Skip to main content

Last Call Review of draft-ietf-intarea-provisioning-domains-09
review-ietf-intarea-provisioning-domains-09-rtgdir-lc-white-2019-12-16-01

Request Review of draft-ietf-intarea-provisioning-domains
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Routing Area Directorate (rtgdir)
Deadline 2019-12-25
Requested 2019-12-11
Requested by Alvaro Retana
Authors Pierre Pfister , Éric Vyncke , Tommy Pauly , David Schinazi , Wenqin Shao
I-D last updated 2019-12-16
Completed reviews Intdir Early review of -01 by Zhen Cao (diff)
Opsdir Early review of -01 by Tim Chown (diff)
Secdir Last Call review of -04 by Phillip Hallam-Baker (diff)
Rtgdir Last Call review of -09 by Russ White (diff)
Tsvart Last Call review of -09 by Martin Duke (diff)
Genart Last Call review of -09 by Francis Dupont (diff)
Opsdir Last Call review of -09 by Tim Chown (diff)
Assignment Reviewer Russ White
State Completed
Request Last Call review on draft-ietf-intarea-provisioning-domains by Routing Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/rtg-dir/LzazCGEGaNqbAXLdcnIjwQqLFyc
Reviewed revision 09 (document currently at 11)
Result Has issues
Completed 2019-12-16
review-ietf-intarea-provisioning-domains-09-rtgdir-lc-white-2019-12-16-01
Hello,

I have been selected as the Routing Directorate reviewer for this draft. The
Routing Directorate seeks to review all routing or routing-related drafts as
they pass through IETF last call and IESG review, and sometimes on special
request. The purpose of the review is to provide assistance to the Routing ADs.
For more information about the Routing Directorate, please see
​http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir

Although these comments are primarily for the use of the Routing ADs, it would
be helpful if you could consider them along with any other IETF Last Call
comments that you receive, and strive to resolve them through discussion or by
updating the draft.

Document: draft-ietf-intarea-provisioning-domains-09

Reviewer: Russ White

Review Date: 16 December 2019

Intended Status: Standards Track

Summary:

I have some minor concerns about this document that I think should be resolved
before publication.

Comments:

The draft is very readable, explaining the problems being addressed, the
various options, and the solution in clear and precise language.

Major Issues:

No major issues found.

Minor Issues:

This is really more of a possible addition rather strictly being an issue.
Section 3.4.4 notes the importance of not allowing DNS queries for PvD
information to leak into recursive DNS servers. There are security issues here
that are not mentioned, but might be worth mentioning. Specifically, if a DNS
query for PvD information is somehow leaked into the recursive DNS system, it
could reveal information about the querying hosts which could present a
security breach.

This would just be another reason to be added to this section as justification,
and potentially added to the security considerations section.

A second area to consider here is that it might be good to mention having a
filter or mechanism on the implementing router that allows the user to
configure filtering PvD information so it is only ever transmitted to attached
hosts. It may be that some outside attacker could use this information to find
attack surfaces or do network discovery to prepare for an attack, so it might
be best to allow the user to keep this information "private" to only the
intended recipients in some way or another. The network operator shouldn't
really be using this information to query PvD information, but rather should be
using some management interface, so this should not impair it's use in any way.
This may be covered in section 7, but it might need to be a bit more explicit
(?).

/r