[secdir] SECDIR review of draft-ietf-l3vpn-v6-ext-communities-02
Julien Laganier <julien.laganier.ietf@googlemail.com> Thu, 16 July 2009 01:26 UTC
Return-Path: <julien.laganier.ietf@googlemail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B13C43A6C95 for <secdir@core3.amsl.com>; Wed, 15 Jul 2009 18:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhtkKz6+N0q5 for <secdir@core3.amsl.com>; Wed, 15 Jul 2009 18:26:19 -0700 (PDT)
Received: from mail-bw0-f228.google.com (mail-bw0-f228.google.com [209.85.218.228]) by core3.amsl.com (Postfix) with ESMTP id 95EFB3A68BB for <secdir@ietf.org>; Wed, 15 Jul 2009 18:26:18 -0700 (PDT)
Received: by bwz28 with SMTP id 28so1762077bwz.37 for <secdir@ietf.org>; Wed, 15 Jul 2009 18:26:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=o2QEL3RbnBf0tx2xvbbW5E91jS7FXgas7zIGEYa9rL8=; b=rqKcWg3S24KjRZxVCtJDXB3mMcW/5FUlUCumUWV+PALKPGmcpyLLtz/9+IxidRH3n4 ouCnR0aZ6wwc2Rz31t7hOhNzzpk/JkpTZL6+md7TcFsmqcI4CbxWmFhjsk7BtIm13qph SkH2qub+hHVI2mkazKjB+ZuPWiKs7CZaar57s=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=PP96LEvBTUvpKrLSvylTJowkIixRPJnk/4mCwpBDZfzGEkulEPEhX3R54fFd+b/Gzf TwOewYu71p1y2Xuj7ilnZ5xK4gVlWZbrUCL5oNbgyLZGi0U7yo66+4OkGfCSLOXC1KBu OuQMqp1AhDE1EYq27Xs+4Bt4ADh9bk0KHYt20=
MIME-Version: 1.0
Received: by 10.204.115.130 with SMTP id i2mr8231410bkq.162.1247707608082; Wed, 15 Jul 2009 18:26:48 -0700 (PDT)
Date: Wed, 15 Jul 2009 18:26:48 -0700
Message-ID: <7ad6d6db0907151826j1807bb14w37e15ab3415d2172@mail.gmail.com>
From: Julien Laganier <julien.laganier.ietf@googlemail.com>
To: secdir@ietf.org, yakov@juniper.net
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [secdir] SECDIR review of draft-ietf-l3vpn-v6-ext-communities-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2009 01:26:19 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Abstract: Current specifications of BGP Extended Communities [RFC4360] support IPv4 Address Specific Extended Community, but do not support IPv6 Address Specific Extended Community. The lack of IPv6 Address Specific Extended Community may be a problem when an application uses IPv4 Address Specific Extended Community, and one wants to use this application in a pure IPv6 environment. This document defines a new BGP attribute, IPv6 Address Specific Extended Community that addresses this problem. The IPv6 Address Specific Extended Community is similar to the IPv4 Address Specific Extended Community, except that it carries an IPv6 address rather than an IPv4 address. The security considerations section states that "All the security considerations for BGP Extended Communities apply" which I think is reasonable given the scope of the document. As a result I have no security concerns with this document. --julien
- [secdir] SECDIR review of draft-ietf-l3vpn-v6-ext… Julien Laganier