Early Review of draft-ietf-idr-bgp-open-policy-15
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00
| Request | Review of | draft-ietf-idr-bgp-open-policy |
|---|---|---|
| Requested revision | No specific revision (document currently at 24) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-02-01 | |
| Requested | 2021-01-13 | |
| Requested by | Susan Hares | |
| Authors | Alexander Azimov , Eugene Bogomazov , Randy Bush , Keyur Patel , Kotikalapudi Sriram | |
| I-D last updated | 2022-05-06 (Latest revision 2022-04-01) | |
| Completed reviews |
Secdir Early review of -15
by Alexey Melnikov
(diff)
Rtgdir Early review of -15 by Mach Chen (diff) Rtgdir IETF Last Call review of -18 by Ines Robles (diff) Genart IETF Last Call review of -18 by Gyan Mishra (diff) Secdir IETF Last Call review of -18 by Alexey Melnikov (diff) |
|
| Comments |
This work is part of a joint set of work between Grow and IDR. |
|
| Assignment | Reviewer | Alexey Melnikov |
| State | Completed | |
| Request | Early review on draft-ietf-idr-bgp-open-policy by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/qVca81d1Ie_hWbq_aUEOi8xvZJk | |
| Reviewed revision | 15 (document currently at 24) | |
| Result | Ready | |
| Completed | 2021-01-31 |
review-ietf-idr-bgp-open-policy-15-secdir-early-melnikov-2021-01-31-00
Reviewer: Alexey Melnikov Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document proposes a way to both prevent and detect BGP route leaks, using a new BGP role capability and a new "Only to Customer" (OTC) BGP Path attribute. I found the document to be well written and easily understood by a reader like me who is not expert in BGP. The Security Considerations talks about OTC misconfiguration affecting prefix propagation, but that the new BGP role capability counteracts this. I tend to agree and I can't think of other security issues raised by this document. Best Regards, Alexey