Reviewer: Stephen Farrell
Review result: Not Ready
I have two easily fixed issues and one that may need a bit of chat:
#1 There are a few places with (probably wrong) security text that
really would be better fixed. Those include:
- "(such as TLS, SSL, etc.)" occurs a few times, but SSL just is
Reviewer: Stephen Farrell
Review result: Has Issues
Roman has covered all the points I would have raised in his dicuss ballot
already, so I'm filing this just for completeness and the authors shouldn't
feel any need to respond to me. In particular though, I've no idea if it's
realistic (or not) to
Reviewer: Stephen Farrell
Review result: Has Issues
I looked at the diff from -15 to -19.
I think the main security issue of depending on BGP over TLS remains - that
seems almost fictional (is it?), whereas the shepherd write-up says: "...this
draft is simply describing the usage of existing tech
Reviewer: Stephen Farrell
Review result: Has Issues
Draft-20 seems to dial-back the call for BGP/TLS, but OTOH adds text in the
security considerations saying that BGP/TLS "is imperative." I'm not sure of
the security pitfalls that might arise if one followed the guidance here whilst
BGP/TLS is st
