[secdir] Secdir early review of draft-ietf-idr-bgp-open-policy-15
Alexey Melnikov <alexey.melnikov@isode.com> Sun, 31 January 2021 18:22 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD5C23A118F; Sun, 31 Jan 2021 10:22:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_sSxjicPuqS; Sun, 31 Jan 2021 10:22:55 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 66E2E3A118E; Sun, 31 Jan 2021 10:22:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1612117371; d=isode.com; s=june2016; i=@isode.com; bh=hqbX3DiYhcTxMBXk2SaKMDwXULtCLaWkeAE7c3XTgsU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=CzLNOjKCTON+MjFPEOXjbFCBXUVfk+U+Yoh6M/B0yGktyVTEae0zFsfwlUS+drjefJ9SqR jmTHjJZlgts3ieGbbrscQuWRv6N7IGQPOFIdjzPuDaxDBfQSxv6th1K9UPuP/mNpV7xXoz rEh4DNxc3beCi45ZxavE2rFL1LrL8To=;
Received: from [192.168.0.5] (4e697ac1.skybroadband.com [78.105.122.193]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <YBb1ewAuQRJf@waldorf.isode.com>; Sun, 31 Jan 2021 18:22:51 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: secdir@ietf.org
Cc: draft-ietf-idr-bgp-open-policy.all@ietf.org
Message-ID: <26d2a9b5-09dc-0929-c393-f7f0e1be0a9b@isode.com>
Date: Sun, 31 Jan 2021 18:22:55 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/qVca81d1Ie_hWbq_aUEOi8xvZJk>
Subject: [secdir] Secdir early review of draft-ietf-idr-bgp-open-policy-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2021 18:22:57 -0000
Reviewer: Alexey Melnikov Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document proposes a way to both prevent and detect BGP route leaks, using a new BGP role capability and a new "Only to Customer" (OTC) BGP Path attribute. I found the document to be well written and easily understood by a reader like me who is not expert in BGP. The Security Considerations talks about OTC misconfiguration affecting prefix propagation, but that the new BGP role capability counteracts this. I tend to agree and I can't think of other security issues raised by this document. Best Regards, Alexey
- [secdir] Secdir early review of draft-ietf-idr-bg… Alexey Melnikov