Last Call Review of draft-ietf-bess-bgp-sdwan-usage-19
review-ietf-bess-bgp-sdwan-usage-19-secdir-lc-farrell-2024-02-02-00

I looked at the diff from -15 to -19.

I think the main security issue of depending on BGP over TLS remains - that
seems almost fictional (is it?), whereas the shepherd write-up says: "...this
draft is simply describing the usage of existing technologies standardised
within bess to SD-WAN." I see Roman's existing discuss already covers this.

I note that https://datatracker.ietf.org/doc/draft-wirtgen-bgp-tls/ was posted
since I did the review of -15 of this draft, but that seems to be a fairly
brief -00 individual submission. Presumably that work would have to have
progressed significantly before this draft could reflect reality.

As this draft is aiming to become an informational RFC, I guess one could
rewrite the sections mentioning TLS to say that BGP/TLS is needed for this to
be secure, is not available today, but is something that is being developed
(e.g. referring to draft-wirtgen-bgp-tls). However, doing that before adoption
of a work item for BGP/TLS by some routing WG might well be considered
premature and overly optimistic?