Early Review of draft-ietf-idr-bgp-open-policy-15
Reviewer: Alexey Melnikov
Review result: Ready
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
This document proposes a way to both prevent and detect BGP route leaks,
using a new BGP role capability and a new "Only to Customer" (OTC) BGP
Path attribute. I found the document to be well written and easily
by a reader like me who is not expert in BGP. The Security Considerations
talks about OTC misconfiguration affecting prefix propagation, but that
the new BGP role capability counteracts this. I tend to agree and
I can't think of other security issues raised by this document.