Re: [secdir] secdir review of draft-ietf-bess-fat-pw-bgp-03

Alvaro Retana <> Fri, 16 February 2018 14:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AAC051241F5; Fri, 16 Feb 2018 06:43:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c70jW_a-_4KY; Fri, 16 Feb 2018 06:43:03 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4003:c0f::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E6CDC120047; Fri, 16 Feb 2018 06:43:02 -0800 (PST)
Received: by with SMTP id l24so2890459otj.3; Fri, 16 Feb 2018 06:43:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=RUP4S4w4RRBIxAkxpN147BfNnYs19DwlkkIOm0tTpvA=; b=Ynn1tPPhbEh6yeGI9clB2p1xwdEUphujy2HnktoUu/UK0ErSSveuqphaXFeRfdJTN1 AmBwVzbbLjHtmip1EOAo8MrBcMwlFtOmosmAklZuWrsD9g+dBGy+soGdp1u9f02Guvxm aVlWq2DpecIfrrgO1ty5eQ4pdJx+XKifKTBy3Xw/kT0u0hlKbE5Kn8+p84lDS87KUjZj nNUXg0b94JwMg6+xMQR9P8NvdbWgwzwi6xgi7ZPIhlmDXBpxYLbGMRvlmHlUfTpObqha uxmDRrcZLf7ozU6+oIxKCnNJqDSvka98o+gOc+J5RfM/rJnt9IyUELP/fxOeEvxW6pUE dUAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=RUP4S4w4RRBIxAkxpN147BfNnYs19DwlkkIOm0tTpvA=; b=XaB7V95UW3I5BjZDt5tpnT2N87EnOoHgoe3qXur63oMztWqU5VcM26VccsMLw7Xywd V7p1putxNvO5qnMHaE7szXxoUBvVAazIKM6KhKK6AqFi6QtjC4l2Fmqnez+0pEu1Ta1/ sFf87pUtEkooIwUvQNBW8BC9p3Bab2QdSBbCTuDJ1QonriGVbwzHCOdlArhLzTbpE4dp ljT1WGl1BuGmjJxTbfqQCTW1Ou9O5fQaI4C1MRYGYAhvh4OmXMUNUbEBSDUpbHNao763 Z+4nDrAjCmw59eHTd84qCvZBNm8kB/10DjNbm0aXWrfQYDKjhLy9W/0M9IlV1X1V9jwJ 8sHw==
X-Gm-Message-State: APf1xPBh94xMQg6c2bAxn1NC9k10P6Twgm4eloMeMiuSO9DgjfejRbqW ItlUWmCb3tt2I7r8EwouPFrK5jd1RpMnAKTSR8w=
X-Google-Smtp-Source: AH8x224byOXttgGPHbbrZJkVjhwvccmu9CF9WGCiA3aNa+P0K+571fqfJledbbJ2f5bIjF1WLVcXf4qfZYAA+oiE60I=
X-Received: by with SMTP id z9mr4346135ota.175.1518792182242; Fri, 16 Feb 2018 06:43:02 -0800 (PST)
Received: from 1058052472880 named unknown by with HTTPREST; Fri, 16 Feb 2018 06:43:01 -0800
From: Alvaro Retana <>
In-Reply-To: <>
References: <> <>
X-Mailer: Airmail (467)
MIME-Version: 1.0
Date: Fri, 16 Feb 2018 06:43:01 -0800
Message-ID: <>
To: "Scott G. Kelly" <>
Cc:, "" <>, "" <>
Content-Type: multipart/alternative; boundary="94eb2c03556482a4410565555c29"
Archived-At: <>
Subject: Re: [secdir] secdir review of draft-ietf-bess-fat-pw-bgp-03
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 16 Feb 2018 14:43:06 -0000


Hi!  Thanks for the review!

The correct address is (.all, not
-all).  I’m including it in this reply.

BTW, yes the security considerations should also reference rfc4761.  That
comment had come up in another review and the authors should have it queued
up for the next version.


On February 16, 2018 at 9:08:47 AM, Scott G. Kelly (

Resending due to bounce from

On Friday, February 16, 2018 6:06am, "Scott G. Kelly" <>; said:

> I have reviewed this document as part of the security directorate's
ongoing effort
> to review all IETF documents being processed by the IESG. These comments
> written primarily for the benefit of the security area directors. Document
> editors and WG chairs should treat these comments just like any other
last call
> comments.
> The summary of the review is Ready with issues.
> From the last line of the abstract, this draft updates RFC 4761 by
defining new
> flags in the Control Flags field of the Layer2 Info Extended Community.
> I'm not expert in routing protocols, so I can't say for sure that the one
> issue I'm calling out is the only one. The security considerations
section is very
> brief, saying only
> This extension to BGP does not change the underlying security issues
> inherent in the existing [RFC4271].
> RFC4271 is the BGP4 RFC. I agree that those security considerations
apply, but as
> noted in the abstract, this draft updates RFC4761, and since that
document calls
> out additional security considerations, don't those also apply here?
> this document's security considerations also reference RFC4761?
> --Scott
> _______________________________________________
> secdir mailing list
> wiki: