Early Review of draft-ietf-idr-bgp-open-policy-15
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00

Request Review of draft-ietf-idr-bgp-open-policy
Requested rev. no specific revision (document currently at 15)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2021-02-01
Requested 2021-01-13
Requested by Susan Hares
Authors Alexander Azimov, Eugene Bogomazov, Randy Bush, Keyur Patel, Kotikalapudi Sriram
Draft last updated 2021-01-31
Completed reviews Secdir Early review of -15 by Alexey Melnikov
Comments
This work is part of a joint set of work between Grow and IDR.
Assignment Reviewer Alexey Melnikov 
State Completed
Review review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31
Posted at https://mailarchive.ietf.org/arch/msg/secdir/qVca81d1Ie_hWbq_aUEOi8xvZJk
Reviewed rev. 15
Review result Ready
Review completed: 2021-01-31

Review
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31

Reviewer: Alexey Melnikov
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This document proposes a way to both prevent and detect BGP route leaks,
using a new BGP role capability and a new "Only to Customer" (OTC) BGP
Path attribute. I found the document to be well written and easily 
understood
by a reader like me who is not expert in BGP. The Security Considerations
talks about OTC misconfiguration affecting prefix propagation, but that
the new BGP role capability counteracts this. I tend to agree and
I can't think of other security issues raised by this document.

Best Regards,
Alexey