[secdir] Secdir review of draft-ietf-idr-bgp-ls-segment-routing-msd-16
Radia Perlman <radiaperlman@gmail.com> Fri, 10 April 2020 18:11 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923EF3A0C1A; Fri, 10 Apr 2020 11:11:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2KVmggMj5_k3; Fri, 10 Apr 2020 11:11:11 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1FD43A0C17; Fri, 10 Apr 2020 11:11:07 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id z26so2731248ljz.11; Fri, 10 Apr 2020 11:11:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=u0Cyhys75mEkhThuDv0rrSYxSX11quEJvdvdIGc+Sos=; b=Ds9dxJ66QIV0fVYiWLnpkd621ElupRd2iVd8kuvOM37r1I+4NaXQps3aMEKU1Xv3eN 4kDHjt6EJ9o1AtTWtDR+MOWOYVfgaAEA/FlJIIjp1BujcHBMeTSg4Kcw0I0R0YUPluEr epPK4fhdpA5dqV5l1kJmhkJRg2IKeAjHwp9Zz2F/Rv4cSZBbtxdUDHauYKw0RQtpbrfI oFrwnpiG8o+zJbnnyRpQEa2ymDM3mRFWHVmdCsMXbQ5AeYhRww8gfemd9CAex5MKncaa 5+6k3h4bPwnjzprrHM3qVAwDLjozuMZD6XLS/wMtwwbAd0D7tjxMW+cjKCBUS5/JPMwV 79Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=u0Cyhys75mEkhThuDv0rrSYxSX11quEJvdvdIGc+Sos=; b=qcBagHINt6irZQZcr+JaB9M4ddt+r//eE6oNv1sRlLAAiTREe5PjTQHEBi8FCxT3Hf 1kr4550y7kT48yvZJJ6b2Y+0E/IGrwP58ev+OUE5PTIrMEErj3hwE9W0z9R/s4ZxZlkA scvjEMF+DksFp0dZglfN22HO8GZ6QCjzLAX79vVz8ArsEWEKwLSJfyFkkIyBXQo0eUD0 ADnUV20ZzIujGcB8+vzqrJDXLUivYS7fJ1wydFuEoCKUnAwDyqnkrHXgnPlqtii2m2jS P3urliRkw/hpTMVl0K/OOQ1B558Jsw3Say73sH2UUhqwfzs1TzSzl42RlBqo9qxBdAOT ancg==
X-Gm-Message-State: AGi0Pubv3rT7eeW3es1bZPEOJymuqkytvJQO5c6OBYiuwXTjcygI9Zzr +r40+ZfpnL0hEo8LuGb/uGHA6xvZrTKuP/cnUpy/wGPA
X-Google-Smtp-Source: APiQypL2w4e3zBchNQyMrXAklfC/IqTm0YjU7tADF0yzTP9RBRCU0QLcs30NFsy3YsXxxk/uWHqaFawfvt7X3xJVm/w=
X-Received: by 2002:a2e:8ed9:: with SMTP id e25mr3500154ljl.219.1586542265912; Fri, 10 Apr 2020 11:11:05 -0700 (PDT)
MIME-Version: 1.0
From: Radia Perlman <radiaperlman@gmail.com>
Date: Fri, 10 Apr 2020 11:10:54 -0700
Message-ID: <CAFOuuo7chj=8E70SeMWSVcjCuUmjLvYr+HojOK1rW4VdV97qOQ@mail.gmail.com>
To: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-idr-bgp-ls-segment-routing-msd.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002e518405a2f3a89b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/c-tEdcKGECPFQ9cde1EA32UM864>
Subject: [secdir] Secdir review of draft-ietf-idr-bgp-ls-segment-routing-msd-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2020 18:11:13 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: I have found no issues with the document. This I-D defines two new code points for encoding information in BGP-LS messages. The code points are for maximum segment depth of nodes and links. BGP-LS can deliver this information to a centralized controller that needs it to compute a segment routing path. Without this information, the centralized controller may compute routes that won't work. As noted in Security Considerations, supplying incorrect information using this protocol could cause a centralized controller to compute non-optimal or non-working routes, but so could errors in many other fields of this information. These new fields don't introduce any new security challenges beyond those already present in BGP-LS. Radia
- [secdir] Secdir review of draft-ietf-idr-bgp-ls-s… Radia Perlman