Last Call Review of draft-ietf-idr-bgp-gr-notification-15
review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28-00

Request Review of draft-ietf-idr-bgp-gr-notification
Requested rev. no specific revision
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-04-24
Requested 2018-04-10
Other Reviews Rtgdir Early review of -03 by Mach Chen (diff)
Rtgdir Early review of -05 by Mach Chen (diff)
Rtgdir Early review of -07 by Emmanuel Baccelli (diff)
Rtgdir Telechat review of -15 by Bruno Decraene
Opsdir Last Call review of -15 by Qin Wu
Review State Completed
Reviewer Yoav Nir
Review review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28
Posted at https://mailarchive.ietf.org/arch/msg/secdir/t-fsZA0yMEUotNUQOXkhZb4JO98
Reviewed rev. 15
Review result Ready
Draft last updated 2018-04-28
Review completed: 2018-04-28

Review
review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The document extends the BGP Graceful Restart feature from RFC 4724 to also cover Notification messages. It does not make significant changes to the security properties of the original RFC. 

The one concern I had while reading the draft was in section 4.1 where when the extension is active, stale routes are not deleted, so an attacker can use repeated resets (the BGP connection is just TCP) to prevent stale route deletion. As the security considerations section says, this is mitigating by elevating the stale timer (after which stale routes are deleted) from MAY to MUST in that case.

In summary, the document is well-written and deals with the security issues adequately.