Last Call Review of draft-ietf-grow-unique-origin-as-
review-ietf-grow-unique-origin-as-secdir-lc-melnikov-2011-04-30-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft makes recommendations regarding the use of per-node unique
origin ASNs for globally anycasted critical infrastructure services in order
to provide routing system discriminators for a given anycasted prefix.
Network management and monitoring techniques, or other operational
mechanisms can benefit from use of these new discriminators.



Routing security is outside of my field of expertise, but I think the 


document



made a compelling argument why use of per-node unique origin ASNs
(as opposed to one ASN for all anycast nodes) improves the ability to detect
rogue anycast nodes (assuming all nodes use unique ASNs). The proposed
mechanism also better co-exists with SIDR, which is an extra plus.

So overall I think the document is in a good shape and the Security
Considerations section seems adequate.

Best Regards,
Alexey

--
Internet Messaging Team Lead, <

http://www.isode.com

>
JID: same as my email address
twitter: aamelnikov