Last Call Review of draft-ietf-idr-bgp-gr-notification-15
review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28-00

Request Review of draft-ietf-idr-bgp-gr-notification
Requested revision No specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-04-24
Requested 2018-04-10
Authors Keyur Patel , Rex Fernando , John Scudder , Jeffrey Haas
I-D last updated 2018-04-28
Completed reviews Rtgdir Early review of -03 by Mach Chen (diff)
Rtgdir Early review of -05 by Mach Chen (diff)
Rtgdir Early review of -07 by Emmanuel Baccelli (diff)
Rtgdir Telechat review of -15 by Bruno Decraene (diff)
Opsdir Last Call review of -15 by Qin Wu (diff)
Secdir Last Call review of -15 by Yoav Nir (diff)
Assignment Reviewer Yoav Nir
State Completed
Review review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28
Reviewed revision 15 (document currently at 16)
Result Ready
Completed 2018-04-28
review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The document extends the BGP Graceful Restart feature from RFC 4724 to also
cover Notification messages. It does not make significant changes to the
security properties of the original RFC.

The one concern I had while reading the draft was in section 4.1 where when the
extension is active, stale routes are not deleted, so an attacker can use
repeated resets (the BGP connection is just TCP) to prevent stale route
deletion. As the security considerations section says, this is mitigating by
elevating the stale timer (after which stale routes are deleted) from MAY to
MUST in that case.

In summary, the document is well-written and deals with the security issues
adequately.