[secdir] secdir review of draft-ietf-idr-bgpls-segment-routing-epe
Carl Wallace <carl@redhoundsoftware.com> Fri, 09 November 2018 12:14 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 234F7130DFB for <secdir@ietfa.amsl.com>; Fri, 9 Nov 2018 04:14:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IsBD2pqM6hCU for <secdir@ietfa.amsl.com>; Fri, 9 Nov 2018 04:14:43 -0800 (PST)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 687A4130DE9 for <secdir@ietf.org>; Fri, 9 Nov 2018 04:14:43 -0800 (PST)
Received: by mail-qk1-x733.google.com with SMTP id n12so1107889qkh.11 for <secdir@ietf.org>; Fri, 09 Nov 2018 04:14:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :mime-version:content-transfer-encoding; bh=qltV9akcC4QpDkKupJ+/j7CzV3WWlLe54/BlV/IYyK4=; b=bUUOBukC06DluSN0G0Kz3A1/L0hpQb8m2B8P4fpTmrPRiWj8rsgErAk7S71iLxcSga eB4KbeumWqNVBFNPlr9Icp0/sChnfE5bly5HnZUwaNKDWn0pNLWxyD7Gb/z83th4sjUs BTx5+pGMsA051Qe2o2h26ohg6O+IGVTSLCWzY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:mime-version:content-transfer-encoding; bh=qltV9akcC4QpDkKupJ+/j7CzV3WWlLe54/BlV/IYyK4=; b=bzAN2CyBeK9Ta8IOwT7xCEe9/goISpDlVkhvIankD/Uak+y6Y/kwEIcuJpeM7JB25J ZZJLwpEl7ESYE68wTEgoWUU4QG6vrdYV8xZJlHaGCXcE6n8t78UHJk3/GbRmveqUlsrI hDlTDBSVljUlQYXbdKVf0osGwlFT9SyW/507BeRsF7hUkEjrccTXPoTAjhd+sFY1FdJJ 78xQU7RNBQ63387BVqblp58602o54hQwq9RlyQjgxBO9n2Xt8qiVb5SbfJ6RU6atdWks T+qmAhdBQVQ2K4qfDiXK+fGDp3m2tMLaEHMQVhHGWJdRXEbwcIZ5JaclxqgxluYnrqoE Wn0w==
X-Gm-Message-State: AGRZ1gJVTLu2xka7HEZfCTRBdNcULP8l7qCgm0NfCr4TX4QEcXBxt8mP htU+VQq0W9a/EoKRqSY/6ju00LqUwKA=
X-Google-Smtp-Source: AJdET5dWUvlX8u35UMKRIuUG4EWuOkpNEs2mOHCjb1UiCORyzUiAG6QHzZDVGCkJRG3hLd3KjdTyjQ==
X-Received: by 2002:ac8:3065:: with SMTP id g34mr8549913qte.136.1541765682231; Fri, 09 Nov 2018 04:14:42 -0800 (PST)
Received: from [192.168.2.27] (pool-108-28-91-61.washdc.fios.verizon.net. [108.28.91.61]) by smtp.googlemail.com with ESMTPSA id 67sm5184728qku.60.2018.11.09.04.14.38 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 09 Nov 2018 04:14:40 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Fri, 09 Nov 2018 07:14:34 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: draft-ietf-idr-bgpls-segment-routing-epe.all@ietf.org
CC: secdir@ietf.org, iesg@ietf.org
Message-ID: <D80AE45A.C520A%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-idr-bgpls-segment-routing-epe
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ZG5hsUQ3I-eHbbypFIGrADbA7eg>
Subject: [secdir] secdir review of draft-ietf-idr-bgpls-segment-routing-epe
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 12:14:46 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes an extension to BGP Link State (BGP-LS) for advertisement of BGP Peering Segments along with their BGP peering node information so that efficient BGP Egress Peer Engineering (EPE) policies and strategies can be computed based on Segment Routing. As extensions to RFC7752, the security considerations incorporate language from that document by reference in addition to segment routing security considerations from the architecture document (RFC8402). This seems appropriate. I found the document to be well written. One minor comment, reusing the same reference diagram for Figure 5 as in draft-ietf-spring-segment-routing-central-epe-05 Figure 1 may be worthwhile (as would making sure all items in the diagram are described in the test below the diagram).
- [secdir] secdir review of draft-ietf-idr-bgpls-se… Carl Wallace