Stephen,
Can you please check the latest revision
https://datatracker.ietf.org/doc/draft-ietf-bess-bgp-sdwan-usage/ has addressed
your comments?
Thank you,
Linda
_____________________________________________
From: Linda Dunbar
Sent: Friday, February 16, 2024 3:55 AM
To: Stephen Farrell <stephen.farr...@cs.tcd.ie>; sec...@ietf.org
Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage....@ietf.org;
last-c...@ietf.org
Subject: RE: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
Stephen,
BGP/TLS has been deployed (see the attached email from Robert Razuk on using
BGP over TLS in Sproute's SDWAN solution for years) even though there is only
a 00 draft for BGP over TLS in IETF.
The document states that analysis of BGP over TLS is beyond the scope.
Is the following sentence better?
While beyond the scope of this document, conducting a comprehensive
analysis might be needed to ensure the security of BGP over TLS [BGP-OVER-TLS]
<< Message: Re: [Last-Call] Last Call:
<draft-ietf-bess-bgp-sdwan-usage-19.txt> (BGP Usage for SD-WAN Overlay
Networks) to Informational RFC >>
Thank you,
Linda
-----Original Message-----
From: Stephen Farrell via Datatracker <nore...@ietf.org>
Sent: Thursday, February 15, 2024 10:30 AM
To: sec...@ietf.org
Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage....@ietf.org;
last-c...@ietf.org
Subject: Secdir telechat review of draft-ietf-bess-bgp-sdwan-usage-20
Reviewer: Stephen Farrell
Review result: Has Issues
Draft-20 seems to dial-back the call for BGP/TLS, but OTOH adds text in the
security considerations saying that BGP/TLS "is imperative." I'm not sure of
the security pitfalls that might arise if one followed the guidance here whilst
BGP/TLS is still just a non-wg -00 draft (and hence aspirational), but it seems
to me like a possibly dangerous implement.
_______________________________________________
BESS mailing list
BESS@ietf.org
https://www.ietf.org/mailman/listinfo/bess
