[secdir] Secdir review of draft-ietf-idr-large-community-11

Vincent Roca <vincent.roca@inria.fr> Mon, 19 December 2016 18:14 UTC

Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C456B129592; Mon, 19 Dec 2016 10:14:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10
X-Spam-Level:
X-Spam-Status: No, score=-10 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2TDIKSmTrDB; Mon, 19 Dec 2016 10:14:32 -0800 (PST)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3DAC12959C; Mon, 19 Dec 2016 10:14:31 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.33,374,1477954800"; d="scan'208";a="250740567"
Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO [192.168.1.146]) ([82.236.155.50]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Dec 2016 19:14:29 +0100
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Message-Id: <27F009E7-E8C2-4235-8288-DC8637FCF370@inria.fr>
Date: Mon, 19 Dec 2016 19:14:28 +0100
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-idr-large-community.all@ietf.org
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/qUtK0yIChCDa_Vc_ePJlDGonecM>
Subject: [secdir] Secdir review of draft-ietf-idr-large-community-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 18:14:34 -0000

Hello,

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

IMHO, the document is Ready.

This document specifies an extension to BGP Communities.
The initial RFC1997 being a bit old, it does not include any security discussion section.
Therefore it is important that the present document has a detailed discussion on the
topic, which is actually the case. The level of details seems appropriate.
Furthermore there is a dedicated "Error handling" section which is also fine.

Cheers,

   Vincent