Skip to main content

Early Review of draft-ietf-idr-bgpls-srv6-ext-09

Request Review of draft-ietf-idr-bgpls-srv6-ext
Requested revision No specific revision (document currently at 14)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2021-06-21
Requested 2021-05-26
Requested by Susan Hares
Authors Gaurav Dawra , Clarence Filsfils , Ketan Talaulikar , Mach Chen , Daniel Bernier , Bruno Decraene
I-D last updated 2022-05-19
Completed reviews Opsdir Early review of -08 by Dan Romascanu (diff)
Rtgdir Early review of -07 by Adrian Farrel (diff)
Secdir Early review of -09 by Stephen Farrell (diff)
Rtgdir Last Call review of -12 by Stewart Bryant (diff)
Intdir Telechat review of -12 by Timothy Winters (diff)
Please do a detailed examination of security considerations section.
Assignment Reviewer Stephen Farrell
State Completed
Request Early review on draft-ietf-idr-bgpls-srv6-ext by Security Area Directorate Assigned
Posted at
Reviewed revision 09 (document currently at 14)
Result Ready
Completed 2022-05-19
First, apologies for the appallingly late review - I hope this remains useful.

Second, I wish there were another status for secdir reviews meaning "I haven't
a notion," as that applies in this case;-)

The draft itself is probably fine as it's just defining ways in which existing
SRv6 stuff can be carried in BGP and the draft already points out how that
could increase the impact of any underlying security issues with SRv6 compared
carrying that same data in IS-IS or OSPF. So in that sense this seems ready.

However, I have to say that SRv6 seems rather scary to me from the security POV
so I really wonder if networks that do deploy that might not run into all sorts
of hard to predict security issues. Whether or not that's the case is the thing
about which I don't really have a notion and which is also (and properly) not
answered by this draft but nor was I enlightened by the other bits of SRv6 spec
that I scanned.