Skip to main content

Last Call Review of draft-ietf-lsvr-applicability-21
review-ietf-lsvr-applicability-21-secdir-lc-sheffer-2025-01-19-00

Request Review of draft-ietf-lsvr-applicability
Requested revision No specific revision (document currently at 22)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2025-01-06
Requested 2024-12-11
Requested by Jim Guichard
Authors Keyur Patel , Acee Lindem , Shawn Zandi , Gaurav Dawra , Jie Dong
I-D last updated 2025-01-19
Completed reviews Opsdir Early review of -09 by Ron Bonica (diff)
Rtgdir Early review of -09 by Stig Venaas (diff)
Rtgdir Last Call review of -16 by Dhruv Dhody (diff)
Genart Last Call review of -15 by Mallory Knodel (diff)
Secdir Last Call review of -21 by Yaron Sheffer (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Request Last Call review on draft-ietf-lsvr-applicability by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/daRGtkmz_BEzJ46Z7Gt8oyd2v4A
Reviewed revision 21 (document currently at 22)
Result Ready
Completed 2025-01-19
review-ietf-lsvr-applicability-21-secdir-lc-sheffer-2025-01-19-00
I am far from an expert about the subject matter, but a cursory reading leads
me to agree with the Security Considerations:

This document introduces no new security considerations above and beyond those
already specified in the [RFC4271] and [I-D.ietf-lsvr-bgp-spf].

Having said that, the fact that we refer to the security considerations of a
19-year old RFC which had since been updated by 11 other RFCs - and is being
used today very differently from when it was first published - is a strong
indicator of a problem. At minimum, it is clear to me that no network engineer
can be expected to do the research and compile the set of security best
practices for their protocol deployment. I would challenge the BGP community
(or is it multiple distinct communities?) to come up with modernized security
considerations that are relevant to today's BGP ecosystem.