[secdir] Secdir last call review of draft-ietf-bess-bgp-sdwan-usage-19
Stephen Farrell via Datatracker <noreply@ietf.org> Fri, 02 February 2024 14:02 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 48EB2C14CF1D; Fri, 2 Feb 2024 06:02:34 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: bess@ietf.org, draft-ietf-bess-bgp-sdwan-usage.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170688255428.29934.10272482596067024408@ietfa.amsl.com>
Reply-To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 02 Feb 2024 06:02:34 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mJ_u1bPyYyFzCZqxz3X2rY_tkps>
Subject: [secdir] Secdir last call review of draft-ietf-bess-bgp-sdwan-usage-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2024 14:02:34 -0000
Reviewer: Stephen Farrell Review result: Has Issues I looked at the diff from -15 to -19. I think the main security issue of depending on BGP over TLS remains - that seems almost fictional (is it?), whereas the shepherd write-up says: "...this draft is simply describing the usage of existing technologies standardised within bess to SD-WAN." I see Roman's existing discuss already covers this. I note that https://datatracker.ietf.org/doc/draft-wirtgen-bgp-tls/ was posted since I did the review of -15 of this draft, but that seems to be a fairly brief -00 individual submission. Presumably that work would have to have progressed significantly before this draft could reflect reality. As this draft is aiming to become an informational RFC, I guess one could rewrite the sections mentioning TLS to say that BGP/TLS is needed for this to be secure, is not available today, but is something that is being developed (e.g. referring to draft-wirtgen-bgp-tls). However, doing that before adoption of a work item for BGP/TLS by some routing WG might well be considered premature and overly optimistic?
- [secdir] Secdir last call review of draft-ietf-be… Stephen Farrell via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Linda Dunbar
- Re: [secdir] Secdir last call review of draft-iet… Stephen Farrell