Last Call Review of draft-ietf-idr-error-handling-18
review-ietf-idr-error-handling-18-secdir-lc-hoffman-2015-03-05-00

Request Review of draft-ietf-idr-error-handling
Requested revision No specific revision (document currently at 19)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-03-10
Requested 2015-03-02
Authors Enke Chen , John Scudder , Prodosh Mohapatra , Keyur Patel
I-D last updated 2015-03-05
Completed reviews Genart Last Call review of -18 by Tom Taylor (diff)
Secdir Last Call review of -18 by Paul E. Hoffman (diff)
Opsdir Early review of -15 by Warren "Ace" Kumari (diff)
Rtgdir Early review of -13 by Joel M. Halpern (diff)
Rtgdir Early review of -15 by Mach Chen (diff)
Assignment Reviewer Paul E. Hoffman
State Completed
Request Last Call review on draft-ietf-idr-error-handling by Security Area Directorate Assigned
Reviewed revision 18 (document currently at 19)
Result Ready
Completed 2015-03-05
review-ietf-idr-error-handling-18-secdir-lc-hoffman-2015-03-05-00
Greetings again. This document updates the error handling of a bunch of BGP
protocol documents to deal with the fact that they (inadvertently) allow a
remote attacker to cause BGP sessions to be reset when they probably shouldn't
be. The problem being solved is that BGP says that if an UPDATE message with a
malformed attribute is received, the current spec says the entire session in
which that message was received is reset, even parts that are valid. However,
UPDATE messages might be propagated through intermediate routers that don't
check the attribute validity, so that an attacker can possibly make a
hard-to-trace and expanding attack.

The draft says, in essence, "limit the damage of the malformed attribute to
only the part of the session that are directly related to it". It also updates
the similar error handing for a bunch of other BGP attributes. Overall, the
draft is clear, and the Security Considerations section is concise and easy to
understand.

--Paul Hoffman