Last Call Review of draft-ietf-sidr-bgpsec-threats-06
review-ietf-sidr-bgpsec-threats-06-secdir-lc-salowey-2013-09-26-00

Request Review of draft-ietf-sidr-bgpsec-threats
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-09-23
Requested 2013-09-12
Authors Stephen Kent, Andrew Chi
Draft last updated 2013-09-26
Completed reviews Genart Last Call review of -06 by David Black (diff)
Genart Telechat review of -07 by David Black (diff)
Secdir Last Call review of -06 by Joseph Salowey (diff)
Assignment Reviewer Joseph Salowey
State Completed
Review review-ietf-sidr-bgpsec-threats-06-secdir-lc-salowey-2013-09-26
Reviewed rev. 06 (document currently at 09)
Review result Has Issues
Review completed: 2013-09-26

Review
review-ietf-sidr-bgpsec-threats-06-secdir-lc-salowey-2013-09-26

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document discusses a threat model for BGP Path Security.   The  document contains a lot of good information, but I found it hard to follow in places  
Some issues:

1.   I found it difficult to link the threats in section 3 to the attacks in section 4.   This is more of a consistency of terminology issue and is probably just a nit. 
2.   The attacks in sections 4.1, 4.2, and 4.3 seem to be largely discounted as out of scope, yet they seem to impact the goals of PATHSEC.   Is it assumed that there are countermeasures in place such as link protection between RGP peers?    If other countermeasures besides PATHSEC are expected to be in place this should probably be mentioned in the security considerations.  
3.   I found the argument against not including 'route leakage' a bit weak since the documents seems to be able to define what it means.   Wouldn't 'route leakage' be a mechanism to realize one or more of the threats in section 3?  


Thanks,

Joe