Early Review of draft-ietf-idr-bgp-open-policy-15
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00

Request Review of draft-ietf-idr-bgp-open-policy
Requested revision No specific revision (document currently at 24)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2021-02-01
Requested 2021-01-13
Requested by Susan Hares
Authors Alexander Azimov , Eugene Bogomazov , Randy Bush , Keyur Patel , Kotikalapudi Sriram
I-D last updated 2021-01-31
Completed reviews Secdir Early review of -15 by Alexey Melnikov (diff)
Rtgdir Early review of -15 by Mach Chen (diff)
Rtgdir Last Call review of -18 by Ines Robles (diff)
Genart Last Call review of -18 by Gyan Mishra (diff)
Secdir Last Call review of -18 by Alexey Melnikov (diff)
Comments 
This work is part of a joint set of work between Grow and IDR.
Assignment Reviewer Alexey Melnikov
State Completed
Request Early review on draft-ietf-idr-bgp-open-policy by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/qVca81d1Ie_hWbq_aUEOi8xvZJk
Reviewed revision 15 (document currently at 24)
Result Ready
Completed 2021-01-31
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00
Reviewer: Alexey Melnikov
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This document proposes a way to both prevent and detect BGP route leaks,
using a new BGP role capability and a new "Only to Customer" (OTC) BGP
Path attribute. I found the document to be well written and easily 
understood
by a reader like me who is not expert in BGP. The Security Considerations
talks about OTC misconfiguration affecting prefix propagation, but that
the new BGP role capability counteracts this. I tend to agree and
I can't think of other security issues raised by this document.

Best Regards,
Alexey