[secdir] Secdir review of draft-ietf-sidr-bgpsec-threats-06

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Tue, 24 September 2013 06:00 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F1121F9E11; Mon, 23 Sep 2013 23:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i92BHvIWNVFZ; Mon, 23 Sep 2013 23:00:06 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id 4718321F9DCE; Mon, 23 Sep 2013 23:00:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1369; q=dns/txt; s=iport; t=1380002406; x=1381212006; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=7l9Rr4FPKv63LP382Ie28s3N+qeTt7yf/C6P2PuQXbA=; b=SQqUQZAKvIniyVuInUjE/v+QpEkaYUnRkNhqmycADtM65HUMdYXZeM4n r2BCyNld/Qp9DhjVp/OxZyRcF37dvY9A3nti9ShisiTypJpuTl6l1X5tV nTz+cder1L8/BhHAhD26Kcmz9tnLHoIjjvb/O7OksH7B4QxZwEVXsT3zI M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AicFAEEpQVKtJV2c/2dsb2JhbABagweBCsEogSIWdIInAQQ6UQEqFEInBAEah328ZY8gg1aBAAOpc4Mkgio
X-IronPort-AV: E=Sophos;i="4.90,968,1371081600"; d="scan'208";a="263653000"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-6.cisco.com with ESMTP; 24 Sep 2013 06:00:06 +0000
Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r8O605xq028339 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 24 Sep 2013 06:00:05 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.212]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.02.0318.004; Tue, 24 Sep 2013 01:00:05 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "<secdir@ietf.org>" <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-sidr-bgpsec-threats-06.all@tools.ietf.org" <draft-ietf-sidr-bgpsec-threats-06.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-sidr-bgpsec-threats-06
Thread-Index: AQHOuOtQNP014ejpdES76SMyLe+X8w==
Date: Tue, 24 Sep 2013 06:00:04 +0000
Message-ID: <A95B4818FD85874D8F16607F1AC7C628EA86FF@xmb-rcd-x09.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.33.248.127]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <0551690C4CF3B342B69798D73EB9DD16@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] Secdir review of draft-ietf-sidr-bgpsec-threats-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 06:00:12 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document discusses a threat model for BGP Path Security.   The  document contains a lot of good information, but I found it hard to follow in places  
Some issues:

1.   I found it difficult to link the threats in section 3 to the attacks in section 4.   This is more of a consistency of terminology issue and is probably just a nit. 
2.   The attacks in sections 4.1, 4.2, and 4.3 seem to be largely discounted as out of scope, yet they seem to impact the goals of PATHSEC.   Is it assumed that there are countermeasures in place such as link protection between RGP peers?    If other countermeasures besides PATHSEC are expected to be in place this should probably be mentioned in the security considerations.  
3.   I found the argument against not including 'route leakage' a bit weak since the documents seems to be able to define what it means.   Wouldn't 'route leakage' be a mechanism to realize one or more of the threats in section 3?  


Thanks,

Joe