Last Call Review of draft-ietf-grow-ix-bgp-route-server-operations-03
review-ietf-grow-ix-bgp-route-server-operations-03-secdir-lc-meadows-2014-09-18-00
| Request | Review of | draft-ietf-grow-ix-bgp-route-server-operations |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2014-09-22 | |
| Requested | 2014-09-11 | |
| Authors | Nick Hilliard , Elisa Jasinska , Robert Raszuk , Niels Bakker | |
| I-D last updated | 2014-09-18 | |
| Completed reviews |
Genart Last Call review of -03
by Dan Romascanu
(diff)
Genart Telechat review of -03 by Dan Romascanu (diff) Secdir Last Call review of -03 by Catherine Meadows (diff) Opsdir Last Call review of -03 by Niclas Comstedt (diff) Rtgdir Last Call review of -03 by John Scudder (diff) |
|
| Assignment | Reviewer | Catherine Meadows |
| State | Completed | |
| Request | Last Call review on draft-ietf-grow-ix-bgp-route-server-operations by Security Area Directorate Assigned | |
| Reviewed revision | 03 (document currently at 05) | |
| Result | Has issues | |
| Completed | 2014-09-18 |
review-ietf-grow-ix-bgp-route-server-operations-03-secdir-lc-meadows-2014-09-18-00
I have reviewed the current version of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft discusses several issues of operational relevance to route server operators and provides recommendations to help them provide a reliable interconnection services. Reliability, not security, is the main focus of this document, but several of the problems that are discussed also have implications for security, mainly because if they are not properly addressed they can be used to implement various attacks, mostly in the form of denial of service. These are summarized in the Security Considerations section, and it is pointed out in that section which countermeasures described in the document defend against these attacks. My only criticism of the Security Considerations section is that the issues are not described in very much detail. It would be helpful to have references to other documents where more information is given. Otherwise I find myself asking questions such as “What are the ‘certain circumstances’ under which the path hiding problem can be exploited” and “How is it trivial for a route server to implement denial of service if prefix leakage mitigation is not implemented?” Also, a nit. I found the summary of path hiding in Section 4.1 a little misleading: "Path hiding" is a term used in [I-D.ietf-idr-ix-bgp-route-server] to describe the process whereby a route server may mask individual paths by applying conflicting routing policies to its Loc-RIB. This gave me the impression that path hiding is something done deliberately, when actually it appears to be an unintended side effect. The reference draft.ietf-idr-ix-bgp-route-server makes the unintended nature of path hiding more clear. I think it would be better to have something like the following: "Path hiding" is a term used in [I-D.ietf-idr-ix-bgp-route-server] to describe the process whereby a route server may inadvertently mask individual paths by applying conflicting routing policies to its Loc-RIB. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows at nrl.navy.mil