Early Review of draft-ietf-idr-bgp-ct-30
review-ietf-idr-bgp-ct-30-secdir-early-nystrom-2024-04-07-00
| Request | Review of | draft-ietf-idr-bgp-ct |
|---|---|---|
| Requested revision | No specific revision (document currently at 39) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2024-04-04 | |
| Requested | 2024-03-20 | |
| Requested by | Susan Hares | |
| Authors | Kaliraj Vairavakkalai , Natrajan Venkataraman | |
| I-D last updated | 2025-03-14 (Latest revision 2025-02-28) | |
| Completed reviews |
Rtgdir Early review of -18
by Jonathan Hardwick
(diff)
Secdir Early review of -18 by Magnus Nyström (diff) Opsdir Early review of -19 by Bo Wu (diff) Secdir Early review of -19 by Magnus Nyström (diff) Tsvart Early review of -27 by Olivier Bonaventure (diff) Secdir Early review of -30 by Magnus Nyström (diff) Rtgdir Early review of -09 by Mohamed Boucadair (diff) Opsdir Early review of -12 by Bo Wu (diff) Genart IETF Last Call review of -35 by Reese Enghardt (diff) |
|
| Comments |
Could the previous SEC-DIR reviewer (Magnus Nyström) look at the latest version? The document is ready to submission to IESG except for this security issue. |
|
| Assignment | Reviewer | Magnus Nyström |
| State | Completed | |
| Request | Early review on draft-ietf-idr-bgp-ct by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/alzGCJYNS16NyBsp6wyDhQi-QWY | |
| Reviewed revision | 30 (document currently at 39) | |
| Result | Has nits | |
| Completed | 2024-04-07 |
review-ietf-idr-bgp-ct-30-secdir-early-nystrom-2024-04-07-00
Comparing with my original review (-18) the authors have addressed my concerns. There is one remaining, probably smaller, issue: The Security Considerations section states: "In order to mitigate the risk of the diversion of traffic from its intended destination, existing BGPsec solution could be extended and supported for this SAFI." - was this meant to say "existing BGPsec solutions" or "the existing BGP solution"? Also, it isn't clear how BGPsec should be extended - and if it would provide any substantial benefit over the mechanisms described herein (the remainder of this paragraph states: "The restriction of the aplicability of this SAFI to its intended well-defined scope limits the likelihood of traffic diversions. Furthermore, as long as the filtering and appropriate configuration mechanisms discussed previously are applied diligently, risk of the diversion of the traffic is significantly mitigated.").