Early Review of draft-ietf-idr-bgp-open-policy-15
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00
| Request | Review of | draft-ietf-idr-bgp-open-policy |
|---|---|---|
| Requested revision | No specific revision (document currently at 24) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-02-01 | |
| Requested | 2021-01-13 | |
| Requested by | Susan Hares | |
| Authors | Alexander Azimov , Eugene Bogomazov , Randy Bush , Keyur Patel , Kotikalapudi Sriram | |
| Draft last updated | 2021-01-31 | |
| Completed reviews |
Secdir Early review of -15
by
Alexey Melnikov
(diff)
Rtgdir Early review of -15 by Mach Chen (diff) Rtgdir Last Call review of -18 by Ines Robles (diff) Genart Last Call review of -18 by Gyan Mishra (diff) Secdir Last Call review of -18 by Alexey Melnikov (diff) |
|
| Comments |
This work is part of a joint set of work between Grow and IDR. |
|
| Assignment | Reviewer | Alexey Melnikov |
| State | Completed | |
| Review |
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31
|
|
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/qVca81d1Ie_hWbq_aUEOi8xvZJk | |
| Reviewed revision | 15 (document currently at 24) | |
| Result | Ready | |
| Completed | 2021-01-31 |
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00
Reviewer: Alexey Melnikov Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document proposes a way to both prevent and detect BGP route leaks, using a new BGP role capability and a new "Only to Customer" (OTC) BGP Path attribute. I found the document to be well written and easily understood by a reader like me who is not expert in BGP. The Security Considerations talks about OTC misconfiguration affecting prefix propagation, but that the new BGP role capability counteracts this. I tend to agree and I can't think of other security issues raised by this document. Best Regards, Alexey