Skip to main content

Last Call Review of draft-ietf-bess-fat-pw-bgp-03
review-ietf-bess-fat-pw-bgp-03-secdir-lc-kelly-2018-02-22-00

Request Review of draft-ietf-bess-fat-pw-bgp
Requested revision No specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-02-09
Requested 2018-01-26
Authors Keyur Patel , Sami Boutros , Jose Liste , Bin Wen , Jorge Rabadan
Draft last updated 2018-02-22
Completed reviews Rtgdir Telechat review of -03 by Tomonori Takeda (diff)
Opsdir Last Call review of -03 by Mahesh Jethanandani (diff)
Secdir Last Call review of -03 by Scott G. Kelly (diff)
Genart Last Call review of -03 by Francis Dupont (diff)
Assignment Reviewer Scott G. Kelly
State Completed
Review review-ietf-bess-fat-pw-bgp-03-secdir-lc-kelly-2018-02-22
Reviewed revision 03 (document currently at 04)
Result Has Issues
Completed 2018-02-22
review-ietf-bess-fat-pw-bgp-03-secdir-lc-kelly-2018-02-22-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. 
Document editors and WG chairs should treat these comments just like any other
last call comments.

The summary of the review is Ready with issues.

From the last line of the abstract, this draft updates RFC 4761 by defining new
flags in the Control Flags field of the Layer2 Info Extended Community.

I'm not expert in routing protocols, so I can't say for sure that the one minor
issue I'm calling out is the only one. The security considerations section is
very brief, saying only

   This extension to BGP does not change the underlying security issues
   inherent in the existing [RFC4271].

RFC4271 is the BGP4 RFC. I agree that those security considerations apply, but
as noted in the abstract, this draft updates RFC4761, and since that document
calls out additional security considerations, don't those also apply here?
Shouldn't this document's security considerations also reference RFC4761?

--Scott