Skip to main content

Early Review of draft-ietf-rtgwg-srv6-egress-protection-16
review-ietf-rtgwg-srv6-egress-protection-16-secdir-early-hallam-baker-2024-11-02-00

Request Review of draft-ietf-rtgwg-srv6-egress-protection-09
Requested revision 09 (document currently at 17)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2023-08-05
Requested 2023-07-11
Requested by Yingzhen Qu
Authors Tao He , Zhibo Hu, Huaimo Chen , Mehmet Toy , Chang Cao
I-D last updated 2024-11-02
Completed reviews Rtgdir Early review of -11 by Tal Mizrahi (diff)
Intdir Early review of -10 by Bob Halley (diff)
Secdir Early review of -16 by Phillip Hallam-Baker (diff)
Opsdir Early review of -09 by Susan Hares (diff)
Comments
Kindly request early reviews of this document, specifically focusing on its consistency and effectiveness in relation to existing mechanisms.
Assignment Reviewer Phillip Hallam-Baker
State Completed
Request Early review on draft-ietf-rtgwg-srv6-egress-protection by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/OsW1v_jPg4W2_T6njjR-LabF6F4
Reviewed revision 16 (document currently at 17)
Result Has issues
Completed 2024-11-02
review-ietf-rtgwg-srv6-egress-protection-16-secdir-early-hallam-baker-2024-11-02-00
I have reviewed this document and in general, it seems ready. While it does
raise serious security concerns, it is not clear that these are new to this
proposal or that this proposal gives more leverage to an attacker.

Specifically, the draft stipulates that 'the area is in a single administrative
domain' the security considerations describes one set of attacks arising from
customers served by the domain. However, this set of attacks may be broader
than described. Consider for instance the case where there are two domains A
and B that provide transit for ISP C. An attacker that wants to ensure C is
serviced exclusively by B might perform a denial of service attack on A so as
to increase the cost of that route so as to achieve that goal.

A real world attack that has been seen in the past is country X preparing for
an invasion of country Y, performing BGP level attacks to effectively reroute
Internet traffic within Y so that the government Web sites were serviced by
fake sites set up by X. These sites containing messages of the form 'don't
worry about the military exercises'.