his" should be "its".
Please avoid the unnecessary use of gendered pronouns.

In the first paragraph of Section 3.2, delete "data" from "as much data
information as possible".

For the title of Section 4, consider dropping one instance of the word

In the last paragraph of Section 4.1, in the sentence "...neighboring
AS... opposes the peering agreement", consider replacing "opposes" with
"contravenes", "infringes", or another synonym.