Secdir last call review of draft-ietf-idr-bgp-gr-notification-15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Yoav Nir
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The document extends the BGP Graceful Restart feature from RFC 4724 to also
cover Notification messages. It does not make significant changes to the
security properties of the original RFC.

The one concern I had while reading the draft was in section 4.1 where when the
extension is active, stale routes are not deleted, so an attacker can use
repeated resets (the BGP connection is just TCP) to prevent stale route
deletion. As the security considerations section says, this is mitigating by
elevating the stale timer (after which stale routes are deleted) from MAY to
MUST in that case.

In summary, the document is well-written and deals with the security issues
adequately.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux